Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slowdown and Firefox crashes plus Mass Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby Scico » February 17th, 2011, 7:59 pm

Things are running smoother now. But, I get the feeling, were not out the woods yet.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=
# OnlineScanner.ocx=
# api_version=3.0.2
# EOSSerial=40492d48ace4de4c96c3a8dbe0be0cb9
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-17 07:52:56
# local_time=2011-02-17 02:52:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2817 16777215 100 100 177977 6638684 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=13464
# found=0
# cleaned=0
# scan_time=932
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=
# OnlineScanner.ocx=
# api_version=3.0.2
# EOSSerial=40492d48ace4de4c96c3a8dbe0be0cb9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-17 11:07:22
# local_time=2011-02-17 06:07:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2817 16777215 100 100 179202 6639909 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=240104
# found=7
# cleaned=0
# scan_time=11373
C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1407\A0229959.dll a variant of Win32/Kryptik.KIQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1407\A0229960.dll Win32/Cimag.DU trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1407\A0229961.exe a variant of Win32/Kryptik.KHF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1413\A0236629.exe a variant of Win32/Kryptik.KNR trojan (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP16634\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
D:\I386\APPS\APP16634\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
Active Member
Posts: 12
Joined: February 7th, 2011, 8:24 pm
Register to Remove

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby melboy » February 19th, 2011, 8:30 am


I get the feeling, were not out the woods yet.

Not quite, but we are very close. ;)

The files found by ESET are in system restore which we'll deal with very soon. The others are being detected because they have an ad-supported program archived within an installation file that came with your HP computer - Your choice, you can delete these if you wish.



A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

If combofix prompts you to update it at any point, please allow it to do so.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    c:\documents and settings\All Users\Application Data\jGdHbLe03100 
    c:\documents and settings\All Users\Application Data\pGfHhJm15400 
    FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
MRU Expert
MRU Expert
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby Scico » February 19th, 2011, 4:16 pm

So, do I, use HiJackthis to remove those three or something else?

ComboFix 11-02-16.01 - Cole 02/19/2011 14:00:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.620 [GMT -5:00]
Running from: c:\documents and settings\Cole\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\My Documents\Downloads\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\All Users\Application Data\jGdHbLe03100
c:\documents and settings\All Users\Application Data\jGdHbLe03100\jGdHbLe03100
c:\documents and settings\All Users\Application Data\pGfHhJm15400
c:\documents and settings\All Users\Application Data\pGfHhJm15400\pGfHhJm15400
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome.manifest
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\bing-zugo.xml
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\index.html
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\options.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\options.xul
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\toolbar.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\toolbar.xul
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\bing.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\celebrity.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_images.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_maps.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_news.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_video.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_videos.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_web.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\facebook.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\favicon.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\games.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\hotmail.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\lifestyle.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\messenger.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\msn.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\news.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\separator.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\toolbar.css
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\translate.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\twitter.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\video.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\weather.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\components\bingsuggest.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\defaults\preferences\prefs.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\install.rdf
c:\documents and settings\Cole\Local Settings\Temp\IadHide5.dll

((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))

2011-02-18 19:18 . 2011-02-18 19:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-02-17 19:30 . 2011-02-17 19:30 -------- d-----w- c:\program files\ESET
2011-02-17 19:14 . 2011-02-17 19:14 -------- d-----w- c:\program files\Common Files\Java
2011-02-17 19:14 . 2011-02-17 19:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-17 19:14 . 2011-02-17 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-17 19:14 . 2011-02-17 19:13 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-17 18:57 . 2011-02-17 18:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-17 18:54 . 2011-02-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-17 18:46 . 2011-02-17 18:48 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-07 09:03 . 2011-02-07 09:03 388096 ----a-r- c:\documents and settings\Cole\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 09:03 . 2011-02-07 09:03 -------- d-----w- c:\program files\Trend Micro
2011-02-07 04:58 . 2011-02-07 04:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-04 23:09 . 2011-02-04 23:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\.clamwin
2011-02-04 01:30 . 2011-02-04 01:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-04 00:08 . 2011-02-04 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-03 23:49 . 2011-02-03 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
2011-02-03 23:42 . 2011-02-03 23:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-03 03:09 . 2011-02-03 03:09 0 ----a-w- c:\windows\Dzilaniler.bin
2011-02-03 03:08 . 2011-02-03 03:08 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-03 03:08 . 2011-02-03 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-01-21 14:44 . 2004-08-09 21:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-09 21:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-09 21:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-09 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2010-04-04 21:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2004-08-09 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-09 21:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2010-04-04 21:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-09 21:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-09 21:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 04:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-09 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2007-01-13 08:11 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2007-01-13 08:11 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-01-14 17:30 . 2007-01-14 17:30 1410680 ----a-w- c:\program files\install_flash_player.exe
2007-01-12 16:35 . 2007-01-12 16:34 6820512 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

"TypingSatellite"="c:\program files\Cosmi\Perfect Typing Pro English\KBOOST.EXE" [2002-01-08 740352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-07 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]

c:\documents and settings\Cole\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-9-6 36903]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-1-11 217088]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-6 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

------- Supplementary Scan -------
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www2.windstream.net/newuser/benefits/
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 14:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-596501174-992397369-2604716157-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\program files\Cosmi\Perfect Typing Pro English\KBSatellite.dll
------------------------ Other Running Processes ------------------------
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
Completion time: 2011-02-19 14:49:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-19 19:49
ComboFix2.txt 2011-02-16 22:21
ComboFix3.txt 2011-02-16 20:06

Pre-Run: 81,984,303,104 bytes free
Post-Run: 82,837,192,704 bytes free

- - End Of File - - 0A1AE36DEBB48836AB9A375B223D0C68
Active Member
Posts: 12
Joined: February 7th, 2011, 8:24 pm

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby melboy » February 21st, 2011, 8:28 am


Sorry for the delay in replying, I've had a bout of sickness.

After this we should be done!


Download OTM by Old Timer and save it to your Desktop.

  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    ipconfig /flushdns /c

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • A report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Please post back with the OTM log, a fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
MRU Expert
MRU Expert
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby Scico » February 21st, 2011, 2:49 pm

Sorry to hear that. Hope you get well soon. Things are running normally. I have not spotted anything unusual. Though, I may have broke the power button on my modem. :oops:

All processes killed
========== FILES ==========
C:\hp\bin\wbug\HPPavillion_Spring06.exe moved successfully.
D:\I386\APPS\APP16634\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP16634\src\HPPavillion_Spring06.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Cole\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Cole\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Cole
->Temp folder emptied: 664078 bytes
->Temporary Internet Files folder emptied: 33185 bytes
->Java cache emptied: 13625 bytes
->FireFox cache emptied: 95006582 bytes
->Flash cache emptied: 5616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version log created on 02212011_133727

Files moved on Reboot...

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:42:24 PM, on 2/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www2.windstream.net/newuser/benefits/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\Cosmi\Perfect Typing Pro English\KBOOST.EXE"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WI ... _2-0-0.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Mo ... x/stub.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 8143 bytes
Active Member
Posts: 12
Joined: February 7th, 2011, 8:24 pm

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby melboy » February 22nd, 2011, 8:10 am

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. If not, please continue with the instructions below. Please give particular consideration to the section entitled Antivirus - IMPORTANT

Uninstall Combofix

We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.

OTM by OldTimer

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

Windows Rootkits

How do I respond to a possible identity theft and how do I prevent it


Antivirus - IMPORTANT

Looking over your log, it seems your anti-virus software (Clam Win), does not offer you REALTIME (on-access) protection.

Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. You would be better served by installing a free anti-virus software from one these excellent vendors.

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast!Free Antivirus - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
3) Microsoft Security Essentials - Free anti-malware solution that helps protect against viruses, spyware, and other malicious software

[Please note that trial pay is not needed to get any product for free.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.

If as a gamer you are concerned about the realtime protection of an Antivirus affecting your gameplay, note that Avast antivirus has a GamePlay mode.

New Silent/Gaming Mode automatically detects full-screen applications and disables pop-ups and other on-screen notifications without degrading security

General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.
    Internet Explorer 8 <<< Recommended Version
    For older versions please read and follow the recommendations at this site
    Internet Explorer7

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
MRU Expert
MRU Expert
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby Scico » February 22nd, 2011, 7:16 pm

Thank you for your time and assistance. I'm not sure, I spelled that last word, correctly.
Active Member
Posts: 12
Joined: February 7th, 2011, 8:24 pm

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby melboy » February 22nd, 2011, 7:21 pm

You're welcome! :)
User avatar
MRU Expert
MRU Expert
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Slowdown and Firefox crashes plus Mass Infection

Unread postby Carolyn » February 22nd, 2011, 8:39 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
MRU Emeritus
MRU Emeritus
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Register to Remove


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware