Andro1d

Trusted Helpers
 View Profile  See their activity

  • Content Count

    737

  • Joined

  • Last visited

 Content Type 

Posts posted by Andro1d

  1. Antivirusxp08[INACTIVE]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Step 2

    Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

    Java 2 Runtime Environment, SE v1.4.2

    Step 3

    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

    1) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

    2) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.

    3) PC Tools AntiVirus - Free edition of the PC Tools AntiVirus program for Windows.

    Once you install one of the above programs, please update its virus defintions and run a full PC scan. Please post the log as well.

    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program that has an autoprotect feature on, uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should have an autoprotect feature on at a time.

    Step 4

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  2. Antivirusxp08[INACTIVE]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    1. Please open Notepad

    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    File::
    C:\WINDOWS\system32\tcfkzkfg.exe
    C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
    C:\WINDOWS\system32\efutkbyl.exe
    C:\WINDOWS\system32\lphccvbj0e531.exe

    Folder::
    C:\Program Files\vykhpud
    C:\Documents and Settings\All Users\Application Data\zeruhqpu
    C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
    C:\Program Files\rhc9vbj0e531

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsgWebApp"=-
    "apiadm"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMrhc9vbj0e531"=-
    "lphccvbj0e531"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Xnm8l6kH0l"=-

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    CFScript.gif

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    • Combofix.txt
    • A new HijackThis log.

    Step 2

    Open HijackThis, click Config, click Misc Tools

    Click "Open Uninstall Manager"

    Click "Save List" (generates uninstall_list.txt)

    Click Save, copy and paste the results in your next post.

  12. Hijackthis Log - Help Required

    in Malware Removal

    Posted

    Nice job your log looks clean!

    Please use the following suggestions to help prevent reinfection.

    Also, you may delete any tools I had you download during the cleaning process.

    Clearing System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. You will lose all previous Restore Points which are likely to be infected. Now we need to make a new Restore Point for your PC, please do the following:

    • Right-click My Computer and select the System Restore tab.
    • Click to add a check mark next to Turn off System Restore, and click OK.
    • You will be warned that all existing Restore Points will be deleted, select Yes to continue.

    All system restore points are deleted. Now please create a new restore point by doing the following:

    • Right-click My Computer and select the System Restore tab.
    • Click to remove the check mark next to Turn off System Restore, and click OK.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

    Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

    Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

    Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

    Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

    Good luck and safe surfing :)

  13. Hijackthis Log[RESOLVED]

    in Malware Removal

    Posted

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

  14. Hijackthis Log[RESOLVED]

    in Malware Removal

    Posted

    Nice job your log looks clean!

    Please use the following suggestions to help prevent reinfection.

    Time for some housekeeping

    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
      • CF_Cleanup.png

      [*] When shown the disclaimer, Select "2"

    The above procedure will:

    • Delete the following:
      • ComboFix and its associated files and folders.
      • VundoFix backups, if present
      • The C:\Deckard folder, if present
      • The C:_OtMoveIt folder, if present

      [*] Reset the clock settings.

      [*] Hide file extensions, if required.

      [*] Hide System/Hidden files, if required.

      [*] Reset System Restore.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

    Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle

    Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

    Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

    Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

    Good luck and safe surfing :)

  15. Ie 7 And Firefox Not Opening Pages -malware?

    in Malware Removal

    Posted · Edited by MoNsTeReNeRgY22

    Hello and Welcome to the forums. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    I need you to rename Hijackthis because I suspect that you may have the Vundo infection that can hide some entries in your log.

    • Please go to the folder where you saved Hijackthis.exe:
      < C:\Documents and Settings\VKWD\My Documents\hijackthis\hijackthis_sfx\HijackThis.exe >
    • Right-click on it, then select Rename.
    • Please rename it to energy.exe
    • Then double-click energy.exe to scan and then post the new logfile.

  16. Damn Antivirusxp08 - Please Help

    in Malware Removal

    Posted

    Hello and Welcome to the forums. :)

    I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

    Please visit this web page for instructions for downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial at the above link.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

  17. Hijackthis Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Please copy (Ctrl C) and paste (Ctrl V) the following text in the code box to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

    @echo off
    sc stop AFinding 
    sc delete AFinding 
    sc stop NOBICYT
    sc delete NOBICYT
    sc stop perfmons
    sc delete perfmons
    sc stop Routing
    sc delete Routing
    sc stop WServing
    sc delete WServing
    DEL fixservices.bat

    Double click fixservices.bat. A window will open and close. This is normal.

    Now post a fresh HJT log please.

  18. Hijackthis Log - Help Required

    in Malware Removal

    Posted

    Hello again,

    Please do an online scan with Kaspersky WebScanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition files.
    • Once they are downloaded, the database will be updated.
      Please accept any ActiveX or Java notifications[i/]
    • After the files have been updated, go to the left side of the page under the Scan section and select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

  19. Hijackthis Log

    in Malware Removal

    Posted

    Hello again,

    Now you need to delete the infected files in your Norton AntiVirus Quarantine.

    Go to this page and follow the directions for emptying Quarantine for your version of Norton Antivirus:

    Removing files from Norton AntiVirus Quarantine

    Other that that, nice job your log looks clean!

    Please use the following suggestions to help prevent reinfection.

    Also, you may delete any tools I had you download during the cleaning process.

    Reset System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. You will lose all previous Restore Points which are likely to be infected. Now we need to make a new Restore Point for your PC, please do the following:

    • Click Start
    • Right click My Computer and select Properties
    • Click the System Restore tab
    • Check "Turn off System Restore" and click "Apply".
    • It will then ask you if you want to turn off System Restore, select Yes
      Please give a moment as it will delete the old Restore points
    • Then uncheck "Turn off System Restore" which will create a new Restore point
    • Click OK

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

    Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

    Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

    Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

    Good luck and safe surfing :)

  20. Hijackthis Log

    in Malware Removal

    Posted

    Nice job your log looks clean!

    Please use the following suggestions to help prevent reinfection.

    Also, you may delete any tools I had you download during the cleaning process.

    Reset System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. You will lose all previous Restore Points which are likely to be infected. Now we need to make a new Restore Point for your PC, please do the following:

    • Click Start
    • Right click My Computer and select Properties
    • Click the System Restore tab
    • Check "Turn off System Restore" and click "Apply".
    • It will then ask you if you want to turn off System Restore, select Yes
      Please give a moment as it will delete the old Restore points
    • Then uncheck "Turn off System Restore" which will create a new Restore point
    • Click OK

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

    SpywareBlaster - Great prevention tool to keep malware from installing on your system.

    **Tutorial on installing & using this product can be found HERE**

    SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    **Tutorial on installing & using this product can be found HERE**

    IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    **Tutorial on installing & using this product can be found HERE**

    ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

    Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

    **Tutorial on Firewalls can be found HERE**

    It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

    Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

    Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

    Good luck and safe surfing :)

  22. Hijackthis Log

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

    Step 2

    Please do an online scan with Kaspersky WebScanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition files.
    • Once they are downloaded, the database will be updated.
      Please accept any ActiveX or Java notifications[i/]
    • After the files have been updated, go to the left side of the page under the Scan section and select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

  23. Hijackthis Log - Help Required

    in Malware Removal

    Posted

    Hello again,

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

    Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

    O4 - HKCU\..\Run: [sys1.exe] C:\Windows\Sys1.exe

    Also, if you didn't set the following restrction in IE, please also fix the following line.

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please enter Safe Mode by using the Arrow Keys and then hit Enter.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\Windows\Sys1.exe

    After that, Reboot.

    Then please post a fresh HJT log.

  24. Hijackthis Log[RESOLVED]

    in Malware Removal

    Posted

    Hello again,

    Step 1

    Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe (file missing)

    O23 - Service: NOBICYT - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)

    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)

    O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)

    Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

    Step 2

    Please do an online scan with Kaspersky WebScanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition files.
    • Once they are downloaded, the database will be updated.
      Please accept any ActiveX or Java notifications[i/]
    • After the files have been updated, go to the left side of the page under the Scan section and select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

  25. Hijackthis Log

    in Malware Removal

    Posted

    Hello again,

    Please download Deckard's System Scanner (DSS) to your desktop.

    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
    • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
    • Please go to that folder and also copy the contents of Extra.txt to your post as well.

    Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.