Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple popups, slowdown, malware. Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Multiple popups, slowdown, malware. Please help!

Unread postby Dextroman584 » December 8th, 2006, 11:06 pm

I ran ewido, ad-aware, and spybot search and destroy and it seemed to help but I'm still getting popups and balloons stating that I have a virus and to click here to download an antivirus program. Here is my HJT log. Any help will be GREATLY appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 9:05:57 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm
Advertisement
Register to Remove

Unread postby Navigator » December 9th, 2006, 12:04 am

Hello Dextroman...welcome to Malware Removal.....you have a smitfraud infection:

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Dextroman584 » December 9th, 2006, 1:40 am

Thank you so much for your help. It seems to be getting worse. Here's my results:


SmitFraudFix v2.128

Scan done at 23:38:19.68, Fri 12/08/2006
Run from C:\Documents and Settings\Dextroman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dextroman


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dextroman\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DEXTRO~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"

[HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



I'd really like to get this fixed tonight because I have some work I need to do on my computer. Thanks again for your help because I wouldn't have a clue on what to do.
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby Navigator » December 9th, 2006, 9:03 am

You are welcome.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


After doing this, post back with the C:\rapport.txt results and a new HJT log for me to review....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Dextroman584 » December 9th, 2006, 6:43 pm

Thanks again for your help. That certainly seemed to help but I'm not sure that it got everything because I'm still receiving a few popups. Here's my reports:


SmitFraudFix v2.128

Scan done at 4:28:50.56, Sat 12/09/2006
Run from C:\Documents and Settings\Dextroman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning



Logfile of HijackThis v1.99.1
Scan saved at 4:41:23 PM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL= http://www.comcast.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby Navigator » December 9th, 2006, 9:36 pm

Dextroman584 wrote:Thanks again for your help. That certainly seemed to help but I'm not sure that it got everything because I'm still receiving a few popups. Here's my reports:


Good job Dextroman....!

It would help if you'd give me a bit more information about the pop-ups you are experiencing such as where they are from, and what they are titled etc....

Let's see what this shows us:

1. First download AVG anti-spyware (previously Ewido) from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it to your desktop, we will use it later.

3. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.

Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

5. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG and reboot your system back into Normal Mode.


6. Open HijackThis, click Open Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


7. Post the results of the AVG scan, the HJT uninstall list and a new HJT log for me to review...also let me know if you are still getting pop-ups or having problems....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Dextroman584 » December 10th, 2006, 2:52 pm

Thanks a lot. I'm still having a few problems but it seems to be getting better. My computer is a little slower, I havent had any popups recently, some of my programs randomly crash (particularly AOL instant messanger), and for some reason, whenever I go to any site where I must login, I wont allow me to do so. I had to get a friend to post my last post because even on this site, once I entered my username and password and clicked login, it would just take me back to the same page as if the page had just been refreshed. Its also done that on a few other sites. Luckily today it let me log on so I could get these results to you. I followed your instructions and here are my new results of the AVG scan, the HJT uninstall list and a new HJT log:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:47:43 AM 12/10/2006

+ Scan result:



C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP184\A0038776.dll -> Downloader.Zlob.bcq : Cleaned.
C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP184\A0038777.exe -> Downloader.Zlob.bcq : Cleaned.
C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP184\A0038796.dll -> Downloader.Zlob.bcq : Cleaned.
C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP184\A0038797.exe -> Downloader.Zlob.bcq : Cleaned.
C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP186\A0039027.dll -> Downloader.Zlob.bcq : Cleaned.
C:\System Volume Information\_restore{C07ACB03-A53E-47BD-9907-DA3BA3490C8B}\RP186\A0039114.exe -> Downloader.Zlob.bcq : Cleaned.
:mozilla.210:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.144:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.120:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.123:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.85:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.191:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.151:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.154:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.242:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.244:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.348:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.351:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.356:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.22:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.335:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.336:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.230:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.113:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.114:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.117:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.263:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.264:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.169:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.109:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.110:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.111:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.112:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.116:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.273:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.196:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.197:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.198:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.199:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.200:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.201:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.202:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.36:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.203:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.204:C:\Documents and Settings\Dextroman\Application Data\Mozilla\Firefox\Profiles\mhdvbatp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end



545 Studios Skinstaller (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 9
AIM Toolbar
AIMutation (remove only)
AOL Instant Messenger
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AVG Anti-Spyware 7.5
BitComet 0.79
BitTorrent 4.20.9
BMSE dbl
BroadJump Client Foundation
Comcast High-Speed Internet Install Wizard
Diablo II
EVEREST Home Edition v2.20
FlashFXP v3
Hero Editor V0.96
HijackThis 1.99.1
IE Help
IEC system
IGN Download Manager 2.2.2
Intel(R) Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
Kazaa 3.0
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Shockwave Player
McAfee SecurityCenter
Messenger:Mate Gesture Player for AIM (remove only)
Microsoft .NET Framework 1.1
mIRC
Mozilla Firefox (2.0)
Oblivion
QuickTime
Realtek AC'97 Audio
Registrar Registry Manager 4.04
Registrar Registry Manager 4.04 (Lite Edition)
Scientific Atlanta DPX2100 USB Cable Modem
Secure Delivery
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SpyAssassin ToolBar
The Shield 2007 Professional
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Video ActiveX Object 2.07
VideoLAN VLC media player 0.8.4a
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Wireless-B PCI Adapter WLAN Monitor
World of Warcraft
Yahoo! Internet Mail
ZoneAlarm



Logfile of HijackThis v1.99.1
Scan saved at 12:52:29 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby Dextroman584 » December 10th, 2006, 3:17 pm

Wow. I think I should just note that I was chatting with a friend on AOL instant messenger when my screen turned blue stating that windows had found an error and had shutdown to prevent any damage. Here is the problem it found:

KERNEL_DATA_INPUT_ERROR


Any idea what virus I have and how to get rid of it? This is kinda getting me worried now. Thanks.
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby Navigator » December 10th, 2006, 3:52 pm

Hey Dextroman.....

A couple of points:

I was reviewing you Uninstall list and your last malware removal topic from September. I am going to re-iterate what Dan12 told you then.....while it is not my place to tell you what to do, you have multiple P2P/file sharing programs installed on your computer. P2p apps are some of the largest sources of malware we see. You'll be doing yourself a favor by removing them.

References for the risk of these programs are here: http://www.microsoft.com/windows/ie/com ... ction.mspx here: http://www.techweb.com/wire/160500554 and here: http://www.internetworldstats.com/articles/art053.htm

You also seem to like to download various 'free' programs such as video/media players, registry tools etc....I cannot speak to the 'authenticity' or 'legitimate-ness' of these programs.

The KERNEL_DATA_INPUT_ERROR information does not tell me much as it is relatively 'generic'....it could be hardware related, memory, disk controller, or a hard disk with bad sectors. If there was more information with the error message you posted, I would take that information to the MS help site to search and see if it produces any 'hits'.

Your HJT log 'appears clean', and AVG found only some remnants of the smitfraud infection you just cleaned and some cookies....but let's do a few more things:

1. Download CWShredder Here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

2. Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

3. Please remove these entries from Add/Remove Programs in the Control Panel(if present). Click start>>control panel>>add/remove programs:

BMSE dbl
IE Help
IEC system
SpyAssassin ToolBar
Video ActiveX Object 2.07



4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

5. Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Dextroman584 » December 12th, 2006, 2:21 am

Thank you once again for your help Navigator. Something obviously happened after your last post because my computer went crazy. It started taking about 7-8 minutes to start explorer.exe so it took a very long time to start my computer. All of my antivirus/spyware removal programs had errors and would not run, and my internet connection wouldn't aquire the network address. I couldn't do anything so I completely reformatted my hard drive. Everything is great now but now I have to reinstall all of my programs, drivers, ect but thats ok. I'm not sure what triggered the sudden change but now the problem is definitely solved. You guys are wonderful and keep up the good work!
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby Navigator » December 12th, 2006, 7:06 pm

WOW.... :o


You are welcome, and good luck with the computer after the reformat!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby NonSuch » December 24th, 2006, 6:22 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 323 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware