Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cyber attack from my IP address-2nd machine in home network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cyber attack from my IP address-2nd machine in home network

Unread postby jdr 275 » June 20th, 2011, 5:20 am

Hello,

With the help of Malwareremoval (MELBOY) my machine was cleaned up, after I received notification from my ISP that a malacious attack had originated from my IP address. See viewtopic.php?f=11&t=57131.
Melboy recommended that I open an new post for the second machine in our home network,which belongs to my son.
It may be his PC that is the computer responsible with regards to the message from your ISP, as I'm not seeing any signs of an active infection on this PC that would be at the root of the problem.
.
I installed Anti-malware from Malwarebytes 1.51.0.01200 and scanned his machine.A trojan agent was detected and placed in quarantine. But as this could be a symptom and not the root cause, I have placed a new topic.
I look forward to your reply. :?:

DDS log

.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 7.0.5730.13
Run by Patrick at 10:56:42 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1022.400 [GMT 2:00]
.
AV: Avira AntiVir PersonalEdition *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\stsystra.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\PDF24\pdf24.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Dell Wireless\PRISMCFG.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.exe
C:\Programme\OpenOffice.org 2.3\program\soffice.BIN
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ICQ] ~"c:\programme\icq6.5\ICQ.exe" silent
mRun: [avgnt] "c:\programme\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe
mRun: [ATIPTA] "c:\programme\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SweetIM] c:\programme\sweetim\messenger\SweetIM.exe
mRun: [AppleSyncNotifier] c:\programme\gemeinsame dateien\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
mRun: [PDFPrint] c:\programme\pdf24\pdf24.exe
mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\patrick\startm~1\progra~1\autost~1\openof~1.lnk - c:\programme\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\wirele~1.lnk - c:\programme\dell wireless\PRISMCFG.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\icq7.4\ICQ.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programme\partygaming\partypoker\RunApp.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 1174058125
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://static.pe.schuelervz.net/photoup ... 20080128-1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.schuelervz.net/photoup ... 1205763739
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3385CF30-12D5-471F-8F15-9A1217CAB1FE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EC060E08-CEF7-4140-9141-867C4299D79A} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.255.255.255 serial.alcohol-soft.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\patrick\anwendungsdaten\mozilla\firefox\profiles\nvdlksu5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - component: c:\dokumente und einstellungen\patrick\anwendungsdaten\mozilla\firefox\profiles\nvdlksu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\dokumente und einstellungen\patrick\anwendungsdaten\mozilla\firefox\profiles\nvdlksu5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\programme\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\programme\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\programme\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir personaledition classic\avgio.sys [2008-1-25 11608]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer;c:\programme\avira\antivir personaledition classic\sched.exe [2008-1-25 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\programme\avira\antivir personaledition classic\avguard.exe [2008-1-25 151297]
R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2009-8-22 247096]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2011-6-19 366640]
R3 avgntflt;avgntflt;c:\programme\avira\antivir personaledition classic\avgntflt.sys [2008-1-25 52056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-19 22712]
R3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate1ca23f26ee18854;Google Update Service (gupdate1ca23f26ee18854);c:\programme\google\update\GoogleUpdate.exe [2009-8-23 133104]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2009-8-23 133104]
S3 zlportio;zlportio;\??\c:\dokumente und einstellungen\patrick\eigene dateien\lan\ultrastar deluxe\zlportio.sys --> c:\dokumente und einstellungen\patrick\eigene dateien\lan\ultrastar deluxe\zlportio.sys [?]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-1-24 57344]
.
=============== Created Last 30 ================
.
2011-06-19 14:49:29 -------- d-----w- c:\dokumente und einstellungen\patrick\anwendungsdaten\Malwarebytes
2011-06-19 14:49:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 14:49:24 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-19 14:49:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 14:49:21 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
.
============= FINISH: 10:57:21,40 ===============

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24.01.2008 01:52:34
System Uptime: 20.06.2011 10:49:17 (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 149 GiB total, 7,368 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X600 256MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 256MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM-Bus-Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D21028&REV_01\3&172E68DD&0&FB
Manufacturer:
Name: SM-Bus-Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D21028&REV_01\3&172E68DD&0&FB
Service:
.
==== System Restore Points ===================
.
RP813: 23.03.2011 19:57:04 - Systemprüfpunkt
RP814: 28.03.2011 18:43:32 - Systemprüfpunkt
RP815: 29.03.2011 19:42:30 - Systemprüfpunkt
RP816: 01.04.2011 16:44:27 - Systemprüfpunkt
RP817: 02.04.2011 16:47:14 - Systemprüfpunkt
RP818: 04.04.2011 17:24:40 - Systemprüfpunkt
RP819: 05.04.2011 17:49:26 - Systemprüfpunkt
RP820: 06.04.2011 18:29:52 - Systemprüfpunkt
RP821: 08.04.2011 17:18:19 - Systemprüfpunkt
RP822: 09.04.2011 18:00:57 - Systemprüfpunkt
RP823: 10.04.2011 19:18:49 - Systemprüfpunkt
RP824: 11.04.2011 19:30:27 - Systemprüfpunkt
RP825: 13.04.2011 20:32:23 - Systemprüfpunkt
RP826: 14.04.2011 19:22:11 - Software Distribution Service 3.0
RP827: 15.04.2011 19:27:05 - Systemprüfpunkt
RP828: 17.04.2011 12:18:09 - Systemprüfpunkt
RP829: 18.04.2011 17:50:12 - Systemprüfpunkt
RP830: 18.04.2011 19:58:57 - Druckertreiber PDF24 PDF installiert
RP831: 20.04.2011 18:33:47 - Systemprüfpunkt
RP832: 22.04.2011 13:17:13 - Systemprüfpunkt
RP833: 25.04.2011 19:54:39 - Systemprüfpunkt
RP834: 29.04.2011 12:10:35 - Systemprüfpunkt
RP835: 29.04.2011 14:00:13 - Software Distribution Service 3.0
RP836: 01.05.2011 14:14:07 - Systemprüfpunkt
RP837: 02.05.2011 18:01:27 - Systemprüfpunkt
RP838: 03.05.2011 21:59:25 - Systemprüfpunkt
RP839: 05.05.2011 18:14:41 - Systemprüfpunkt
RP840: 06.05.2011 18:54:55 - Systemprüfpunkt
RP841: 08.05.2011 02:06:29 - Systemprüfpunkt
RP842: 09.05.2011 17:43:00 - Systemprüfpunkt
RP843: 10.05.2011 19:42:36 - Systemprüfpunkt
RP844: 12.05.2011 17:37:03 - Systemprüfpunkt
RP845: 12.05.2011 19:17:08 - Software Distribution Service 3.0
RP846: 16.05.2011 16:44:11 - Systemprüfpunkt
RP847: 17.05.2011 17:35:44 - Systemprüfpunkt
RP848: 18.05.2011 18:20:28 - Systemprüfpunkt
RP849: 20.05.2011 09:49:21 - Systemprüfpunkt
RP850: 21.05.2011 13:27:20 - Systemprüfpunkt
RP851: 01.06.2011 17:06:04 - Systemprüfpunkt
RP852: 02.06.2011 17:06:07 - Systemprüfpunkt
RP853: 04.06.2011 01:42:18 - Systemprüfpunkt
RP854: 10.06.2011 17:09:53 - Systemprüfpunkt
RP855: 12.06.2011 14:19:40 - Systemprüfpunkt
RP856: 19.06.2011 14:53:09 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Dienstprogramm zur Deinstallation der Software
ATI Display Driver
ATI Systemsteuerung
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Bonjour
Call of Duty(R) 2
CCleaner
DivX Codec
DivX Converter
DivX Player
DivX Web Player
FoxTab AVI Converter (remove only)
Free Audio CD Burner version 1.2
Free Video to Mp3 Converter version 3.1
Free YouTube to MP3 Converter version 3.2
GameSpy Arcade
Gemeinsam genutzte Internet-Komponenten von Westwood
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB976002-v5)
ICQ Toolbar
ICQ7.4
Intel(R) PRO Network Connections Drivers
iTunes
Malwarebytes' Anti-Malware Version 1.51.0.1200
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Mozilla Firefox (3.5.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nokia Connectivity Cable Driver
OpenOffice.org 2.3
PDF24 Creator 2.9.9
PokerStars.net
PowerDVD
QuickTime
Safari
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 7 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 7 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 7 (KB982381)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 8 (KB917734)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB936782)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899589)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB918118)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920213)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Sicherheitsupdate für Windows XP (KB921398)
Sicherheitsupdate für Windows XP (KB921503)
Sicherheitsupdate für Windows XP (KB921883)
Sicherheitsupdate für Windows XP (KB922616)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923980)
Sicherheitsupdate für Windows XP (KB924191)
Sicherheitsupdate für Windows XP (KB924270)
Sicherheitsupdate für Windows XP (KB924496)
Sicherheitsupdate für Windows XP (KB924667)
Sicherheitsupdate für Windows XP (KB925902)
Sicherheitsupdate für Windows XP (KB926255)
Sicherheitsupdate für Windows XP (KB926436)
Sicherheitsupdate für Windows XP (KB927779)
Sicherheitsupdate für Windows XP (KB927802)
Sicherheitsupdate für Windows XP (KB928255)
Sicherheitsupdate für Windows XP (KB928843)
Sicherheitsupdate für Windows XP (KB929123)
Sicherheitsupdate für Windows XP (KB930178)
Sicherheitsupdate für Windows XP (KB931261)
Sicherheitsupdate für Windows XP (KB931784)
Sicherheitsupdate für Windows XP (KB932168)
Sicherheitsupdate für Windows XP (KB933729)
Sicherheitsupdate für Windows XP (KB935839)
Sicherheitsupdate für Windows XP (KB935840)
Sicherheitsupdate für Windows XP (KB936021)
Sicherheitsupdate für Windows XP (KB937894)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB938829)
Sicherheitsupdate für Windows XP (KB941202)
Sicherheitsupdate für Windows XP (KB941568)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB941644)
Sicherheitsupdate für Windows XP (KB941693)
Sicherheitsupdate für Windows XP (KB943055)
Sicherheitsupdate für Windows XP (KB943460)
Sicherheitsupdate für Windows XP (KB943485)
Sicherheitsupdate für Windows XP (KB944653)
Sicherheitsupdate für Windows XP (KB945553)
Sicherheitsupdate für Windows XP (KB946026)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB948590)
Sicherheitsupdate für Windows XP (KB948881)
Sicherheitsupdate für Windows XP (KB950749)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958470)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971032)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB981349)
SigmaTel Audio
Star Wars Battlefront II
SweetIM for Messenger 2.7
SweetIM Toolbar for Internet Explorer 3.4
Uninstall 1.0.0.1
Unreal Tournament
Update für Windows Internet Explorer 7 (KB976749)
Update für Windows Internet Explorer 7 (KB980182)
Update für Windows XP (KB898461)
Update für Windows XP (KB900485)
Update für Windows XP (KB908531)
Update für Windows XP (KB910437)
Update für Windows XP (KB911280)
Update für Windows XP (KB916595)
Update für Windows XP (KB920872)
Update für Windows XP (KB922582)
Update für Windows XP (KB927891)
Update für Windows XP (KB930916)
Update für Windows XP (KB932823-v3)
Update für Windows XP (KB936357)
Update für Windows XP (KB938828)
Update für Windows XP (KB942763)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB885884
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Windows XP Service Pack 2
Wireless USB 2.0 WLAN
Xfire (remove only)
XP Codec Pack
.
==== End Of File ===========================
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am
Advertisement
Register to Remove

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 23rd, 2011, 7:55 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


===============================


Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

Any illegal software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of any illegal items.



CKScanner

Download CKScanner from here

  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby jdr 275 » June 23rd, 2011, 11:59 am

:cheers:

Hi Melboy,

Nice to have your assistance again. Here is the requested log.

ckfiles log.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\dokumente und einstellungen\patrick\eigene dateien\eigene musik\itunes\itunes music\eminem, dr. dre & 50 cent\relapse\18 crack a bottle.m4a
c:\dokumente und einstellungen\patrick\eigene dateien\eigene musik\itunes\itunes music\eminem, dr. dre & 50 cent\relapse\22 crack a bottle (single version).m4a
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\hl2.exe
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\readme.txt
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\srcds.exe
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\bin\filesystem_steam.dll
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\bin\libsteamvalidateuseridtickets_i486.so
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\bin\steam.dll
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\cstrike\bin\server.dll
c:\dokumente und einstellungen\patrick\eigene dateien\lan\css\crack\cstrike\bin\server_css.dll
c:\programme\partygaming\partycasino\language\de_de\images\flashlobby\lobby\safecrackerkeno.swf
c:\programme\partygaming\partycasino\language\de_de\images\flashlobby\lobby\safecrackerkeno_popup.swf
scanner sequence 3.GE.11
----- EOF -----
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 23rd, 2011, 12:43 pm

Hi jdr 275

Talk to your son and ensure he removes all cracks of any nature (including games) that may be on the system & then repost a fresh CKScanner log.

We'll be otherwise wasting mine and your time unless he complies and keeps the PC clean of any cracks/warez in the future.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby jdr 275 » June 24th, 2011, 5:21 am

Hi Melboy,


We have cleaned things up a bit. See log attached.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\dokumente und einstellungen\patrick\eigene dateien\eigene musik\itunes\itunes music\eminem, dr. dre & 50 cent\relapse\18 crack a bottle.m4a
c:\dokumente und einstellungen\patrick\eigene dateien\eigene musik\itunes\itunes music\eminem, dr. dre & 50 cent\relapse\22 crack a bottle (single version).m4a
scanner sequence 3.AA.11
----- EOF -----
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 24th, 2011, 7:49 am

Hi

Thank you.

jdr 275 wrote:I installed Anti-malware from Malwarebytes 1.51.0.01200 and scanned his machine.A trojan agent was detected and placed in quarantine.
Can you post me the relevent log where MBAM made that detection.

Follow the instructions below in sequence.


DeFogger

Download DeFogger from here and save it to your desktop.

Double click Defogger.exe to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • When GMER opens, it will run an inital quick scan. This should only take a few seconds, allow it to complete.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.




In your next reply:
  1. ESET log
  2. MBAM log
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby jdr 275 » June 24th, 2011, 11:38 am

Hi Melboy,

Here are the log as requested.

MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6895

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

19.06.2011 17:12:42
mbam-log-2011-06-19 (17-12-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184185
Laufzeit: 2 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Patrick\eigene dateien\downloads\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\programme\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\memedia_ff.dll (Adware.AdVantage) -> Quarantined and deleted successfully.
c:\programme\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=cc1be40e8f518e49be6ab846d1a6befe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-24 02:43:06
# local_time=2011-06-24 04:43:06 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777191 100 0 107677458 107677458 0 0
# compatibility_mode=8192 67108863 100 0 374 374 0 0
# scanned=61111
# found=6
# cleaned=0
# scan_time=1962
C:\Dokumente und Einstellungen\Patrick\Eigene Dateien\Downloads\Everest Poker.exe a variant of Win32/Casino application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\AdVantage\AdVantage.exe Win32/Adware.WhenU.SaveNow application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\AdVantage\ffext.mod Win32/Adware.WhenU.SaveNow application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\FoxTabAVIConverter\AviConverter.exe a variant of Win32/Adware.WhiteSmoke.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{978F05E8-CA4A-420A-A8BF-0D34D27A91DC}\RP863\A0089608.exe a variant of Win32/Adware.WhiteSmoke.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{978F05E8-CA4A-420A-A8BF-0D34D27A91DC}\RP863\A0091076.dll a variant of Win32/Adware.WhenU.SaveNow application (unable to clean) 00000000000000000000000000000000 I


GMER

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-24 15:41:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160828AS rev.8.03
Running: di8vukdk.exe; Driver: C:\DOKUME~1\Patrick\LOKALE~1\Temp\fgddrpow.sys


---- System - GMER 1.0.15 ----

SSDT F7CB3AE4 ZwCreateThread
SSDT F7CB3AD0 ZwOpenProcess
SSDT F7CB3AD5 ZwOpenThread
SSDT F7CB3ADF ZwTerminateProcess
SSDT F7CB3ADA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? system32\drivers\xpsec.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\drivers\xcpip.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[332] WS2_32.dll!send 71A1428A 5 Bytes JMP 00BF99A7
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[332] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 00BF9CBC
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[332] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00BF9A88
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[332] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 00BF9B5B
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[332] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00BF9E0A
.text C:\Programme\iTunes\iTunesHelper.exe[456] WS2_32.dll!send 71A1428A 5 Bytes JMP 025999A7
.text C:\Programme\iTunes\iTunesHelper.exe[456] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 02599CBC
.text C:\Programme\iTunes\iTunesHelper.exe[456] WS2_32.dll!recv 71A1615A 5 Bytes JMP 02599A88
.text C:\Programme\iTunes\iTunesHelper.exe[456] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 02599B5B
.text C:\Programme\iTunes\iTunesHelper.exe[456] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 02599E0A
.text C:\Programme\Messenger\msmsgs.exe[724] WS2_32.dll!send 71A1428A 5 Bytes JMP 00FA99A7
.text C:\Programme\Messenger\msmsgs.exe[724] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 00FA9CBC
.text C:\Programme\Messenger\msmsgs.exe[724] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00FA9A88
.text C:\Programme\Messenger\msmsgs.exe[724] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 00FA9B5B
.text C:\Programme\Messenger\msmsgs.exe[724] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00FA9E0A
.text C:\Programme\Dell Wireless\PRISMCFG.exe[876] WS2_32.dll!send 71A1428A 5 Bytes JMP 015699A7
.text C:\Programme\Dell Wireless\PRISMCFG.exe[876] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 01569CBC
.text C:\Programme\Dell Wireless\PRISMCFG.exe[876] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01569A88
.text C:\Programme\Dell Wireless\PRISMCFG.exe[876] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 01569B5B
.text C:\Programme\Dell Wireless\PRISMCFG.exe[876] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01569E0A
.text C:\WINDOWS\system32\winlogon.exe[1000] Secur32.dll!LsaLogonUser 77FC33F1 5 Bytes JMP 01302946
.text C:\WINDOWS\Explorer.EXE[1584] USER32.dll!DisplayExitWindowsWarnings 7E3A9D61 5 Bytes JMP 01482758
.text C:\WINDOWS\Explorer.EXE[1584] WS2_32.dll!send 71A1428A 5 Bytes JMP 013399A7
.text C:\WINDOWS\Explorer.EXE[1584] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 01339CBC
.text C:\WINDOWS\Explorer.EXE[1584] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01339A88
.text C:\WINDOWS\Explorer.EXE[1584] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 01339B5B
.text C:\WINDOWS\Explorer.EXE[1584] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01339E0A
.text C:\WINDOWS\system32\PRISMSVR.EXE[1600] WS2_32.dll!send 71A1428A 5 Bytes JMP 01D799A7
.text C:\WINDOWS\system32\PRISMSVR.EXE[1600] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 01D79CBC
.text C:\WINDOWS\system32\PRISMSVR.EXE[1600] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01D79A88
.text C:\WINDOWS\system32\PRISMSVR.EXE[1600] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 01D79B5B
.text C:\WINDOWS\system32\PRISMSVR.EXE[1600] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01D79E0A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1904] WS2_32.dll!send 71A1428A 5 Bytes JMP 01F399A7
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1904] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 01F39CBC
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1904] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01F39A88
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1904] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 01F39B5B
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe[1904] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01F39E0A
.text C:\WINDOWS\system32\wuauclt.exe[2116] WS2_32.dll!send 71A1428A 5 Bytes JMP 025D99A7
.text C:\WINDOWS\system32\wuauclt.exe[2116] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 025D9CBC
.text C:\WINDOWS\system32\wuauclt.exe[2116] WS2_32.dll!recv 71A1615A 5 Bytes JMP 025D9A88
.text C:\WINDOWS\system32\wuauclt.exe[2116] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 025D9B5B
.text C:\WINDOWS\system32\wuauclt.exe[2116] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 025D9E0A
.text C:\Programme\Mozilla Firefox\firefox.exe[3364] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\System32\alg.exe[3496] WS2_32.dll!send 71A1428A 5 Bytes JMP 008B99A7
.text C:\WINDOWS\System32\alg.exe[3496] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 008B9CBC
.text C:\WINDOWS\System32\alg.exe[3496] WS2_32.dll!recv 71A1615A 5 Bytes JMP 008B9A88
.text C:\WINDOWS\System32\alg.exe[3496] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 008B9B5B
.text C:\WINDOWS\System32\alg.exe[3496] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 008B9E0A
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[3740] ws2_32.dll!send 71A1428A 5 Bytes JMP 016499A7
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[3740] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 01649CBC
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[3740] ws2_32.dll!recv 71A1615A 5 Bytes JMP 01649A88
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[3740] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 01649B5B
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[3740] ws2_32.dll!closesocket 71A19639 5 Bytes JMP 01649E0A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x42 0xA7 0xFF 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xE1 0x78 0x21 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x42 0xA7 0xFF 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xE1 0x78 0x21 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312496383
Disk \Device\Harddisk0\DR0 PE file @ sector 312496405
Disk \Device\Harddisk0\DR0 MBRoot/Sinowal@MBR code has been found <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 24th, 2011, 12:23 pm

Hi

Bad news I'm afraid.

Your computer has multiple infections, including a rootkit that is both a Password/Information Stealer & Backdoor from the Win32/Sinowal malware family. A Backdoor gives intruders complete control of your computer, logs your keystrokes & steals personal information, etc.

This allows hackers to remotely control your computer, steal personal & critical system information and Download and Execute files

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine, but I can't guarantee that it will be at all secure afterwards.



Risk Advice - OEM MBR

Unfortunately you have an infected Master Boot Record (MBR)

Some OEM (Original Equipment Manufacturers) computers have a non-standard customised MBR that allows you to press a key on startup and restore your computer to it's factory delivered condition. If your computer had that option it may no longer available to you due to the infection.

Any attempted fix of this infection might result in the PC receiving a default Windows XP MBR. Whilst this will fix the infection, it will not restore the ability to restore your computer to it's factory delivered condition.

It may be possible to restore the original OEM MBR either before or after fixing the infection, but I would recommend that you contact the manufacturer themselves for support with this.

If you would like to proceed with attempting to fix this infection I need you to recognise this does not come without risk. The MBR is a critical component of your PC - as the name suggests it is critical to booting the PC. If anything was to go wrong with the fix it could result in your computer no longer being able to boot up. Whilst an unbootable computer may be fixable, it can be lengthy and complicated procedure.


If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data and then continue with the instructions below. If you have any questions - Please ask them first.


Please let me know what you have decided to do in your next post.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby jdr 275 » June 24th, 2011, 12:57 pm

Hi Melboy,

:pale:
Thank you. As you suspected,this is likely the maschine which caused the attack in the Net and the thereby reaction from my ISP.
I will have to discuss this with my Son, but I think a reformat and new installation,would be the better option.
I would like a day or two to think it over, if possible?

If I backup any files or data, how do I know that i´m not also saving the trojan or rootkit?
I would appreciate any advise from you.

If it´s OK, I will post back Sunday morning at the latest, ith a decision.

Thank you very much for your help up till now.

:)
JDR275
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 24th, 2011, 5:53 pm

jdr 275 wrote:If I backup any files or data, how do I know that i´m not also saving the trojan or rootkit?


The rookit is in the Master Boot Record. You won't be backing that up ;)

Only backup personal data; Documents, photo's, music etc.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby jdr 275 » June 26th, 2011, 5:32 am

Hi Melboy 8) ,

I have decided to format the hard drive and re-install windows XP again. Thank you very much for your help.
FYI. My PC was still infected. Further malware was detected by Malwarebytes after carring out a intensive scan.
I have already reformated it and it is now in the condition, in which I purchased it.
Even though the malware which infected both PC in my home network, coundn´t be removed, or that the PC was so infected that the only option was a reformat, I am very grateful to you and the Malwareremoval team. A great service. And my awareness for Malware,rootkits and backdoor viruses is now 100% increased.

This Topic can now be closed.

:D :cheers: :cheers: :cheers:

jdr275
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby melboy » June 26th, 2011, 6:10 am

Hi jdr275

jdr 275 wrote:I have decided to format the hard drive and re-install windows XP again.
Good choice. In some situations, although the malware may be able to be cleaned up, a R&R really is the best choice. :thumbleft:

jdr 275 wrote:My PC was still infected. Further malware was detected by Malwarebytes after carring out a intensive scan.
A Full scan with Malwarebytes might find traces of old or inactive malware infections, but the Quick scan I had you run will remove all active malware found in its database. The traces of infections found with the full scan are benign and harmless without the full body of the infection being present. ;)

===============================

Below is some general advice/suggestions for programs to install. You may have your own preference for an Antivirus/firewall.
There is also MWR's short guide to staying safer online

Antivirus
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
Suggestions:
  • Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
  • avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
  • Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
[Please note that trial pay is not needed to get any product for free.]
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Internet Explorer 8 <<< Recommended Version
    For older versions please read and follow the recommendations at this site
    Internet Explorer7
    Internet Explorer6


Recommended Programs

I would recommend the download and installation of some or all of the following programs, and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges.
    You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:
    [Please note that trial pay is not needed to get any product for free.]


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address-2nd machine in home netw

Unread postby Cypher » June 26th, 2011, 6:24 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 93 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware