Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

First hjt log, help ! but in simple english please!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby six-h » June 9th, 2007, 2:13 pm

beynac

As requested, continued today's instructions from: -
Backup the Windows Registry

Was taken by surprise when the "Notepad" file didn't appear, as I was wanting to double double check that it was correct!! hope it is!
Here's the current hjt log.



Logfile of HijackThis v1.99.1
Scan saved at 18:49:19, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Seems to me that those "Fixed" files from yesterday have gone, but I notice several items with either no name, or no files.
Are these the kind of things you are looking for?
Not that I would ever aspire to act on any of this info, it just pleases me that what I could make no sense of yesterday, is begining to make interesting reading!!
I expected to see the Reg Edit that I've just done, Hope I did it right, 'cos I don't see it! :roll:
six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

Unread postby beynac » June 9th, 2007, 4:57 pm

Was taken by surprise when the "Notepad" file didn't appear, as I was wanting to double double check that it was correct!! hope it is! andI expected to see the Reg Edit that I've just done, Hope I did it right, 'cos I don't see it!

If you want to check the content of the fix.reg file, right-click on the file and select Edit. The file should then open in Notepad. The registry entry we were deleting doesn't appear in HijackThis. If you want to check that we got rid of it, you will need to run a Spybot scan.

HijackThis (HJT) is a very useful analytical tool. However, it can misreport certain things. The 'O2' lines we fixed were showing "(no file) ". The 'O2' lines are reported correctly. However, other lines which show "(file missing)" cannot be relied upon. You can probably recognise a lot of the programs in the HJT log. The 'O4' entries, for example, show the programs which run at startup. As you say, it is important that people don't 'fix' things in HJT unless they know what they are doing.

Your latest HijackThis log is clean. Can you please confirm that you are not getting any popups from MBS. I would like to run a scan to make sure that everything is all right.

----------------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
------------------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

Update AVG Anti-Spyware:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available (or show an error message).
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
----------------------------------------------------

Please post, as a reply to this thread:
  • The AVG Anti-Spyware repot
  • A new HijackTHis log (run a new scan)
Please let me know whether you are getting any MBS popups.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 9th, 2007, 6:10 pm

baynac

Have run "ATF Cleaner".


>>>
AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet. <<<




When downloading the above, do you mean click "Run" as opposed to "Save"?

Regarding your question about "popups", I followed "fhiufhyrefyer's" instructions (PCA Helproom Forum) on the 4th of June, and despite still having a Reg Key from MBS systems, which you found, I have had no "popup Bills" since doing this basic removal.



six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » June 9th, 2007, 7:42 pm

beynac

I've downloaded AVG Anti-Spyware, to it's default location:-
C:\Docs & Settings\Geoff Vost\My Docs\ATF-Cleaner.

When I open it from there, the wizard tells me that it will install in C:\ProgFiles\Grisoft\AVG Anti-Spyware7.5.
(Accepted)

Next screen says: - "Select the Start Menu folder in which you would like to create the programmes shortcuts
You can also enter a name to create a new folder".
In the main part of the window, there is a list that seems to resemble all my programmes, but there is also a "Startup" folder among them!

Where should I direct these shortcuts to be stored???

Another unsettling discovery, whilst hunting for AVG, I opened : -
C:\Docs&Settings\Geoff Vost\Start Menu.

Within was a folder marked Programmes, and also a windows "generic" shortcut Icon, labeled MBS Account Manager!
Hovering the mouse over this brings up the "Hints text"; - Location: Internet Explorer!

I thought I had successfully deleted that on the 4th of June!!

As I said in the last posting, I have Downloaded and run ATF Cleaner.
I cannot proceed further without your advice re AVG Anti-Spyware.

Regards
six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 10th, 2007, 5:12 am

Regarding your question about "popups", I followed "fhiufhyrefyer's" instructions (PCA Helproom Forum) on the 4th of June, and despite still having a Reg Key from MBS systems, which you found, I have had no "popup Bills" since doing this basic removal.

That's great - I just wanted confirmation.

When I open it from there, the wizard tells me that it will install in C:\ProgFiles\Grisoft\AVG Anti-Spyware7.5.
(Accepted)

That's correct.

Where should I direct these shortcuts to be stored???

Just accept the defaults. Most programs give you this choice - it's for people who want to structure their Start/All Programs menu differently.

Within was a folder marked Programmes, and also a windows "generic" shortcut Icon, labeled MBS Account Manager!

Please delete the shortcut (right-click and then select Delete). It is probably showing as "generic" because everything else has been deleted. Be careful not to left-click it just in case! ;)

Once you've done all this (and run the scan), please post the AVG Anti-Spyware report and the new HijackThis log.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 10th, 2007, 10:49 am

beynac

Wow, that took a long time to succeed in updating, (AVG Anti-Spyware)
In the end, I eixted, re-installed and the update ran first time!
hope that was OK.

Followed your instructions, and was surprised that at the bottom of the report, "Set all Elements to: -" Had reverted to "Delete"
I changed this back, and only the "Trojan" changed in the report body.
All the cookies remained "Delete" with no option to change to Quarantine, so I accepted that!
I had made a note of their "Paths", but the report shows that!. :o

Here is the AVG Anti-Spyware Report: -

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:25:06 10/06/2007

+ Scan result:



C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-1984919291-1825392768-3581218086-500\Dc6.exe -> Trojan.Agent.afi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BCF816E-5DD3-4D52-8959-4D2CE8D95DF3}\RP146\A0024006.exe -> Trojan.Agent.afi : Cleaned with backup (quarantined).


::Report end


I've a confession to make! :oops:
I forgot to delete the Icon MBS Account Manager,
So I did it before running hjt.
Right click, and Shift/delete, didn't want it in the re-cycle bin did we?
;)

Heres the hjt scan report: -


Logfile of HijackThis v1.99.1
Scan saved at 15:29:15, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Trust that the above is OK

six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 10th, 2007, 12:19 pm

Well done! :) Everything is looking clean. The tracking cookies will be deleted by AVG Anti-Spyware - it doesn't try to clean them. The only other items were both MBS related: one in the recycle bin and one in a system restore point.

We just need to tidy up now. You can delete OTMoveIT and fix.reg from your desktop. I suggest that you keep Erunt as it may come in handy in the future. ATF Cleaner and AVG Anti-Spyware are both useful programs and I suggest that you keep them.

--------------------------------------------------------

I see that you are using Windows XP Firewall. This is better than nothing, but it only protects against incoming traffic. It doesn't protect you against outgoing baddies trying to "phone home". I strongly suggest that you use one of the third-party ones. Sunbelt Personal Firewall and Outpost Firewall are both good and have a free version. I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can greatly lower your risk.

------------------------------------------------------

Now that the computer is clean, I suggest that you 'flush' your System Restore points.

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
This will remove all of your old restore points and create a new, clean one.

-----------------------------------------------------

If you do not already use it, I suggest that you install SpywareBlaster. This program will:
  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
This program blocks these items but does not run in the background. It therefore does not use any resources.

I would also recommend that you have a look at Firetrust SiteHound. This gives warnings when you are about to enter a website that is on their 'block' list. An alternative is McAfee SiteAdvisor. I use SiteHound, but both have a good reputation (N.B. use only one of them, not both).

----------------------------------------------------

Please let me know if you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 10th, 2007, 1:40 pm

Hi beynac,

I don't know why, but I can't progress beyond your post Fri 08 Jun, 2007 11:03 pm in the "Topic Review" so that leaves me answering your last post "blind".
Having said that, I think I'll print it off then I can talk sensibly!! :)

Before that, I will just advise you that I have cleared OTMoveIt and fix.reg from my desktop, turned off Sysrestore, and re-booted.
Upon restarting I got an error Msg: -
Exception processing Message c0000013 Parameters 75b6bf9c 75b6bf9c
I clicked "continue" and it went away!
then OE. asked if I wanted to "Compact Messages", I declined, should I have accepted, or Deleted some of my "in box Read Items, (There are only 51)
After that, I re-started Sys Restore.
So far so good.
I will just post this and print off your last post, so that I can reply more systematically, (If that's possible for me! :roll:)

six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » June 10th, 2007, 3:24 pm

OK Back again, :)

Just discovered, the topic review, is ordered, latest on top!
That's why I couldn't find your last post at the bottom! :oops:

Desktop

remaining items are: -
    Short cuts; -
    Spybot S&D
    AdAwareSE Personal
    HijackThis
    AVG AntiSpyware
    ATF Cleaner
    Erunt
Should I put these in a folder, perhaps My Docs\"Security Items"?

    exe Files: -

    dss.exe (not installed elsewhere, How do I install?)
    erunt.exe (installed)


Should I then put the resulting Shortcuts into the above suggested folder
in order to shield them from inadvertent/"Iwonder what that does" clicks!

Firewalls
I downloaded from Computeractive, McAfee firewall 2005, but what good a 2 year old one is I don't know.
I will be guided by you on this.
Though, the Russian connection with "Outpost" Kinda worries me, maybe it's my recently embued sense of Paranoia showing! :roll:
Sunbelt,is a company I have heard, mentioned respectfully,
though I don't know which lownload link to click on to get just the Freebie,
is it the top left or top right Icon (from your link)
Does it monitor two ways, and would you advise me how to set it up?

Before we met, on Friday, I was reading lots of things on your site, and have printed off the Lawrence Abrams tutorials for both SpywareBlaster, and SpywareGuard,with a view to using them. Would you use both or just Blaster?

Regards SiteHound, Your recommendation speaks volumes to me, Yes I'll Go for that.

Since eTrust and "Realmon" (the realtime file monitor) were bundled apps.
and I have never had a peep out of either one, Im not impressed, maybe that's unfair, but my only experience of "Forcing" a scan, resulted in a report showing under "Status"for every single item checked, "Open Error"
Their helpdesk, said that this refered to files that were running at the time of the scan, Could I possibly have every file open and not a thing in the task bar??? :shock:
I intend to uninstall this programme, and use a freebie.
What would you recomend?

With all this Protection and detection running in the background, am I likely to notice much of a penalty in speed or rescources used?


Other Questions

I take it that now would be the very best time to take a system Image.
I have the free edition of True Image personal, and have only used it once before, to make an image prior to installing SP2.
This resides on my External HD, which I have reformatted NTFS and it is otherwise unused.
1) If I connect the drive, and delete the old Image, am I likely to compromise my nice clean machine?
2) Since I don't really know what I'm doing with TI, would now also be a good time to make a "Bootable" cd, which I understand is required if I want in the future to use the yet to be created image?
3) How does one know that the image is not corrupted?

I have as you may expect, many, many more questions, but I realise that you have a life outside of this magnificent Forum, though I cannot imagine where you find the time to live it!! :lol:

six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 10th, 2007, 6:01 pm

Upon restarting I got an error Msg: -
Exception processing Message c0000013 Parameters 75b6bf9c 75b6bf9c
I clicked "continue" and it went away!

This problem appears to be linked to a process called Dit.exe which assigns drive icons and names to flash memory cards. I found contradictory information about whether, or not, this process is necessary. I suggest that you do nothing unless you get this warning again. If you do, you need to stop Dit.exe from running at startup. To do this:

Run HijackThis and click Scan and then check (tick) the following:

O4 - HKLM\..\Run: [Dit] Dit.exe

Close down all programs, browsers and other open windows. Make sure that only the above item is checked and then click on Fix checked.

If you then find that you are having problems with flash memory cards, you will need to restore it from the HijackThis backup:
  • Open HijackThis and click on the Open the Misc Tools section button
  • Click on the Backups button
  • Select the line that you wish to restore: O4 - HKLM\..\Run: [Dit] Dit.exe
  • Click the Restore button (top right)
-----------------------------------------------

OE. asked if I wanted to "Compact Messages", I declined, should I have accepted, or Deleted some of my in box Read Items, (There are only 51)

It is a good idea to compact folders and messages in Outlook Express on a regular basis. It reorganises the files to remove deleted items and other rubbish. You can do this from the menus in Outlook Express.

-----------------------------------------------

Desktop

ATF Cleaner: There is no harm in leaving this on the desktop. The other programs should be on your Start/All Programs menu. You can delete the shortcuts if you don't want them on your desktop.

dss.exe (not installed elsewhere, How do I install?)
erunt.exe (installed)

You can delete these. Deckard's Scanner isn't needed and the Erunt file is the installation program which has done its job.

-----------------------------------------------

Firewalls

I can assure that the 'Russian connection' is not a problem. Kaspersky, one of the best antivirus programs on the market, is Russian. However, I do recommend Sunbelt Firewall. Yes, it does give two-way protection. I use the paid-for version and my wife has the free one. It's very easy to use. When you install it, you can opt for the simple or advanced interface. I use the advanced one because it gives me more control. I suggest that you use the simple interface for a more stress-free experience. There is no configuration as such. You install - it works! :)

Both of the links lead to the same page. Just download it to your desktop and install it. Make sure that no other programs are running at the time. The free version will run for thirty days with all the features of the full version. After that, if you decide not to go for the paid version, you will get occasional prompts to upgrade, but these are not a problem.

----------------------------------------------

Before we met, on Friday, I was reading lots of things on your site, and have printed off the Lawrence Abrams tutorials for both SpywareBlaster, and SpywareGuard,with a view to using them. Would you use both or just Blaster?

Personally, I would just use SpywareBlaster. SpywareGuard is good, but you already have AVG Anti-Spyware. If you want real-time protection you could upgrade to the full version. If you do this, you would need to activate the Resident Shield and automatic updates.

--------------------------------------------

Sitehound is a good choice! :thumbright:

--------------------------------------------

AntiVirus Programs

If you are looking for free antivirus programs I would recommend Avast and AVG. Both are free, for personal use. My personal preference is for AVG (my wife uses it) but both have a good reputation. Download the program to your desktop and then make sure that you fully uninstall eTrust Antivirus, and reboot, before installing the new one.

--------------------------------------------

With all this Protection and detection running in the background, am I likely to notice much of a penalty in speed or rescources used?

No, not with the ones that we are talking about. Some of the Internet Security Suites (e.g. Norton) can be very resource-hungry.

--------------------------------------------

I take it that now would be the very best time to take a system Image.
I have the free edition of True Image personal, and have only used it once before, to make an image prior to installing SP2.
This resides on my External HD, which I have reformatted NTFS and it is otherwise unused.
1) If I connect the drive, and delete the old Image, am I likely to compromise my nice clean machine?
2) Since I don't really know what I'm doing with TI, would now also be a good time to make a "Bootable" cd, which I understand is required if I want in the future to use the yet to be created image?
3) How does one know that the image is not corrupted?

I have no experience of this program or system images, so I can't really advise you. However, I would delete the old image, as it may be infected, and save a new one. Other than that, I'm afraid that I can't be much help. Perhaps a question on PC Advisor forum?

--------------------------------------------

I have as you may expect, many, many more questions, but I realise that you have a life outside of this magnificent Forum, though I cannot imagine where you find the time to live it!!

It keeps me busy, but it's very interesting and satisfying work.

Good luck and safe surfing! :D
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 11th, 2007, 6:25 am

beynac
Thanks for your response; I didn’t expect a fix for it! :o
I will use it if the error msg. becomes a problem.

Similarly, with Outlook Express’s requests to compact messages.

I’ve since noticed that Internet Explorer now lists it’s self as “(No Add-ons)â€
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 11th, 2007, 7:01 am

Good morning Geoff.

[quote]I’ve since noticed that Internet Explorer now lists it’s self as “(No Add-ons)â€
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 11th, 2007, 8:24 am

beynac

I'm not sure what you mean. Where does it list itself?


I've spent 10 minutes trying to paste a screen shot, but without success! :banghead:
In XP, when you click "Start, the "White side of the open window, lists large Icons of all the regularly used Programmes, with their title.
The one for I.E. says: - Internet Explorer (No Add-ons)
It may have been so listed all the time, and I havn't noticed it 'till now!
I don't know. :dontknow:

Re AntiSpyware, I've noticed that if I deactivate the Shield, the Sys tray icon goes grey.
My logic says that this means that even though it's open and running, It's doing nothing 'cos I've deactivated the dynamic part of the software. (Does that sound sensible?)
So the logical thing to do when this part of the software is not available is to "Exit" the programme, and only use it for "forced" scans as there is no benefit in leaving it open. (Am I right?) :munky2:

SiteHound is a toolbar and, as such, there will be no System Tray icon. It doesn't run all the time. It just checks each url against its database when you enter it into your browser. SpywarBlaster doesn't run either. It blocks Internet Explorer from acccessing a large list of 'nasties'.


So these open automatically with Explorer? :?:

I'm pleased that I can download all of this to my machine,
It means I can scoop up all these pages and pages of printouts that I have in piles around my lounge, and convert them to scrap pads!
That's good, 'cos I'm not well organised, and I've reached that stage in life, where you make list's of almost everything!! :withstupid:

As for my "Kind words", They were a genuine and well deserved statement, earned, not given.
I wish that the rest of the Internet community comprised such kind, benevolent and helpful people.
It's been a privilege, and a pleasure to be helped by you, and I hope that I can contact you again in the future; if I need to. :salute:

six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » June 11th, 2007, 10:41 am

beynac

Just another little update!

Sunbelt firewall, AVG AntiVirus, manual and Firewall settings instructions.
Downloaded and filed in prep for removal of eTrust

SpywareBlaster and SiteHound.
Downloaded and installed

I suspect it's SiteHound that's causing it, but Gmail, my home page, took7 minutes to load the first time!!
Repeated opening, seems to have got it down to 45 seconds, even so , Life's too short!! :clock:
Is there anything I can do to streamline it? :sleepy2:

I also intend to set up admin and user accounts, which I understand further protects my system.
Finally on the defence front, My wireless router is WPA/PSK encrypted, but I am being advised to use "allow access by MAC address" and to hide my SSID. :hiding:
Soon as I can, I will do this, and maybe then I'll not be a sitting duck!? :duck:



six-h
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 11th, 2007, 10:54 am

I suspect it's SiteHound that's causing it, but Gmail, my home page, took7 minutes to load the first time!!
Repeated opening, seems to have got it down to 45 seconds, even so , Life's too short!!

I don't understand that. I use SiteHound with Firefox but have used it with Internet Explorer. I don't notice any delay at all. Is it just that page? Do other pages load quickly? The delay the first time may have been because SiteHound was downloading its database. Subsequent browser startups shouldn't take noticeably longer than before. You could try uninstalling, then re-installing it and see if that helps (make a note of your SiteHound ID first).

If its still slow, then I suggest that you uninstall it and try Site Advisor instead.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware