Jump to content


Photo

CWS infected my machine


  • This topic is locked This topic is locked
173 replies to this topic

#151 rucs_virgil

rucs_virgil

    Member

  • New Member
  • Pip
  • 2 posts

Posted 01 August 2004 - 10:53 AM

I tried to disinfect my pc using all advices, but it doesn't work.
Please help me !
[Unsolicited log removed]

Edited by WinHelp2002, 08 October 2004 - 06:43 AM.


#152 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 01 August 2004 - 11:31 AM

Hi there,

You must start your own thread for assistance, please read the posting guidelines at the top of the page :wave: Please remember that it is best to have your log looked at if you are still having problems :wave:

#153 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 08 August 2004 - 10:34 AM

I wondered how my page got to 11 :) he he

My computer seems to be doing fine.

Carol

#154 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 08 August 2004 - 10:39 AM

That's good news Carol :cool: I hope it stays that way :wave:

#155 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 08 October 2004 - 06:31 AM

It didn't. I did a search and destroy last night, got rid of some ad ware. Everytime I run AVG or Norton they tell me my system is clean.

I wake up and get all these "Byte, verify" messages and Norton saying they deleted the Trojans. But my friend said that even if you aren't on the machine and you have cable or DSL, the stuff can multiply why you aren't sleeping.

Every morning I wake up, I get these messages from Norton saying they deleted
a "Byte, Verify" Trojan.

When I run the virus software it says I'm clean. S&D got rid of all the ads.

I knew something was up when my friend had a site on the bloominamazing.com server and I get redirected to a pay for surveys.com page. (Which I found out when I typed in pay for surveys.com in Yahoo that others got that redirect too.)

I'll do a HiJack this log....sorry 12g! It didn't stay that way!

I'll be back to edit this with my HJ information. *oh and that new HJ this you told me to dl, or someone else to told me to dl the new version, it opens, but says it should be taken out of the temp folder* I did that, but I still get that opening message that it's in the temp folder. Even when I cut and pasted that program directly to C:/

START HJ THIS LOG (I still got the error msg. that I started HJThis from the temp folder, I didn't...it's in my C:/ drive)

Logfile of HijackThis v1.98.0
Scan saved at 7:32:23 AM, on 10/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe
C:\Eudora\eudora.exe
C:\NewHijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: HushEncryptionEngine - https://mailserver2....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.rich...st/twophase.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O20 - AppInit_DLLs:

END

PS--I also get these media fast click pop ups. Well they aren't pop ups but they show up as browser windows, they can't open, but you have to close them and such.


That's good news Carol :cool: I hope it stays that way :wave:

View Post


Edited by Good_Day, 08 October 2004 - 07:09 AM.


#156 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 08 October 2004 - 08:55 PM

No one answered my post. :(

Help you guys. This is the forum I trust, when my machine acts wonky!

Carol

#157 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 09 October 2004 - 12:28 AM

12g, are you in the bldg? :)

Carol

No one answered my post. :(

Help you guys.  This is the forum I trust, when my machine acts wonky!

Carol

View Post



#158 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 09 October 2004 - 01:44 PM

12g, are you in the bldg? :)

Carol

No one answered my post. :(

Help you guys.  This is the forum I trust, when my machine acts wonky!

Carol

View Post

View Post



Hi Carol,

It has been a while since you last posted, and because it is a new problem you need to post a log and wait for help from one of the helpers/advisors/experts.

Please start a new thread with you log.

Edited by 12g, 09 October 2004 - 01:45 PM.


#159 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 09 October 2004 - 04:33 PM

Hi 12g,

I did post a new log from yesterday morning...:)

But since I did have that problem this morning (but Search and Destroy got rid of it) I'll make a new one. Just in case.:

HJTHIS:

Logfile of HijackThis v1.98.0
Scan saved at 5:32:41 PM, on 10/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe
C:\Eudora\eudora.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\NewHijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: HushEncryptionEngine - https://mailserver2....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.rich...st/twophase.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O20 - AppInit_DLLs:

END HJTHIS LOG

It still says it's in the temporary folder (HJThis, even though I moved it to C:/)
Yahoo mail switches me off from time to time too. (but I'm still connected and if I hit the back button or refresh, I get my logon screen back)
And the rest of the problems are on post I typed yesterday.

Edited by Good_Day, 09 October 2004 - 04:36 PM.


#160 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 09 October 2004 - 04:54 PM

Ok,

Create a folder for HJT, like this C:\HJT\HijackThis.exe

You are running 2 Antivirus Programs, this is not a good idea as they will conflict. There is nothing wrong with having 2, just don't run them in tandem.

Next:

There is nothing suspicious on your log.

Fix these if needed,

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
<<Did you set these? if so keep them, if not fix them

O20 - AppInit_DLLs:

You could also do this for future use, should you need it:

Update HijackThis to version 1.98.2
To do that, do this;
• run HijackThis
select config> misc tools and select "update online". then yes.

If that doesn’t work download a new copy Here and then delete your old copy


When you have done all that, do out of this, what you have not done already:


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

#161 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 09 October 2004 - 07:43 PM

Wow! That's quite a list, 12g!

But I can do it. :)

It's funny because I have Norton on my desktop. AVG is not active, but every so often it'll pop up and scan. But I can click on the icon that says "shut down AVG control center."

I'll report back later on tonight.

Every morning, I get those "byte, verify" things that Norton said they deleted.
& why I can't view sites on the bloominamazing.com server (the redirect to payforsurveys.com) is a mystery. but the later, I know happened to others, I just can't find the solution.

Oh, and the HJT that I have is the new version from when I had my problem in the summer, you or another person told me to update. :) But I did put that in folder just now and deleted the 19.77 version. :)

Thanks. I'll let you know how it goes. :)

PS--I don't know if I installed the 06 on the Log. So I'm afraid to delete them.
I deleted the 020...and now I can view those sites on that domain now, without that payforsurveys.com redirect. Now I'm off to do the rest of the list.:)

The Internet Options were all set from the last time I had computer problems. I didn't have to change anything.

Carol

Edited by Good_Day, 09 October 2004 - 08:03 PM.


#162 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 09 October 2004 - 07:59 PM

It's funny because I have Norton on my desktop. AVG is not active, but every so often it'll pop up and scan. But I can click on the icon that says "shut down AVG control center."


AVG is running too, you need to shut one of them down.

Oh, and the HJT that I have is the new version from when I had my problem in the summer, you or another person told me to update.


We are on ver 1.98.2 now :cool:

PS--I don't know if I installed the 06 on the Log. So I'm afraid to delete them.


These are not installed, they lock Internet Explorer settings, so they are safe to fix.

& why I can't view sites on the bloominamazing.com server (the redirect to payforsurveys.com) is a mystery


??

#163 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 09 October 2004 - 08:09 PM

I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

Yeah. I installed 1.98.2 earlier this summer.

Thanks. I can fix the 06 ones now.

bloominamazing is a free (and terrible) free host like a geocities. I just went to one of the websites I couldn't get on before (after I deleted the 020 or whatever number it was) and the site came up. Before that it would redirect me to payforsurveys.com. I wasn't the only one, I Yahooed a search awhile back,
and found out others had the same problem, but not one of them shared the solution.


Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

Carol

#164 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 09 October 2004 - 08:30 PM

I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

You will probably find it will run from startup.

Yeah. I installed 1.98.2 earlier this summer.

You need to delete the one you used then, check the log you posted :cool:

Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

Yes that will happen, but it will startup again on reboot.

#165 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 10 October 2004 - 12:05 AM

Hi 12g,

Some goodies before bed. :)

Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal. :) I deleted the '77 one befoer I used the 1980 version.

Yes, when I restarted the computer, I did see that the AVG control center opened again. I closed it and did a Norton scan. Well, apart from the adware...it says I have in quarantine, something about a class portal, the byte, verify. When I wake up tomorrow--or I should say later on today--there will be a bunch of Norton pop ups telling me that the deleted byte, verify. When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.

So those are the only problems I have right now.

I also did a CWShredder thing just for fun and it said my system was clean.

Carol



I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

You will probably find it will run from startup.

Yeah. I installed 1.98.2 earlier this summer.

You need to delete the one you used then, check the log you posted :cool:

Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

Yes that will happen, but it will startup again on reboot.

View Post



#166 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 10 October 2004 - 12:19 AM

Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal.  I deleted the '77 one befoer I used the 1980 version.


That version is out of date we are on 1.98.2

When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.


Is that 1 Antivirus Program telling you to run another??

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.


There is nothing on your log to suggest problems :cool:

It would be a good idea to do this:

Update Windows & IE

SP2 is available, you may want to get it on CD due to the size of the download.

#167 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 10 October 2004 - 11:38 AM

Hi 12g,

Yes, Norton tells me to run AVG for windows.

This morning there were NO pop ups about the byte, verify.

And I know this isn't the place to ask a question unrelated to spyware but
can you logon to http://www.yahoo.com
No one at my regular chat boards will tell me! So, I don't know if it's my system or something on Yahoo's end.

I'll do your suggestions.

Carol

Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal.  I deleted the '77 one befoer I used the 1980 version.


That version is out of date we are on 1.98.2

When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.


Is that 1 Antivirus Program telling you to run another??

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.


There is nothing on your log to suggest problems :cool:

It would be a good idea to do this:

Update Windows & IE

SP2 is available, you may want to get it on CD due to the size of the download.

View Post



#168 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 10 October 2004 - 11:42 AM

Downloaded the 1982 HJT

Logfile of HijackThis v1.98.2
Scan saved at 12:41:14 PM, on 10/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Eudora\eudora.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\HijackThis19802.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: HushEncryptionEngine - https://mailserver2....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.rich...st/twophase.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.ho...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab


Carol

#169 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 10 October 2004 - 02:21 PM

There is nothing wrong with your yahoo link.

Avg is still running on your system, I would suggest you uninstall 1 of the Antivirus programs.

Again there is nothing suspicious on your log.

#170 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 10 October 2004 - 05:03 PM

Hi 12g,

After three hours Yahoo finally started working for me. It must have been a local problem, because I finally had someone else check earlier in the day, and they said it was fine for them.

I closed the AVG control center hours ago. How can you tell it is still on?

And where can I turn it off? See, I have one on my desktop, but it won't open for me. The AVG that I use is the one on the task bar, but when I close the control center it disappears from the task bar.

I'm glad that log is fine. :)

And I just deleted one of those media fast click buttons. I have no idea waht they are...okay you know when you have multiple browser windows open, that are numbered? Okay, well it'll show up "media fast clicks"...it doesn't open so you can see what it is, you have to click on it with the mouse and close it. I have no idea what it is, but it is annoying.

Thanks,
Carol

There is nothing wrong with your yahoo link.

Avg is still running on your system, I would suggest you uninstall 1 of the Antivirus programs.

Again there is nothing suspicious on your log.

View Post


Edited by Good_Day, 10 October 2004 - 05:04 PM.


#171 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 10 October 2004 - 05:19 PM

I see the running process of AVG in your log. As I explained before, even if you close it at the control center it will start again on reboot.

What you should do is, if your Norton is bang up to date, and keep it up to date! I suggest you go to Add/Remove Programs and uninstall AVG.

#172 Good_Day

Good_Day

    Advanced Member

  • Full Member
  • PipPipPip
  • 182 posts

Posted 10 October 2004 - 09:19 PM

OH! Okay. I thought you meant something else. I didn't think those virus things were on, until you put them on.

Yes, my Norton is up to date. And I do that live update option once a week.

I'll remove the AVG, thanks. :)

Carol

I see the running process of AVG in your log. As I explained before, even if you close it at the control center it will start again on reboot.

What you should do is, if your Norton is bang up to date, and keep it up to date!  I suggest you go to Add/Remove Programs and uninstall AVG.

View Post



#173 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 10 October 2004 - 10:25 PM

You might want to re-think that. AVG plays nice with other AVs even if running as real time scanner. But they can certrainly keep it and run it manually, just disable the real time service.


Carol, I have just been advised about the above. If you have already uninstalled AVG, download it again and follow the above.

#174 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 October 2004 - 10:54 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button