InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 4201. |
Solve : A-Squared anti-dialer?? |
|
Answer» Advice please. |
|
| 4202. |
Solve : adware virus, need help? |
|
Answer» here is the latest log. |
|
| 4203. |
Solve : Still having problems? |
|
Answer» I followed all orders regarding the Trojan but when I checked the FOUR items in HJT and ran the program again, the files were still there
SDFix: Version 1.165 Run by Compaq_Owner on Tue 04/01/2008 at 04:13 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\COMPAQ~1\Desktop\SDfix\SDFix Checking Services : Name: rwspczqn Path: system32\drivers\bdggybis.dat rwspczqn - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Service rwspczqn - Deleted after Reboot Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\CIADMINJ.DLL - Deleted Could Not Remove C:\WINDOWS\system32\drivers\bdggybis.dat Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 16:35:58 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... THXPlease download Combofix by sUBs from one of the below links. (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
[recovering space - attachment deleted by admin]Download and install CleanUp!.exe Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility ---------- Now post a new Hijackthis log. Let me know how things are now.C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Starfield\Desktop Notifier\wben.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198a e83a6a498b878837b768a788c84 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe" O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FE9E888B-C60A-447A-B688-40B39CDE74EF}: NameServer = 205.171.3.65,205.171.3.64 O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7636 bytes IS IT GONE?!?! I don't see it in HJT but your the expert not me. thanksThat seems to have gotten it :0 Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally and will help secure the work you have done. .
. The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to LAUNCH it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Use the Secunia Software Inspector to check for out of date software.
Here are some great tools to help you keep from getting infected again. To prevent unknown applications from being installed on your computer install WinPatrol 2007 Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com[/b]]http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. |
|
| 4204. |
Solve : Virus / trojan identified? |
|
Answer» I am using Avg free edition and I just got done scanning with it. When the progrmam finished scanning it identified these Trojans/ viruses
Be SURE to check for updates while you are in the Java control panel as well. |
|
| 4205. |
Solve : fun.exe dc.exe sviq.exe? |
|
Answer» Friends i m fed up of this viruses fun.exe dc.exe sviq.exe EVEN if i
|
|
| 4206. |
Solve : Something is leeching my bandwidth? |
|
Answer» I hope this is the right place for this. If it is not, I apologize. For no particular reason I became curious as to how much bandwidth I use with my broadband so I downloaded a freeware bandwidth meter. One curious thing I found was that something was constantly using my bandwidth at a rate of about 70k a minute, even when i'm idle. Someone suggested that I create a log with hijackthis and post it here, so here it is. I appreciate any help anyone could give me. |
|
| 4207. |
Solve : Increasingly slow computer? |
|
Answer» The Avenger couldn't get them, you will NEED to go in and manually delete the files below. |
|
| 4208. |
Solve : Silly DI DVO Trojan? |
|
Answer» For some reason I can't remove this from my computer USING CA anti spyware nor anti virus. I need some very detailed help as to how to remove. I saw the part ONE prerequisite, but GOT lost as to whether I need to DOWNLOAD the three programs or not. THANK you. AldejaisStart Here... |
|
| 4209. |
Solve : AP# Downloader? |
|
Answer» In Windows EXPLORER, go Tools>Folder Options>View, and... |
|
| 4210. |
Solve : Google Horror? |
|
Answer» I'm doing a little research on something. But I have one problem. |
|
| 4211. |
Solve : ntoskrnl.exe Keeps Changing!? |
|
Answer» I am scanning with AVG and every scan it shows that ntoskrnl.exe KEEPS changing. I Googled the file and it seems to be an important start-up file (apparently). AVG is telling me to monitor this file, but my old anti VIRUS(ZONE Alarm) didn't find anything wrong. This just an AVG problem or is it serious?It may be corrupt or has been exploited by virus. Try doing these steps in post 2. |
|
| 4212. |
Solve : Super Anti Spyware gave me blue screen of death.? |
|
Answer» Hi, I really hope someone can help me. I did something really stupid and downloaded an infected file from Limewire that gave me a bunch of junk. I removed Limewire but continued to get popups for programs like Frostwire that aren't even (to my knowledge) installed on my machine. I'd heard good things about Super Anti Spyware, so I installed it and ran a scan. It found several trojans and something called vundo. Once the scan finished, it asked me to restart. So far, so good...until I got a blue screen of death at start up. So I put Windows into safe mode and now I'm at a loss as to what to do. Is my only option reinstalling Windows at this point? And if so, how do I back up my data without backing up the viruses too? I'm also not sure if I have all the drivers I'd need. I don't feel comfortable doing it myself either so I will take it in for repair, but first I WANTED to see if anyone has any other suggestions. I'm running XP with McAfee, if that helps...could McAfee possibly have conflicted with something? I tried to disable it but I couldn't figure out how. Please help!Superantispyware shouldn't have removed anything that would cause a blue screen. If needed open Superantispyware (SAS) and select manage quarantine, select the log of items removed and click Restore.
[recovering space - attachment deleted by admin]Wait, sorry, here is the Report file. It was in the program folder though, not on the desktop - I don't know if that makes a difference? This is what it says: SDFix: Version 1.177 Run by Owner on 29/04/2008 at 09:12 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Please download Combofix by sUBs from one of the below links. (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
|
|
| 4213. |
Solve : HijackThis log - IE7 - XP? |
|
Answer» My web pages are always being redirected. Could somebody please take a look at the log file to see what I need to do? |
|
| 4214. |
Solve : This message on another board re "Virtual Memory" Anyone?? |
|
Answer» "The first half of this evening, after I'd installed the current year's edition of my anti-virus program, this laptop was stickier and slower than MOLASSES at the NORTH Pole. I finally disconnected from the Net, then reconnected, and up popped a box from Windows saying it had detected "low virtual memory" and it was UPGRADING it and making it all better, whatever, yes, I'm BACK to my usual somewhat pokey maneuverings among the Windows I keep open."??Quote from: Broni on March 31, 2008, 08:24:27 PM ??Why would a Virtual Memory advisory COME up? Just once, by the way. |
|
| 4215. |
Solve : Norton 2008-Computer slow? |
|
Answer» After upgrading RAM, the Pc is WORKING fine. I am unistalling Norton from my laptop and downloading AVG with other PROTECTIONS. Thank you again. airGood DECISION |
|
| 4216. |
Solve : Prevent/Remove virus? |
|
Answer» Friends what are the ways/precaution to remove viruses (if possible WITHOUT using They just make the system slow And without them infected Try Avast Home Free I think you will be surprised at it. I use it on my old win98 that has never had an upgrade in almost 10 years and it doesn't slow it down. Quote from: evilfantasy on March 12, 2008, 08:53:49 AM Another way to look at it is this. If you think you are the safest INTERNET user in the world so decide you can do without running an antivirus but still somehow do pick up a nasty virus/trojan. You won't know about it until it is too late. In the time it takes you to figure it out (which could be a matter of minutes) the virus/trojan could be stealing your personal info and sending all of your contacts in your address book SPAM or worse LINKS infected with a virus or trojan. They could then forward it on, and on, and on.... So you could be infecting thousands of people simply by thinking you're safe enough to not get infected. Pretty much like a condom no?Quote via pendrive. You mean portable antiviruses? http://portableapps.com/apps/utilities/clamwin_portable |
|
| 4217. |
Solve : Burning CD problem? |
|
Answer» I have in the past burned several dozen using Roxio and a different computer and CDR based on my experience, they would be several reason for this. I did burn it as an Audio file so far as I know. Does Media player only burn mp3 do you know? I copied it also on Nero as an audio cd. still wouldn't recognize it. And yes, my CD player won't recognize mp3 disks.Quote from: kuszmania9999 on April 03, 2008, 07:23:05 AM based on my experience, they would be several reason for this.Resolved. I USED a CDR instead of a CDRW and it worked fine. Who knew?Quote I've tried now using Windows Media player and CDRW CD's.Most standalone DVD players won't play CDRWs.Quote from: Broni on April 03, 2008, 06:06:27 PM QuoteI didn't know that. Thx.I've tried now using Windows Media player and CDRW CD's.Most standalone DVD players won't play CDRWs. You're welcome. You may double check your DVD player manual. My DVD player will read CDRWs, but only, if they're closed, which doesn't make SENSE to me. I'd like to be ABLE to add stuff as I go, but it doesn't work that way on my player. |
|
| 4218. |
Solve : Can't access the interent - think I have a virus!!? |
|
Answer» I have windows vista and a wireless internet connection. I have virus protection, F-Secure. I am not computer literate at all and am having trouble, I think it is a virus! When I try to access the internet the page displayed "lack of connection" like it would when the modem is off, however the strenght says "Excellent" Obviously, I firstly assumed it was the connection, but my all my housemates worked fine. Soon after, one of my housemates had the same problem. When my friend came round her laptop would get on the interent either. One of my housemates has a mac and he can get online fine. I went on F-secure virus protection to scan my computer for viruses. When I CLICK 'scan my computer' absolutely nothing happens. Because I can't get on the interent I can't scan my computer with whats avabile online. I do not know what to do. I am considering backing up everything I have and resetting everything on my computer. Is there anything I can do???Laptop, or desktop? Windows version? Did you try to connect your computer straight to the modem?I have a laptop. Don't know what version. Just that its vista. Not with my laptop at the moment so can't check for you. It's only 9 months old if that helps. Yes, when I thought it was a problem with the modem I went to a friends house to finish some work off but I had the same problem there. So she suggested to connect straight to the modem but it remianed the same. Four laptops have been affective now, however my friend who's laptop wouldn't work, works at her house. and doesn't have a problem anymore.Quote So she suggested to connect straight to the modem but it remianed the same. Was it at her place, or yours?no it just works at her house. It started immediatly when she tried at HOME. However my laptop doesn't work at her house, or at mine.So, now all laptops, except for one Mac, don't work at your place, right?yes thats right. The reson I suspect it may be a virus is because the laptops failed at different times during the day. If if was a problem with the modem this wouldn't be the case would it. plus the connection says excellent yet it also says it is the "limited conncection" Also I have problems scanning my computer for viruses, could this be due to the fact the computer isn't connected at theinternet. thats what the technition at uni said. Because i've hear that viruses can do that sometimes.Possible. Go to your friend house (that one with connection), and ask her to burn couple of programs for you... Links, and manuals below: Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * BACK on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you WANT to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. |
|
| 4219. |
Solve : New help to remove this file? |
|
Answer» Hi, |
|
| 4220. |
Solve : Computer Becoming Unusable? |
