Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Got myself infected with some nasty stuff :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby kevin strange » August 13th, 2006, 1:31 am

No, I'm just now finishing up. I still have to run Combofix, then I will be posting all the results. Sorry for the delay, I had to work late last night and early today, I just now had the oportunity to work on the problem.

Thanks for checking up on me, you really are attentive! :D
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » August 13th, 2006, 1:34 am

Post the results whenever you're ready :D
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby kevin strange » August 13th, 2006, 1:38 am

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:45 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Kevin\Desktop\findvundo.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.hackmovies.com/"); (C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [win3208120772739] C:\WINDOWS\win3208120772739.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -aim
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8231529321
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_j4f.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby kevin strange » August 13th, 2006, 1:39 am

ComboFix log:

Start Time= Sun 08/13/2006 0:35:56.45
Running from: C:\Documents and Settings\Kevin\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-12 19:22:08 ( .D... ) "C:\Program Files\Common Files\SWF Studio"
2006-08-12 19:17:54 ( .D... ) "C:\Program Files\Riva"
2006-08-11 18:46:34 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-11 18:45:58 6020448 ( A.... ) "C:\ewido-setup_4.0.0.172c.exe"
2006-08-01 21:04:58 ( .D... ) "C:\Program Files\Media Box"
2006-08-01 21:04:50 245760 ( ..... ) "C:\WINDOWS\Setup1.exe"
2006-08-01 21:04:42 73216 ( A.... ) "C:\WINDOWS\ST6UNST.EXE"
2006-08-01 20:58:28 ( .D... ) "C:\Program Files\CD-DA X-Tractor"
2006-07-31 14:26:04 ( .D... ) "C:\Program Files\Symantec"
2006-07-31 14:25:58 ( .D... ) "C:\Program Files\NavNT"
2006-07-31 14:25:58 ( .D... ) "C:\Program Files\Common Files\Symantec Shared"
2006-07-14 10:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:44 392824 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-07-09 13:42:14 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-07-09 13:42:14 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-07-09 13:42:12 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-07-09 13:42:12 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-07-09 13:42:10 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-07-09 13:42:10 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-07-09 13:42:08 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-07-09 13:42:08 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-07-09 13:42:08 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-07-09 13:42:06 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-19 13:38:58 53248 ( A.... ) "C:\WINDOWS\uni_ehhhh.exe"
2006-06-19 13:38:08 49152 ( A.... ) "C:\WINDOWS\uninst104.exe"
2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-12 21:57 73,728 C:\WINDOWS\system32\asuninst.exe
2006-08-12 21:57 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-08-11 18:45 6,020,448 C:\ewido-setup_4.0.0.172c.exe
2006-08-01 21:14 765,952 C:\WINDOWS\system32\tvqenc.dll
2006-08-01 21:14 393,216 C:\WINDOWS\system32\VorbisEncX.dll
2006-08-01 21:14 360,448 C:\WINDOWS\system32\NCTWMAFile.dll
2006-08-01 21:14 339,968 C:\WINDOWS\system32\MP3EncX.dll
2006-08-01 21:14 303,104 C:\WINDOWS\system32\WMAEncX.dll
2006-08-01 21:14 1,703,936 C:\WINDOWS\system32\NCTAudioFile.dll
2006-08-01 21:04 73,216 C:\WINDOWS\ST6UNST.EXE
2006-08-01 21:04 245,760 C:\WINDOWS\Setup1.exe
2006-08-01 08:42 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 14:26 4,032 C:\WINDOWS\system32\SYMEVNT1.DLL
2006-07-31 14:26 36,864 C:\WINDOWS\system32\S32EVNT1.DLL
2006-07-04 00:26 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-04 00:26 59,384 C:\WINDOWS\system32\vswmi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PROMon.exe"="PROMon.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"DXDllRegExe"="dxdllreg.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"
"win3208120772739"="C:\\WINDOWS\\win3208120772739.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -aim"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\qufycu.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows Media Player\\nicoziwi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 08/13/2006 0:36:34.50
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-11.181601.txt
ComboFix.2006-08-13.003556.txt
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby kevin strange » August 13th, 2006, 1:39 am

Panda Log:


Incident Status Location

Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/dollarrevenue Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@mediaplex[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\VundoFix\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\VundoFix.exe[process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\NetworkService\Desktop\VundoFix\VundoFix\process.exe
Adware:Adware/SecurityError Not disinfected C:\RECYCLER\S-1-5-21-1482476501-2139871995-1801674531-1003\Dc8\services.dll
Adware:Adware/DigInk Not disinfected C:\WINDOWS\uni_ehhh.exe
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby kevin strange » August 13th, 2006, 1:40 am

Ewido Log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:49:49 PM 8/12/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\RegiFast -> Adware.RegiFast : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1482476501-2139871995-1801674531-1003\Dc5.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\WINDOWS\bvq.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\QooBox\hbnmad.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\iflukit.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\mxdqm.dat.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\ninnrlf.dll.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\wkfqa.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\yiang.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\auxe.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wupdmgr.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1482476501-2139871995-1801674531-1003\Dc6.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1482476501-2139871995-1801674531-1003\Dc7.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\vmmlog32.dll -> Rootkit.Agent.cg : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).


::Report end
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby agrarianmonk » August 13th, 2006, 1:50 am

Open HijackThis and click on 'Do a System Scan Only'. Check the boxes next to all the entries listed below (if present).

O4 - HKLM\..\Run: [win3208120772739] C:\WINDOWS\win3208120772739.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_j4f.dll

Now close all windows other than HiJackThis, then click Fix checked.. Close HijackThis.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\win_j4f.dll
C:\WINDOWS\win3208120772739.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\uninst104.exe
C:\Program Files\Windows Media Player\nicoziwi.html
C:\Program Files\ComPlus Applications\qufycu.html

If you get an error when deleting a file, <<right click>> on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.

Please note any files/folders you couldn't find or delete in your next post.

***************************************

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

now reboot, and post a new hijackthis log.

also let me know how your computer is running and if problems persist.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby kevin strange » August 13th, 2006, 1:55 am

Got this after running HJT and fixing items requested:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\win_j4f.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby kevin strange » August 13th, 2006, 1:58 am

In the second set of instructions I could not find any of the requested files.
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby agrarianmonk » August 13th, 2006, 1:58 am

thats fine :)

please carry on with the other instructions
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby kevin strange » August 13th, 2006, 2:08 am

Startup programs still took longer than usual to load, but IE doesn't seem to be doing anymore popuping or placing ads onto webpages. :D The desktop is also back to normal!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:07:14 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\findvundo.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.hackmovies.com/");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");

(C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\l1y26az2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -aim
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program

Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 1128231529

321
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -

http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program

Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. -

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby agrarianmonk » August 13th, 2006, 2:12 am

This is my post for when your computer is all clean - which it currently appears to be. Please let me know if you are experiencing any other problems with your computer.

If you are not having any more problems, we have just a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

It's also a good idea to Flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!


(Please respond to this thread one more time so we can mark this thread as resolved.)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby kevin strange » August 13th, 2006, 2:37 am

All programs that recommended have been downloaded and run. Thank you so much for your quick and precice help. your forum has been bookmarked and I will recommend it to all of my friends and fans. I am a filmmaker with a website which gets around 20,000 hits a month, which isn't a lot, but it'll get you a tab bit of attention.

Expect a donation soon! :D :D :D
kevin strange
Regular Member
 
Posts: 20
Joined: August 11th, 2006, 1:15 pm

Unread postby NonSuch » August 13th, 2006, 3:06 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware