zipzappromos insanity

Homebrue · 2005/05/21

zipzappromos has taken over my computer. I can't get through 2 web pages without getting a pornographic popup.

I've tried Spybot, Microsoft Anti-Spy, and Spy Sweeper. Nothing will kill this thing.

Any help you could provide would be greatly appreciated!

noahdfear · 2005/05/21

Welcome to WindowsBBS Homebrue

Please download GetLogXP.zip. Save it to your desktop. If it saves as attachment.php, right click and rename to GetLogXP.zip You may need to enable viewing extensions for known file types to see the zip and php extensions. To do that, open My Computer and click Tools on the menu, then folder options. Click the view tab of the window that opens, uncheck the box to Hide extensions...... and click OK. Now right click the zip and extract the GetLogXP.bat file to your desktop. Double click the file to run it. It will open GetLogXP.txt and place a copy on your desktop. Please post the contents of that log.

Download HijackThis.exe from here. Save it to a permanent folder (I create a new folder in C:\ named HJT). Open and click scan, then save log. Once it is saved it will open in notepad. Select all from the edit button, copy and paste the results here. Don't fix anything with it yet!

Homebrue · 2005/05/21

Thanks for the quick reply!

Here is the GetLogXp text file. HiJackThis log is on the way.....

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyAgent REG_SZ "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
EA868C5B REG_SZ C:\WINDOWS\system32\dptidsl.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
ccRegVfy REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
CHotkey REG_SZ mHotkey.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Share-to-Web Namespace Daemon REG_SZ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
CamMonitor REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
HP Software Update REG_SZ "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
EA868C5B REG_SZ C:\WINDOWS\system32\dptidsl.exe
qpoykceh REG_SZ c:\windows\system32\qpoykceh.exe -start
gcasServ REG_SZ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
SpySweeper REG_SZ "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 4.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 5.5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Corel Applications

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EESInst 99

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeoHelp v3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hp instant support

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78E59435-A150-4C50-9B4B-370D9C15D1E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.3.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.3.1_02

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB870669

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873333

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887742

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887797

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890175

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890923

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893086

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886903

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Netscape 6 (6.2.1)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qpoykceh

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SLAMRNTV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WOLAPI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZZ-ZZ-E30IbxprCzZeOVcnR0JGT1tHT0VARUdbNkdDQTFEQ0dbRgtAC0cLIwZcJVs0Wzk1O0gg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07295ABF-1245-415A-BE06-863271753443}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{092eeeee-9fdd-4895-a568-0818c96beb6c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0e4a0db5-801d-489e-85c0-6c3f96335d20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CAD83B0-87A3-4206-BF70-644546808731}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21DDC579-834B-4C14-8122-853994FA2214}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E132061-C78A-48D4-A899-1D13B9D189FA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F1FD032-67D1-4569-923F-47EAF132BF0F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FB6F304-A91D-4919-98E5-D96E074EA9E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{536F7C74-844B-4683-B0C5-EA39E19A6FE3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54e854d5-d5d4-452d-9c75-b39f5625b5fb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ADF6293-D60F-4425-AFA7-CEB820DB872B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6dc18d50-8cc3-4dea-a666-ea6f01907663}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{745A92AF-53B4-41A7-91C3-9B026B1D5897}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78E59435-A150-4C50-9B4B-370D9C15D1E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{829698DE-9EAC-475E-9A05-B7BA807CA1EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C64E145-54BA-11D6-91B1-00500462BE80}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939227BD-19D8-4684-8A04-31AC9F6A564C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97FFD218-F21D-4A5C-B564-A91B2FCC1CD8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A363B66C-1547-47bf-90F0-3834E70A841A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b17cf867-a4e5-41ba-a646-50f237810eca}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C38BC5B7-62D3-4880-82DD-A4803FD81921}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c46485b1-6527-4937-9dc0-29bb5d5613fe}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB4544EA-C189-41FE-9E3A-76591DDB852B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFD1B282-555D-494d-8231-4175C2AF08C2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d40e4a88-ebc8-4d52-be3c-a4917a057ef0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D545BB81-DEB0-49f7-BE26-197BC31AAF57}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ec7d7a6a-31cb-4810-826f-74171bef44f1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBF532A-47AC-457d-AC06-0D3163D8911E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF262740-C85A-11D5-BBEC-00D0B740900A}

Homebrue · 2005/05/21

As promised

And here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:50 AM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Day-Savor\DaySavor32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {35B27AFD-3CED-F233-F0EB-D2EBB5A89585} - C:\WINDOWS\system32\parsviatsr.exe (file missing)
N2 - Netscape 6: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Paula Horsch\Application Data\Mozilla\Profiles\default\c7qevrd6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EA868C5B] C:\WINDOWS\system32\dptidsl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [EA868C5B] C:\WINDOWS\system32\dptidsl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DaySavor.lnk = C:\Program Files\Day-Savor\DaySavor32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search/toolbar/netscape.cab
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

noahdfear · 2005/05/21

You should copy and save this post to text where you can access it in safe mode.

Please download and install Ad-aware SE Personal 1.05 from the link in my signature. Immediately check for updates. Close for now.

Download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

Copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same.
Close it, saving to your desktop as:

File name: zipzap.reg
Save As Type: All Files

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qpoykceh]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qpoykceh "=-
Click to expand...

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {35B27AFD-3CED-F233-F0EB-D2EBB5A89585} - C:\WINDOWS\system32\parsviatsr.exe (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [EA868C5B] C:\WINDOWS\system32\dptidsl.exe
O4 - HKCU\..\Run: [EA868C5B] C:\WINDOWS\system32\dptidsl.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binari...net32_EN_XP.cab

Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and click OK. Click yes to restart. This will restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Double click the zipzap.reg file and allow it to merge with the registry.

Click start>run and type cmd to open a command prompt window. Open these saved instructions and copy the first command below, then paste it in the command window and click OK. Then do the others one at a time. Close the command window when done.

attrib -h -r -s c:\windows\system32\qpoykceh.exe

del c:\windows\system32\qpoykceh.exe

attrib -h -r -s c:\windows\system32\dptidsl.exe

del c:\windows\system32\dptidsl.exe

Do a search of C:\Windows\system32 for any files named EGDACCESS**.* and delete if found.
Search the drive for the files eg_auth_1041.dll and EGAUTH.inf, delete if found.

Open C: and delete the files ied_s7.cab and x.cab if present.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all username folders.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.

Open Ad-aware and run a full scan. Remove everything it finds.

Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log. Let us know if the popups have stopped.

Homebrue · 2005/05/21

Okay, I did everything as directed.

While in the Command Prompt Window the last lines returned an error that the file could not be found.

What follows are RAV file and latest HiJackThis scan results. The RAV report button returned an "ERROR ON PAGE" so this was the best I could do.

I'll get back with you on the popups (after a short test browse).

RAV:

Scan started at 5/21/2005 12:21:53 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\LaCqaRha.exe->(EXEEmb) - TrojanClicker:Win32/Small.CJ -> Infected
C:\Q8276112.exe->(EXEEmb) - TrojanClicker:Win32/Small.CJ -> Infected
C:\WINDOWS\system32\snatmca.exe->(EXEEmb) - TrojanClicker:Win32/Small.CV -> Suspicious

Scanned
============================
Objects: 46886
Directories: 3706
Archives: 6533
Size(Kb): 237428
Infected files: 2

Found
============================
Viruses found: 1
Suspicious files: 1
Disinfected files: 0
Mail files: 65

HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:44 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Day-Savor\DaySavor32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com
N2 - Netscape 6: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Paula Horsch\Application Data\Mozilla\Profiles\default\c7qevrd6.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: NETSCAPE - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DaySavor.lnk = C:\Program Files\Day-Savor\DaySavor32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (NETSCAPE) - http://downloads.netscape.com/search/toolbar/netscape.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

noahdfear · 2005/05/21

Your log is clean.

You can replace the filepath in those command lines to get rid of these, or locate and delete them though Windows Explorer.

C:\LaCqaRha.exe
C:\Q8276112.exe
C:\WINDOWS\system32\snatmca.exe

Homebrue · 2005/05/21

Dave,

You are awesome!

No popups in 20 minutes of browsing. I cleaned those files up as you suggested. What do you advise for follow-on maintenance to prevent future infections?

Thanks man! You are going to make a special lady friend of mine very happy. She's been dealing with this for 6 months.

Do you guys take donations?

Have a great day!

Paul

noahdfear · 2005/05/21

That's great, Paul!

Other than what I've already had you install, I recommend using Spybot along with Ad-aware. Allow it to load SD Helper upon installing. Open it up and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this setting after downloading updates). Then click the tools button, then IE tweaks and at least lock the HOSTS file.

We don't currently accept individual donations, but we're always happy to see donations in the form of becoming a contributing member.

Very happy I was able to help.

noahdfear · 2005/05/21

Just realized I forgot something very important. You should clear out the System Restore points. Certainly don't want to take a chance on needing to roll back and having infected files in the restore.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Reboot, then turn it back on. I generally recommend manually creating a new restore point too (can't always depend on the system to do it automatically ).

Log in or Sign up

zipzappromos insanity

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

Share This Page

Log in or Sign up

zipzappromos insanity

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

noahdfear Inactive

Homebrue Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

Share This Page

Useful Searches