Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake notice: "This website has been reported as unsafe"


  • Please log in to reply
55 replies to this topic

#1 AnaL

AnaL

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 19 January 2014 - 04:04 PM

I checked to see if this particular topic had been covered here at BC, and did not find any info.  (Could have missed it.)  Yesterday, started to receive this notice when I try to access one particular website (my Home Page).  So far, this does not pop up when I access other websites.  I've Googled the topic and it appears this is a fake notice.  I tried to fix the problem, myself.  I thought I was successful late last night (it worked for a while) -- but notice started popping up, again today.  Here's what the page looks like.   

https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-frc3/t1/s403x403/1505183_725399287499713_1248234342_n.jpg

 

Can someone help?  Thanks, AnaL


Edited by hamluis, 19 January 2014 - 05:14 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 19 January 2014 - 05:54 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 03:09 PM

Broni, since it said to restart computer after installing MBAM, I'll post what I have so far, and continue  with the rest after computer restarts.  Ana 

 

Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Adobe Reader XI 
 Mozilla Firefox 24.0 Firefox out of Date! 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Ana Lopez (administrator) on 20-01-2014 at 14:51:07
Running from "C:\Documents and Settings\Ana Lopez\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : ana

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : woh.rr.com

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : woh.rr.com

        Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

        Physical Address. . . . . . . . . : 00-1A-A0-9B-2D-EB

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 184.58.22.88

        Subnet Mask . . . . . . . . . . . : 255.255.224.0

        Default Gateway . . . . . . . . . : 184.58.0.1

        DHCP Server . . . . . . . . . . . : 142.254.145.37

        DNS Servers . . . . . . . . . . . : 209.18.47.61

                                            209.18.47.62

        Lease Obtained. . . . . . . . . . : Monday, January 20, 2014 12:46:35 PM

        Lease Expires . . . . . . . . . . : Tuesday, January 21, 2014 12:46:35 PM

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  74.125.225.7, 74.125.225.8, 74.125.225.9, 74.125.225.14
   74.125.225.0, 74.125.225.1, 74.125.225.2, 74.125.225.3, 74.125.225.4
   74.125.225.5, 74.125.225.6

 

Pinging google.com [74.125.225.142] with 32 bytes of data:

 

Reply from 74.125.225.142: bytes=32 time=43ms TTL=55

Reply from 74.125.225.142: bytes=32 time=41ms TTL=55

 

Ping statistics for 74.125.225.142:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 41ms, Maximum = 43ms, Average = 42ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

 

Reply from 98.139.183.24: bytes=32 time=46ms TTL=48

Reply from 98.139.183.24: bytes=32 time=46ms TTL=48

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 46ms, Maximum = 46ms, Average = 46ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 9b 2d eb ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       184.58.0.1    184.58.22.88   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
       184.58.0.0    255.255.224.0     184.58.22.88    184.58.22.88   20
     184.58.22.88  255.255.255.255        127.0.0.1       127.0.0.1   20
   184.58.255.255  255.255.255.255     184.58.22.88    184.58.22.88   20
        224.0.0.0        240.0.0.0     184.58.22.88    184.58.22.88   20
  255.255.255.255  255.255.255.255     184.58.22.88    184.58.22.88   1
Default Gateway:        184.58.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/19/2014 07:23:41 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/19/2014 07:02:13 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8409.0, stamp 52a8dbe1, faulting module winword.exe, version 11.0.8409.0, stamp 52a8dbe1, debug? 0, fault address 0x008018f2.

Error: (01/19/2014 07:00:31 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8409.0, stamp 52a8dbe1, faulting module winword.exe, version 11.0.8409.0, stamp 52a8dbe1, debug? 0, fault address 0x008018f2.

Error: (01/19/2014 06:59:37 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8409.0, stamp 52a8dbe1, faulting module winword.exe, version 11.0.8409.0, stamp 52a8dbe1, debug? 0, fault address 0x008018f2.

Error: (01/19/2014 03:17:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/18/2014 08:33:48 PM) (Source: Application Error) (User: )
Description: Faulting application mspaint.exe, version 5.1.2600.5512, faulting module imm32.dll, version 5.1.2600.5512, fault address 0x00014769.
Processing media-specific event for [mspaint.exe!ws!]

Error: (01/17/2014 02:57:34 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8409.0, stamp 52a8dbe1, faulting module winword.exe, version 11.0.8409.0, stamp 52a8dbe1, debug? 0, fault address 0x008018f2.

Error: (01/16/2014 04:35:49 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 09:23:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 06:14:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (01/19/2014 01:41:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/18/2014 11:46:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (01/18/2014 11:45:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/18/2014 10:35:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/18/2014 10:20:35 PM) (Source: DCOM) (User: ANA)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/18/2014 10:19:17 PM) (Source: DCOM) (User: ANA)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/18/2014 10:19:06 PM) (Source: DCOM) (User: ANA)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/18/2014 10:17:59 PM) (Source: DCOM) (User: ANA)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/18/2014 10:10:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (01/18/2014 10:09:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (01/19/2014 07:23:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/19/2014 07:02:13 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8409.052a8dbe1winword.exe11.0.8409.052a8dbe10008018f2

Error: (01/19/2014 07:00:31 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8409.052a8dbe1winword.exe11.0.8409.052a8dbe10008018f2

Error: (01/19/2014 06:59:37 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8409.052a8dbe1winword.exe11.0.8409.052a8dbe10008018f2

Error: (01/19/2014 03:17:06 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/18/2014 08:33:48 PM) (Source: Application Error)(User: )
Description: mspaint.exe5.1.2600.5512imm32.dll5.1.2600.551200014769

Error: (01/17/2014 02:57:34 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8409.052a8dbe1winword.exe11.0.8409.052a8dbe10008018f2

Error: (01/16/2014 04:35:49 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/15/2014 09:23:36 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/15/2014 06:14:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.4)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AIO_Scan (Version: 100.0.206.000)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
BufferChm (Version: 140.0.212.000)
C309a (Version: 140.0.690.000)
C7200 (Version: 90.0.189.000)
C7200_doccd (Version: 90.0.189.000)
c7200_Help (Version: 90.0.189.000)
CCleaner (Version: 4.09)
Cisco Connect (Version: 1.1.10049.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Copy (Version: 90.0.146.000)
Dell Resource CD (Version: 1.10.0000)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DocProc (Version: 13.0.0.0)
Fax (Version: 140.0.212.000)
FileHippo.com Update Checker
GPBaseService2 (Version: 140.0.211.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP LaserJet P2050 Series 6.0 (Version: 6.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
hppFonts (Version: 001.001.00061)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
hppQFolderP2050 (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0 (Version: )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Network (Version: 140.0.215.000)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
PanoStandAlone (Version: 90.0.146.000)
PowerDVD (Version: 7.0)
PowerDVD SE
PS_AIO_02_ProductContext (Version: 90.0.189.000)
PS_AIO_02_Software (Version: 90.0.189.000)
PS_AIO_02_Software_min (Version: 90.0.189.000)
PS_AIO_05_C309_Software_Min (Version: 140.0.690.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek High Definition Audio Driver (Version: 5.10.0.5408)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.80.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WOT for Internet Explorer (Version: 12.8.2.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3317.1 MB
Available physical RAM: 2539.39 MB
Total Pagefile: 5201.36 MB
Available Pagefile: 4624.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.29 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:451.57 GB) NTFS

========================= Users: ========================================

User accounts for \\ANA

Administrator            Ana Lopez                Guest                   
HelpAssistant            SUPPORT_388945a0        

**** End of log ****

````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 08-01-2014
Ran by Ana Lopez (administrator) on 20-01-2014 at 14:46:35
Running from "C:\Documents and Settings\Ana Lopez\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ana Lopez :: ANA [administrator]

1/20/2014 2:56:47 PM
mbam-log-2014-01-20 (14-56-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | File System | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | Heuristics/Extra
Objects scanned: 8564
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

BRONI, could not find where to click OK and Show Results, so could not click on Remove Selected



#4 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 03:24 PM

Broni, continuing...my PC won't let me download MBAM ANTI-ROOTKIT.  I get About Blank in the address bar and when I click MORE OPTIONS and try to download, it will NOT.

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/20/2014 03:22:06 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/20/2014 03:22:48 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 20 January 2014 - 03:46 PM

Uploaded MBAR for you here: http://www.sendspace.com/file/j0sohq

 

Security Check log is incomplete.

Redo.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 04:05 PM

Broni, URGENT, before we continue, two things have started popping up on my PC, and won't go away.  ONE, something called LIVE SUPPORT with a photo of a woman with a phone headset and the words Your Certified PC Expert and phone number 1-855-544-6024, which stays on whatever page I am working on.  And, TWO, something called PC UTILITIES PRO - OPTIMIZER PRO, an the message WELCOME TO OPTIMIZER PRO.  Are these programs that you sent to help clean my PC?  Or, are these other viruses?  Ana



#7 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 04:23 PM

Broni, my computer appears to be hijacked.  When I try to access Internet Explorer via my usual shortcut,  I get this, instead:  http://websearch.toolksearchbook.info/?pid=945&r=2014/01/20&hid=9537564031955166741&lg=EN&cc=US&unqvl=46

My regular home page is missing.  AND, I'm still having trouble downloading MBAM's Anti-Rookit, even with the new download info you gave me.  Ana



#8 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 04:46 PM

Broni, here's what I get when I try to download MBAR Anti-Rootkit from the new link you sent:

A page saying ERROR: Please Install Media Player HD to continue (required)

A page saying Cineble - Stream Your Favorite Movies, Fast and Free

A page saying Recommended Software.  Speed up your PC with Optimize Pro

A page saying Download. We have done our best to create a search product that profides you with the best search portals and supports.

 

You said to Unzip downloaded file, but I don't see any file to Unzip.  I am confused.  Please clarify.

Ana



#9 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 05:10 PM

Broni, in the few hours that I've been on the PC with Bleeping Computer about my problem, the following ADD ONS have attached themselves to my PC, under Toolbars and Extensions, with NO OPTION TO DISABLE (DISABLE is grayed out).  At top it says CONTROL NAME IS NOT AVAILABLE.  I have spelled them exactly as they appear in the Manage Add-Ons page.

 

- SNT

- ggreeatsaver

- SNT (again)

- greatsaaver (different spelling)

 

How can I get rid of these?  I don't recognize them as programs that I need.  (Correct me if I'm wrong.)

Thank you

Ana



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 20 January 2014 - 05:52 PM

Which browser is doing this?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 07:37 PM

Broni, I ran MBAM in Safe Mode, and here's the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.20.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: ANA [administrator]

1/20/2014 5:22:50 PM
mbam-log-2014-01-20 (17-22-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 274457
Time elapsed: 17 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{213C08A0-785B-ABBD-5AE1-A275C488AEAC} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C08A0-785B-ABBD-5AE1-A275C488AEAC} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{213C08A0-785B-ABBD-5AE1-A275C488AEAC} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8D23B37-9D00-5B12-B928-036B67E02AFB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8D23B37-9D00-5B12-B928-036B67E02AFB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8D23B37-9D00-5B12-B928-036B67E02AFB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{74AFC173-AA20-0C12-D847-B1BDBBA2E1CD} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74AFC173-AA20-0C12-D847-B1BDBBA2E1CD} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{74AFC173-AA20-0C12-D847-B1BDBBA2E1CD} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F1532E74-7A7B-40B8-CF44-B6CF31B2D6A8} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1532E74-7A7B-40B8-CF44-B6CF31B2D6A8} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F1532E74-7A7B-40B8-CF44-B6CF31B2D6A8} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.toolksearchbook.info/?pid=945&r=2014/01/20&hid=9537564031955166741&lg=EN&cc=US&unqvl=46) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files\SNT (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\greatsaaver (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
C:\Program Files\YoutubeAdblocker (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.

Files Detected: 27
C:\Program Files\SNT\fa5PXh.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\R1rcd.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\ggreeatsaver\23mgp.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\greatsaaver\FJBk3RxGw_.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ggreeatsaver\a1q83r.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\greatsaaver\HW2P7JeRvCq.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana Lopez\Desktop\Download.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana Lopez\Desktop\Download2.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana Lopez\Local Settings\Temp\{94FD5B98-EE66-4A76-A89D-A6444F1E796E}\Addons\OptimizerProInstaller.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\ggreeatsaver\23mgp.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\greatsaaver\FJBk3RxGw_.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\fa5PXh.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\R1rcd.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000133.dll (Trojan.SProtector) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000134.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000135.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000136.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000141.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000142.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F0CA7180-5500-453C-8829-B101ADD2958D}\RP3\A0000143.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\fa5PXh.tlb (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\fa5PXh.dat (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\R1rcd.dat (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files\SNT\R1rcd.tlb (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana Lopez\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files\greatsaaver\FJBk3RxGw_.dat (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.
C:\Program Files\greatsaaver\FJBk3RxGw_.tlb (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.

(end)



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 20 January 2014 - 07:42 PM

Update me on current issues in NORMAL mode.

 

Also...

 

Uploaded MBAR for you here: http://www.sendspace.com/file/j0sohq

 

Security Check log is incomplete.

Redo.

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 10:21 PM

Response to your Message: Uploaded MBAR for you here: http://www.sendspace.com/file/j0sohq

Security Check log is incomplete.

Redo.

BRONI, The log is incomplete because I asked you a question: When I downloaded MBAR from the above link, I get a Notice: Recommended Software. Speed up your PC with Optimizer Pro to enjoy a fast error free fully optimized computer.

- Simple, Easy and Fast, with just the click of a button Optimizer Pro will speed up, optimize your PC and free of disc space.

- OptimizePro includes the program LIVE SUPPORT as a bonus, all to keep your PC running like new.

- By Clicking Accept you agree that you have read and agree to the Privacy Policy and Terms of Use of PCUtilities Pro. Then, it says DECLINE or ACCEPT.

(I'M NOT SHOUTING HERE, BUT THE BOLD, ITALICS AND UNDERSCORE ARE NOT WORKING, SO IT'S HARD FOR ME TO DIFFERENTIATE BETWEEN WHAT I'M SAYING AND WHAT I'M QUOTING.

Is the above message from MBAR correct? Is that what you want me to proceed with? Please elaborate. Thank you, Ana

Is this what you want me to install? As I mentioned before, here's what I got when I clicked ACCEPT before:

A page saying ERROR: Please Install Media Player HD to continue (required)

A page saying Cineble - Stream Your Favorite Movies, Fast and Free

A page saying Recommended Software. Speed up your PC with Optimize Pro

A page saying Download. We have done our best to create a search product that profides you with the best search portals and supports.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 20 January 2014 - 10:25 PM

Which browser does it?

Did you try different browser?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 AnaL

AnaL
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:27 PM

Posted 20 January 2014 - 10:35 PM

Broni: Regarding Browser, my normal browser is IE 8. When I click on my IE8 shortcut, a page pops up that has Blue, Red, Yellow, Green Circle on the left and the Address Bar above says:
http://websearch.toolksearchbook.info/?pid=945&r=2014/01/21&hid=9537564031955166741&lg=EN&cc=US&unqvl=46

It sort of looks like the GOOGLE SEARCH PAGE, but it doesn't say GOOGLE.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users