|
Answer» So basically my computer has issues. |
|
| 4221. |
Solve : Help with trojan! No Internet Records? |
|
Answer» On my computer I run Kaspersky and I get this problem: when I start looking for daml9.sys What is daml9.sys? Not to be rude, it is good that you are trying to fix this but please stick to my instructions. Doing things outside of them will just confuse me and make this much harder in the long run. I need the Hijackthis log.Sorry for the confusion. I thought I'd give you all the logs I have.. Just to refresh what my problem is: On my computer I run Kaspersky and I get this problem: detected: Trojan program Trojan-Downloader.Win32.Hmir.alm File: c:\windows\system32\drivers\daml9.sys Kaspersky has deleted the file a couple of times but it comes back, when I try to open it in notepad, copy, paste, or anything it tells me that the file is being used. The hijackthis log is on the first post. Also, whenever I start looking for it on the registry the computer reboots, or when I set it to be deleted with Kaspersky it reboots without notice. I've been pretty successful with other malware until now. I've also looked for this trojan-downloader strand with only hits in an asian language.I need a new Hijackthis log from after RUNNING the other tools.Is Kaspersky updated? Do you have two antivirus installed? daml9.sys is a driver. C:\WINDOWS\system32\DRIVERS\daml9.sys Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below:
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System. Thanks.. this is a work computer and I'll run that tomorrow, thanks alot!You gotta help me here. Quote from: evilfantasy on April 07, 2008, 03:45:19 PM What is daml9.sys? Quote from: evilfantasy on April 07, 2008, 04:08:10 PM Is Kaspersky updated? Do you have two antivirus installed? daml9.sys appeared out of nowhere, it's stuck onto the /windows/system32/drivers/ folder. I've looked it up online and have found nothing on it. All I know it's linked to this trojan downloader hmir.alm which in turn i've only seen on asian sites. I've been trying to see what it is linked to in the registry but as SOON as I get close to finding it the computer crashes. I've uninstalled AVG and any other anti-virus and kaspersky is up to date.OK, lets try this. Scan Suspicious File(s) Please visit one of the following: (Multiple sites are given in case one is not working) (If more than one file needs scanned they must be done separately and logs posted for each one) Copy the file path in the code box below. Code: [Select]C:\WINDOWS\system32\DRIVERS\daml9.sys
I haven't had a chance to run sfc.exe, does it matter if I have windows sp1? Quote from: lefloresg80 on April 08, 2008, 02:14:25 PM
Possibly, there have been loads of service packs released since SP1. Why don't you have SP2? |
|
| 4222. |
Solve : Is AVG still free?? |
|
Answer» I visited the Grisoft website and clicked on the Home Security PAGE, clicked on AVG Anti-virus and FOUND these two options: I visited the Grisoft website It would be better to include the EXACT url. Quote and clicked on the Home Security page, clicked on AVG Anti-virus and found these two options: Bookmark this one for your future use: http://free.grisoft.com There is a "Download" button there that will take you to: http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0 Hi WillyW, THANK you for the reply. The URL of the page was http://grisoft.com. I've bookmarked the free download link. |
|
| 4223. |
Solve : Broni having a few minor problems. What do I do?? |
|
Answer» I have 119GB free space whatever that MEANS!Right click on "My Computer", click Properties.Quote I have 119GB free space whatever that means!This is about your hard drive.994 MHZ 448 MB OF RAM That looks fine. Get Firefox: http://www.mozilla.com/en-US/firefox/Broni it looks LIKE this problem had nothing to do with my computer. I went on the website tonight and this was posted. PLEASE READ : We are very sorry for the recent lag problems. Most issues have been fixed and we will upload a NEW version soon. Thank you for your patience - Admin. Sorry Broni to have TAKEN up so much of your time.Not a problem |
|
| 4224. |
Solve : Viruses disabled programs, need help!? |
|
Answer» I have a very badly infected computer, i could close out of the bad ones in task manager before, but they disabled it! i NEED help on fixing this, I'm running safe mode on admin user and I STILL CANT open them |
|
| 4225. |
Solve : Zlob.downloader.vcd? |
|
Answer» I running XP Home Ed. Ver. 2002, Sp2. I have Norton ANTIVIRUS 2008, also, Adaware 2007, SpyBot and CCleaner. |
|
| 4226. |
Solve : I have high-speed internet. When is it safe to turn off Anti-virus?? |
|
Answer» Since my connection is always OPEN, even though my browser is not, when can I turn off my anti-virus to do scans etc? Will I have to disconnect the cable from my modem first?That would be the recommended way to do it...an unprotected machine doesn't take long to be infected. That would be the recommended way to do it...an unprotected machine doesn't take long to be infected. I have a firewall--and my modem has no switch, just a power cord.I don't GET it... why do you want to turn off your anti-virus?Quote from: Deerpark on March 10, 2008, 10:03:03 AM I don't get it... why do you want to turn off your anti-virus? There's an open source program called Ultradefrag http://ultradefrag.sourceforge.net/ that says the AV must be turned off prior to running the program. You can run it at boot up, apparently before the AV LOADS, or you can run it manually. I was going to run it manually just to test it and see if it works any BETTER than the standard Windows XP defrag, but I need to upgrade netframe or WHATEVER it is.Disconnect modem from power source.It says to deactivate the AV for better performance, not that it won't work. I use Ultra Defrag with AV on with no problems. .Net Framework Downloads Quote from: evilfantasy on March 10, 2008, 06:01:38 PM It says to deactivate the AV for better performance, not that it won't work. I use Ultra Defrag with AV on with no problems. Thanks, that's good to know Evil. Are you pleased with the program itself?I started using it a few weeks back, switched from JK Defrag, and have only used it a few times and think I will keep it for a while. I haven't had a chance to completely explore it yet but like what I see so far. The different options are very useful. |
|
| 4227. |
Solve : Downloading Dr Web Cure It! Can you help?? |
|
Answer» When I try to DOWNLOAD Dr Web Cure It! by following the links as proposed on the "read these instructions first" page, I simply open up a blank page when I click the "download" button. Anybody know why this might be happening? I have no IDEA what a mirror site is and I thought that the problem might be linked to my ACCESS to the ftp site from which the download occurs. If anybody can help I'd be very grateful as I'm currently following the instructions and I'd really like to be able to finish them off so I can get my computer fixed!! MANY thanks, JDE123It looks like download web page is having problem. You can get it from here: http://www.download.com/Dr-Web-CureIt/3000-2239_4-10605754.html |
|
| 4228. |
Solve : this are my log files, somebody help me what to do after this?? |
|
Answer» I get an error message everytime i turn on my computer. the first thing appears at my desktop is, I follwed all your instructions except for nos. 6 and 7 where i skipped because there is no folder options appearing on my tools menu on my windows explorer and everytime i try to access to the folder options a message "restrictions" appearIn this case, it actually didn't matter, but I'm curious...Are you the owner/Adminstrator of this computer in question?thank you very much for your help... i really appreciate it, you did great!!! You're very welcome I assume, no more errors?well, as of this time, i haven't received any errors on my desktop.. thanks for your help... I'm glad, it helped Stop by anytime.hey its me again.. i've encountered another problem in my computer. please, help me remove the blank window on my desktop. it appears everytime my windows starts. the blank window is "cetihpz://errors/blank.htm"If you have HP printer, uninstall it, reboot, and reinstall printer's software.hi.. again, i encounter another problem with my computer. RUNDLL "error loading c:\WINDOWS\system32\tlilvaym.dll" "access is denied" I get this error message everytime my windows xp service pack 2 starts. please, help again solve this problem.. thanks... It looks like you're infected again. Post HJT log, please. i think so.. but im very optimistic with your help again, i can solve this problem. what do you mean post hjt log? is it the one that i posted in the forum? the post that you have instructed me to do?Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and USE the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o TERMINATE memory threats before QUARANTINING. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan SUMMARY box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. |
|
| 4229. |
Solve : everything on my desktop disappears? |
|
Answer» //////////////////////////////////////////
C:\WINDOWS\system32\ssqnmmnm C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\ddayxwtu.dll C:\WINDOWS\jkhfedab.dll C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4862C7B6-5906-5FA9-511A-5F00B7CC8DC8} HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9485F885-9C7C-4EF8-83F6-FE154E3873E9} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mljigdbbxu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkhghijgd HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start>All Programs>Accessories>Notepad), click File>Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present. Copy and then paste the contents of that document in your next post.Ok after I did the Avenger log, and made all the files visible, when I went into SAFE mode and into windows\system32 to go and delete j?ava.exe I couldn't find it. All I had was java.exe, javacpl.cpl, javaw.exe, and javaws.exeGo to C:\_OTMoveIt\MovedFiles and post the moved files log please. Also post a fresh Hijackthis log.SORRY I'd hate to be a complete pain in the *censored* but can you fix that new link, sorry manFixed. You would THINK I should learn by now [Custom Input] < C:\WINDOWS\ssqnmmnm > C:\WINDOWS\ssqnmmnm moved successfully. < C:\WINDOWS\system32\ssqnmmnm > C:\WINDOWS\system32\ssqnmmnm moved successfully. < C:\WINDOWS\system32\vbzip10.dll > File/Folder C:\WINDOWS\system32\vbzip10.dll not found. < C:\WINDOWS\system32\ddayxwtu.dll > File/Folder C:\WINDOWS\system32\ddayxwtu.dll not found. < C:\WINDOWS\jkhfedab.dll > File/Folder C:\WINDOWS\jkhfedab.dll not found. < C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll > File/Folder C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll not found. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4862C7B6-5906-5FA9-511A-5F00B7CC8DC8} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4862C7B6-5906-5FA9-511A-5F00B7CC8DC8}\\ not found. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9485F885-9C7C-4EF8-83F6-FE154E3873E9} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9485F885-9C7C-4EF8-83F6-FE154E3873E9}\\ not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mljigdbbxu > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mljigdbbxu\\ not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkhghijgd > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkhghijgd\\ not found. < HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa > Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\ deleted successfully. OTMoveIt2 v1.0.20 log created on 03102008_160105ok now, I restarted my computer and everything starts up, gets to the desk top and a window comes up saying Isass.exe -system error, objective name not found. when I HIT ok it just restarts and the same thing happensCan you log on in safe mode? Do you have an XP CD to boot from and do a repair install? |
|
| 4230. |
Solve : DrWebb CureIt? |
|
Answer» trying to DOWNLOAD DrWebb CureIt, And page will not load. I am following directions as to what I NEED to do before POSTING problem, anyone else have this problem? or is it PART of my problem? |
|
| 4231. |
Solve : I Have a virus? |
|
Answer» While I am heaping praises, my computer is still having trouble opening web pages in a timely manner. Sometimes it fails completely. I guess the chase is still on.Keep everything but Omniquad total security.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System. The rain finally stopped today. First night we were getting large golfball size hail and then HEAVY rain for what SEEMED like 48 hours. Could be another flood riddled season in the midwest. Hope not.....Hmmm, the last time I was asked to place my XP cd in my drive, I accidentally reinstalled it and lost valuable personal files. Let's hope it doesn't happen again, it's a long drive to OK. That method won't delete anything. Just don't restart the computer with the CD in the drive and you won't chance loosing anything.Mission accomplished but computer still sluggish. Some sites had to be refreshed to get them to load. I defraged today as well.Let's try a few things with dial a fix. First Please download Dial-a-Fix by djlizard, SAVE it to the desktop then extract it to it's own folder.
Next Open Dial-a-fix and click the hammer icon. Select Flush DNS and click Go When complete, select Repair Permissions and click Go When complete, select Repair/reinstall IE and click Go If at any time you are prompted for the XP cd, insert it Make note of any error messages and post them here Reboot when complete and let me know if there's any changeOK, but first I'm going to do some checks that dial-a-fix recommends first.Just concluded Dial a fix and had no problems. Computer is still slightly sluggish and some pages still have to be refreshed. Even on my own website, things like chat room boxes and stat counters are way slow to load. Any other suggestions?Just for grins, click on my website and scroll the whole page and time how long it takes. The last thing to load is the search engine boxes at the very bottom of the page. If your computer takes very long for it to load then I won't gripe but I know that in the past, mine use to load it in about 5 seconds.Pretty much instantly. Do you think it is the browser or your connection? It's possible, Insight has recently changed over to Comcast. As far as browsers, I've been using the same all a long. I installed Foxfire and tried it but it didn't do justice to some of the graphics on my site. I really appreciate your help and even recommended the site on my site, thanks again.Could be the connection. You could try re-installing IE7.
|
|
| 4232. |
Solve : Homepage Hijacked!? |
|
Answer» I have had my Homepage hijacked by what I believe to be a virus. My new homepage is automatically redirected to http://turbo-search101.com/. I think I acquired this through trying to download an Internet download booster (shakes head in shame). It is on my work PC (running XPSP2, and using Firefox as my default browser). My OS is Korean and I am on the school network. That's about it.
A simpler way would go to Internet Properties and change it back to what you want for your home page.No.if you have a system restore point, then you can just use system restore and go backwards to the most recent point in time, just before you downloaded your software that supposedly hijacked your homepage. Once you do that, DON"T make the same mistake :-) That's the fastest way that I know to be sure that your problem is fixed without having to wade through firefox/internet properties or using other software to fix. And besides, you might already have infected your computer with a spyware.Guys please, if you want to be on the malware helpers list PM CBMatt for details. Adding comments after a fix has already been given just adds confusion to the thread. Thanks.Well, it is now pretty MUCH out of my hands. My boss brought in somebody who took my PC. It is to be reformatted and XP (English) installed. This was planned, but does it take care of the problem? I was using Firefox and had Foxmarks installed. Should I be WORRIED about contamination of my home PC since it hijacked my browser (incidentally it had no effect on IE)? I have printed off a copy of your previous instructions, made the correct adjustments (at home and will at work), and plan to run through the steps periodically as part of maintenance. Thanks for your time and attention. The format will take care of any problems. Foxmarks will save your bookmarks but you will need to reinstall all of your add-ons including foxmarks. If you use a flash drive between the two computers then it is wise to run spyware/virus scans on every computer the flash drive was used on. Flash drives can "cross contaminate" computers. Cool. Will do. Thanks again for the help.No problem, safe surfing......... |
|
| 4233. |
Solve : trojan downloader zlob? |
|
Answer» How to remove trojan downloader.zlob?Go through the steps here and post the requested logs. One of our experts will then be able to help you.i have spybot installed in my computer. will it cause conflit with other anti-spyware u have suggested. i am using windows xp with SP2. had problem in downloading Java. i think java has problem with windows. ur SUGGESTION please.hijackthis log file DRweb file I don't want to sound like a pain in the back, but what is the problem with posting a WHOLE log? Was HJT run AFTER two other programs?sorry for troubling u. but drweb logfile is in excel format which cannot be attached here in additional OPTION of reply section..so i selected the content & pasted it here. after running which two progra should i run HJT? Quote drweb logfile is in excel formatIt doesn't sound right, but in any case, please, post new HJT log. |
|
| 4234. |
Solve : Security advice requested? |
|
Answer» I've just downloaded the LATEST version of ZoneAlarm Free Edition, which I've had for some time, and seen the info on their "Security SUITE", which is not free. I got to wondering if an all embracing system like that is better than the disparate programs I have at the moment. doesnt alot of different antivirus programs and firewalls screw up your computer? ONE AV program is the rule of thumb... Then layered protection with an ad program, a spyware program, a trojan program, a keylogger/rootkit program...topped off with a firewall and you should be good to GO...ONE firewall, as well. |
|
| 4235. |
Solve : Music slows down my computer and almost makes it freeze.? |
|
Answer» I have a toshiba satellite purchased roughly a year ago (more info available upon request.) Basically its still a competent computer that should have a lot of problems with speed. The problem is that when I play music, or video it slows down my computer and nearly freezes it. This happens INSTANTLY upon playing, the music also HEAVILY skips. It doesn't matter where the music is playing from, whether it is myspace, vlc, itunes, etc etc. Same result. Ive also experienced general slow down in computer performance. Ive RAN virus scan, spyware scan, defrag, registry clean. You name it. If any addition info is required please ask. Thank you!How much Random Access Memory (RAM) does your computer have? |
|
| 4236. |
Solve : Suspected Virus...? |
|
Answer» HI, my computer has recently started to have problems with a few of my programs that connect to the net, the first being steam and i have tried everything with that from following trouble shooting on their website to completely removing it and reinstalling. The other software is ggarena which is sort of like a vpn program. |
|
| 4237. |
Solve : AdAware SE discontinued? |
|
Answer» As of January this year AdAwareSE is being discontinued. I've been informed that the new version is bundled with the Ask toolbar....No Ask tool bar on my new download. BTW I use Firefox browser and like it.When I downloaded the new free version, there was a check box option for the Ask toolbar. I unchecked it and got no Ask toolbar. I also have no problems getting the latest updates.Good to hear they are GIVING you a choice to not install it. Thanx for the info. Do you know of any good freeware replacements for AdAware? Spybot isn't all that good. WEBROOT Spy Sweeper is very good, but it is on a subscription basis and is good for one year. Last time I used it, it was about $30/year. It may have gone up since then.SuperAntispyware - http://filehippo.com/download_superantispyware/ AVG Antispyware - http://filehippo.com/download_avg_antispyware/ Both free and top notch Also if you don't have it already use SpywareBlaster - http://filehippo.com/download_spywareblaster/As this issue has been discussed and most here are aware of it i'm un-stickying it to clear up the Sticky section of the V & S Forums... |
|
| 4238. |
Solve : help friends comp has foto.zip? |
|
Answer» how do you remove it Code: [Select]C:\WINDOWS\system32\winstruct32.exe
did not know that these site's exist sorry for problem was so vauge on msn it sends randomly a file called foto.zip which i know know is a trojan and possibly i got it from a friendYes you have some QUESTIONABLE entries in the Hijackthis log, if you could scan the file and let me know the results then we will better know which direction to go.came back with a 17% of possibly being infected with a virus and one of the scanners said it had a trojan downloader which is my problem OK, you will need to look at this post Hijackthis only shows some forms of malware and this one is going to take the use of more tools. |
|
| 4239. |
Solve : mal/zlobJS-A? |
|
Answer» Quote I could not find where to delete spyware cleaner or vxs.exeThat's fine. Post new HJT log, please.Here is the new one. thank you.Almost there. We need to remove one more thing. Go Start>Run, type in: services.msc Click OK. Services window will open. Find: Print Spooler SERVICE If it's listed as Started, right click on it, and click Stop Right click again, click Properties, and under Startup type select Disabled from drop-down menu. Restart computer. Post new HJT log.Here is the new one.All good... HJT log is clean. 1. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the TASKS column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 2. Restart computer. 3. Turn System Restore on. Create new Restore Point. 4. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner 6. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares. It won't interfere with your antivirus, nor firewall. 7. Let me know, how your computer is doing. I did the last two things you mentioned. I downloaded CCleaner and ran it. And I've downloaded the threatfire. Someone whatever those problems were I had, they aren't completely gone though. One of the things that would happen is when I would have a browser open, for no reason at all an add would POP open on a full browser. Many of them saying, windows has detected a problem, do you want to run a scan. Now, I know better than to click on any of them, and just closed them. So today, when I have a browser open, same thing happens, but INSTEAD of their being an advertisement, blank browsers keep opening up. Just like before but without the advertisements. ( so far) Is there anything else I can do? thanks, Is IE your default browser? Do you have pop-up stopper enabled?okay, I ran threatfire, rebooted, and I think everything is good now. I havent seen anymore of those browsers just automatically open. Whewwwwwww. Thanks for helping a helpless girl out. I appreciate the time and effort you gave me. Very good. Keep me updated, if anything shows up |
|
| 4240. |
Solve : i got a wierd virus? |
|
Answer» ok guys, i downloaded this VIDEO(Card trick, im not perverted) and when i opened it, it said it could not be initialized, it terminated, and turned my backround wierd. now i can't use my taskmanager because it got disabled(by the virus) and spysweeper can't find anything. i run a windows xp sp2. please helpStart HERE. Once completed one of the malware specialists will be along to help you.ok guys, i followed the instructions but i put the logs as attatchments, please help to tell me if it is serious or not
Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and SELECT File > Do All Killings Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. ---------- Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
---------- Now run a new Hijackthis scan and post that log along with the MBAM log. Also let me know how things are now. |
|
| 4241. |
Solve : CPU at 100%? |
|
Answer» Hello, Is it normal for iexplore.exe to use 80-95% of the CPU?No, to both questions. Print these instructions out. 1. Run one of two free on-line scanners: *** ESET Online Scanner at: http://www.eset.com/onlinescan/ Note: This scanner is for Internet Explorer only 1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. CLICK on it. 2. If it wants to install an ActiveX component allow it 3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation) 4. Once ActiveX control is installed click on the "Start" button to initialize the scanner 5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked. 6. Click the "Scan" button 7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt Post ESET's log. *** TrendMicro online scanner, HouseCall Note: This scanner works with Firefox, and Internet Explorer Click on It'll ask you to download small housecall66.exe to your computer. Double click on the above file to begin scanning process. HouseCall pop-up window will open. Accept the agreement. In next window, select Complete Scan, and click on Start Scanning button. Relax, it'll take a while... Upon completion HouseCall will display results under Results tab. Click Clean now button. Close application. Find TrendMicro log, housecall0.log. Its location: Windows XP: C:\Documents and Settings\username\Application Data\HouseCall 6.6\log Vista: C:\Users\username\AppData\Roaming\HouseCall 6.6\log 2. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply with a new HijackThis log. * Click Close to exit the program. Post SUPERAntiSpyware log. 3. Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. Be sure to restart the computer. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt 4. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.Wow! Thanks Broni. But first, should I delete the WindowClean antispyware first? And what about AVG? Is it safe to leave there, or is it better to get rid of it? I'm thinking program conflicts. Thanks so much for such detailed help. When you post your logs, I'll have a better look what programs you need, and which ones are not necessary.OK, thanks. I'll get started right now! Ok...well, here's part one of the results: ESET Online Scanner: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2898 (20080223) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=a1535db02377e64fa3da5a237a57db80 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-02-24 11:22:58 # local_time=2008-02-25 12:22:58 (+0100, ora solare Europa occidentale) # country="Italy" # osver=5.1.2600 NT Service Pack 2 # scanned=247854 # found=1 # scan_time=10978 C:\Programmi\MSN Messenger\msimg32.dllWin32/Toolbar.MyWebSearch application (unable to clean - deleted)00000000000000000000000000000000 SuperAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/25/2008 at 02:48 AM Application Version : 3.9.1008 Core Rules Database Version : 3408 Trace Rules Database Version: 1400 Scan type : Complete Scan Total Scan Time : 01:54:24 Memory items scanned : 182 Memory threats detected : 0 Registry items scanned : 5866 Registry threats detected : 0 File items scanned : 38557 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\user\Cookies\[emailprotected][2].txt Malwarebytes’ Anti-Malware: Malwarebytes' Anti-Malware 1.05 Database version: 402 Scan type: Full Scan (C:\|) Objects scanned: 61372 Time elapsed: 42 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and here's part two: HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4.01.41, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Hamlet\Adsl\dslstat.exe C:\Program Files\Hamlet\Adsl\dslagent.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - ?p=ZSYYYYYYYYIT O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186956585460 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB33077-5045-48DC-8C59-70C51A9B45E4}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA31DB1B-3817-48DA-BC08-757DE9E7BEB2}: NameServer = 212.216.112.112 212.216.172.62 O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7180 bytes 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed): - R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) - O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) - *O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe - *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe - O8 - Extra context menu item: &Search - ?p=ZSYYYYYYYYIT 4. Click on "Fix checked" button. 5. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the TASKS column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you WISH to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 6. Restart in Normal Mode. 7. Turn System Restore on. 8. Post new HijackThis log. Ok, after all this...I think I may have made a small error. I did as you said, and steps one thru four went just fine. Then, at step five (turning off System Restore), I blindly followed your instructions without really looking at what it was I was doing. After clicking on Properties, I unchecked the box that said "Turn off System Restore," as it was already checked when I opened the System Restore tab. It seems that System Restore was already off. I'm afraid I didn't read well enough. The version of Windows XP that I'm working on, is in Italian...and I'm afraid I just didn't pay close enough attention, I was thinking in English. At any rate, I thought something was amiss when no box opened asking my permission about deleting existing restore points after I had clicked Apply. I waited a few moments and then just went ahead and clicked OK. I restarted the computer, and when I went back in to "turn on" System Restore, I did in fact, turn it OFF. It was when the window opened that asked about the deleting of restore points, that I realized my mistake. SO, I clicked OK again, restarted the computer again, then went in and actually DID turn on System Restore, and now here we are. Here's what the Hijack log gives me in this moment: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6.27.09, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Hamlet\Adsl\dslstat.exe C:\Program Files\Hamlet\Adsl\dslagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186956585460 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB33077-5045-48DC-8C59-70C51A9B45E4}: NameServer = 192.168.0.1 O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6482 bytes You did well with that System Restore "thingy". Your HJT log is clean. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner When you're done, let me know how your computer is doing. It won't let me download the Slim version from your link. I can go as far as the Open File window, then it closes itself, as well as the webpage. I've tried three times now. grr... I noticed that it said that "These Builds are for system admins and advanced users." They obviously have NOT noticed that I have recently been advanced from newbie to rookie. One other thing I noticed, when wandering for the first time into the dark realm of the "Safe Mode," upon signing in, there was not only my little logon icon, but one above it for "Administrator." I thought that was me! Is this what's keeping me from being able to download CCleaner Slim? (Sounds like a well-bathed cowboy...) Sorry...haven't slept for a couple of days...I think I'm getting slappy. In all seriousness however, I just checked the Task Manager, and the CPU is bouncing around between 4 and 26% !!!!!! Thank you so so so much for your help. You are angel of wisdom and kindness. Quote These Builds are for system admins and advanced usersDon't worry about it. The only difference between two version is, that Slim version comes without Yahoo toolbar (in normal version, you can opt out during installation). Try to download from here: http://www.majorgeeks.com/download4191.html Quote there was not only my little logon icon, but one above it for "Administrator." I thought that was me!I can't comment on this. I don't know what account were created on your computer. Quote the CPU is bouncing around between 4 and 26%This is much better. Can you look, which process is the main "taker"? Ciao Well, I've tried several times to download CCleaner but the same thing keeps happening. I'll click download, it will start, but when the window opens to install, it shuts down that window and explorer. I see the word Pirisoft, or something along those lines...and that's the end of it. I even tried using CCleaners website. Something's blocking it? As for who is the real Admin of my computer, I don't know what to tell you either. I bought it used, and there have been a couple of probs because of that too. For instance, when I tried to update Explorer to 7, I found out that my ID number doesn't match the number registered or some such thing. In their eyes I have a pirated copy of Windows. Quite a bother from time to time. As far as the "main taker" on Task Manager, looking at it in this moment, the Idle Cycle is taking up 92-97, taskmanager 3, iexplore.exe 1, explorer.exe 1, WLLoginProxy 1, svchost 2....it keeps changing, but that's what I see the most, more or less. However, if I visit a site like Kongregate, and play a game...iexplore goes to 90-100 and everything GETS really slow again...but perhaps that's just par for the course with a game. Unfortunately that means I will never finish Protector, which is leaving me a bit sad. That's it for now. Everything else seems to be fine tho. Quote the Idle Cycle is taking up 92-97This is perfectly normal. Idle process just shows un-used percentage of CPU. Quote when I tried to update Explorer to 7, I found out that my ID number doesn't match the numberDid you try to do it from Administrator account? As for CCleaner, PM me with your email address, and I'll send you installation file. |
|
| 4242. |
Solve : AVG Drifting Towards The Dark Side?? |
|
Answer» The new install procedure has an option checked by default that will install the Yahoo! toolbar. AVG is adamantly defending it as a highly valued feature that is useful by millions of users. You make up your own mind but any toolbar set to install by default isn't kosher with me, especially by an antivirus. The Yahoo! toolbar isn't malicious so don't take it that way, it's just that it can be hard enough to keep toolbars off of a computer to begin with. You shouldn't have to wonder if your antivirus may be installing one also. the majority of threats are now coming from the WEB, so it seems logical to start incorporating the threat protection into the browserAs opposed to the threats coming from exactly where? People testing the install are also reporting that it in fact does install by default. Period!!! That is with or without the option checked. At this time it is only in the new 8.0 version but rumored to be included with an update in the free version later in the year. They have also pulled their free ROOTKIT scanner now that it is included in the new 8.0 version. Source and more information. It seems like just about every program you download from the internet wants to add their toolbar and most of them have some useful features. But when you stack one toolbar over another, pretty soon it TAKES up a lot of real estate on your screen. I wouldn't mind so much if there was a program that would consolidate the toolbars and you could just use the features you want. Anyone know of something like this?In Firefox, you can right click on the header, and you can quickly hide/un-hide toolbars.Quote from: spock on March 05, 2008, 09:01:28 PM It seems like just about every program you download from the internet wants to add their toolbar Yep, just did a test on the new Java download. The one from Sun Java is fine, but the one from www.java.com includes the Google toolbar. Sheesh, free ain't actually free any mare the toolbars seems to be like a must include pack advertisement. Ask toolbar, google toolbar, yahoo toolbar ... somewhere you have one of those being/going to be installed by default unless you stop it.I've just gotten to where I automatically check for those tool bar add-ins and any others before I download anything. I figure I can't gripe too much since the software is free. I'd rather uncheck a box than pay for the software. |
|
| 4243. |
Solve : Could you check this for me please?? |
|
Answer» Would like to make it short. My pc got infected earlier and the machine seems to run fine now after some scans and repair processes. However, I still feel that my pc is still running slower than it used to. Could you please help and have a look at the hijackthis log to see if it's really clean? Thanks in advance.
---------- Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Download and install CleanUp!.exe Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility ---------- Let me know how things are now.thanks and seems it runs better. btw, you think the teatimer is a good enough guard? Thanks.Tea Timer can be a pain as well as a resource hog. I personally refuse to use it. This is a good time to clear your infected system RESTORE points and establish a new clean restore point:
Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high DETECTION rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up. |
|
| 4244. |
Solve : Infected with win32: tratBHO [Tri] and need help? |
|
Answer» Hello, i have been INFECTED with win32: tratBHO [TRI] (it was detected by avast anti virus). Start HERE. Post the logs when complete and a malware specialist will be along to help you. |
|
| 4245. |
Solve : Bootup? |
|
Answer» I have a problem that has existed on my computer for some time[XP Home Edition] |
|
| 4246. |
Solve : Why do I need to scan in Safemode?? |
|
Answer» This make me confuse guys. |
|
| 4247. |
Solve : System File or Virus? |
|
Answer» Friends there are some folders and files in my c: drive i am unable to find out whether they are system files or any virus. Thanks for the list. i will have to stay away from them. Those are for SCANNING files on a PC to determine if it is malware or not. It is a safe list to use. |
|
| 4248. |
Solve : Certan webpages crashing browsers? |
|
Answer» Hi! I am having a strange problem. Certain webpages are causing my browser to crash. The two that are a big problem are my AIM mail which crashes as soon as I log in, and Horsecity.com to which I am a member of the BB. it says the proxy server is refusing connectionIn Firefox, go Tools>Options>Advanced>Network tab>Settings tab....what's checked there?*** There is no antivirus installed. Download, and install AVG free antivirus: http://free.grisoft.com/ Run full scan. *** Is Windows firewall ON? *** Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply with a new HijackThis log. * Click Close to exit the program. Post SUPERAntiSpyware log. *** Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. Be sure to restart the computer. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt *** Post new HijackThis log.Hi! Well, I tried to DL the antivirus and I crash when I get to the final download page. Yeah I know its not good but antivirus programs annoy me so I usually use PC pitstop every once in awhile but it seems they are having some issues...IDK... Modified to say I sneaked around the CRASHING and am now DLing AVG... Firewall is ON I will try the rest now and post back.Hello, I seem to have this problem with IE 5.0. I'm using Windows 98se. When I try to visit Web MD, IE closes and some of my icons next to my clock are gone, as well as my wallpaper. I tried to reinstall IE, to no avail. Since then, I have avoided visiting Web MD. Any ideas on how to resolve this issue? Thank you P.S. This has happened every time I visited that website for the past few months, so I don't think it was them.Haseo You need to start your own topic.Quote from: Broni on March 03, 2008, 06:49:17 PM Haseo I'm sorry, my mistake. Trinity3205, please forgive mr for jumping in like that. m(_ _)m |
|
| 4249. |
Solve : ??Fake Spyware? |
|
Answer» sweeteyes |
|
