Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Help - spyware/virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Help - spyware/virus?

Unread postby dan12 » June 27th, 2008, 12:44 pm

You should be fine so don't worry :)
Will await replies.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top
Advertisement
Register to Remove

Re: Help - spyware/virus?

Unread postby smercer2 » June 27th, 2008, 5:14 pm

Dan,

Here is my ComboScript log:

ComboFix 08-06-20.4 - smercer2 2008-06-27 15:46:45.2 - NTFSx86
Running from: C:\Documents and Settings\smercer2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\smercer2\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\novarozy.dll
C:\WINDOWS\system32\{ebb0b145-a1b9-03c8-5366-8cf4d7eb3489}.dll
C:\WINDOWS\system32\{ebb0b145-a1b9-03c8-5366-8cf4d7eb3489}.dll-uninst.exe
C:\WINDOWS\system32\jlwnw64j.exe
C:\WINDOWS\system32\vlwnw64.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\novarozy.dll
C:\Old temp
C:\Old temp\~DFC74B.tmp
C:\Old temp\~DFCD5F.tmp
C:\Old temp\~DFD6A3.tmp
C:\Old temp\~DFEA6A.tmp
C:\Old temp\~WRD0001.doc
C:\Old temp\2bti.exe
C:\Old temp\aim0508175826.tmp
C:\Old temp\AIM291C.tmp.arf
C:\Old temp\AIM291E.tmp.arf
C:\Old temp\AIM2920.tmp.arf
C:\Old temp\AIM406.tmp.arf
C:\Old temp\AIM409.tmp.arf
C:\Old temp\AIM40A.tmp.arf
C:\Old temp\AIM4C8.tmp.arf
C:\Old temp\AIM4C9.tmp.arf
C:\Old temp\AIM4CA.tmp.arf
C:\Old temp\AIM4CB.tmp.arf
C:\Old temp\AIM4CC.tmp.arf
C:\Old temp\AIM4CD.tmp.arf
C:\Old temp\AppCoreInst.dat
C:\Old temp\CCI10.tmp
C:\Old temp\CCI11.tmp
C:\Old temp\CCI3.tmp
C:\Old temp\CCI7.tmp
C:\Old temp\CCIA.tmp
C:\Old temp\CCIB.tmp
C:\Old temp\CCID.tmp
C:\Old temp\CCIE.tmp
C:\Old temp\CCIF.tmp
C:\Old temp\CF_Register_Action.dat
C:\Old temp\control.xml
C:\Old temp\DefInstAction.dat
C:\Old temp\Downloader.exe
C:\Old temp\FW_Register_Plugin_Action.dat
C:\Old temp\gc_ep_w01_enu.exe
C:\Old temp\hpoMSI_AiO_Scan_LOG.txt
C:\Old temp\hpoMSI_Enterprise_LOG.txt
C:\Old temp\hpoMSI_QFolder.log
C:\Old temp\hpoMSI_Scan_LOG.txt
C:\Old temp\HPOUNI001.2008Apr22-190533.LOG
C:\Old temp\hpzarp000.log
C:\Old temp\hpzchk000.log
C:\Old temp\hpzdui000.log
C:\Old temp\hpzdui001.log
C:\Old temp\hpzdui002.log
C:\Old temp\hpzmsi000.log
C:\Old temp\hpzmsi001.log
C:\Old temp\hpzmsi002.log
C:\Old temp\hpzmsi003.log
C:\Old temp\hpzmsi004.log
C:\Old temp\hpzmsi005.log
C:\Old temp\hpzpnp000.log
C:\Old temp\hpzpnp001.log
C:\Old temp\hpzpnp002.log
C:\Old temp\hpzpnp003.log
C:\Old temp\hpzprl000.log
C:\Old temp\hpzprl001.log
C:\Old temp\hpzprl002.log
C:\Old temp\hpzpsc000.log
C:\Old temp\hpzpsc001.log
C:\Old temp\hpzpsc002.log
C:\Old temp\hpzpsc003.log
C:\Old temp\hpzpsc004.log
C:\Old temp\hpzpsc005.log
C:\Old temp\hpzpsc006.log
C:\Old temp\hpzpsc007.log
C:\Old temp\hpzpsc008.log
C:\Old temp\hpzrcv000.log
C:\Old temp\hpzrcv001.log
C:\Old temp\hpzrcv002.log
C:\Old temp\hpzrcv003.log
C:\Old temp\hpzrei000.log
C:\Old temp\hpzrei001.log
C:\Old temp\hpzrei002.log
C:\Old temp\hpzs34ff0
C:\Old temp\hpzscr000.log
C:\Old temp\hpzscr000_MSI_0.log
C:\Old temp\hpzscr000_MSI_1.log
C:\Old temp\hpzscr000_MSI_2.log
C:\Old temp\HPZSet000.log
C:\Old temp\HPZSet001.log
C:\Old temp\HPZSet002.log
C:\Old temp\hpzshl000.log
C:\Old temp\hpzwis000.log
C:\Old temp\hpzwis001.log
C:\Old temp\hpzwrp000.log
C:\Old temp\IDSinst.LOG
C:\Old temp\is-3173.tmp
C:\Old temp\ldrleem.exe
C:\Old temp\NDr16A.tmp.html
C:\Old temp\NDr16B.tmp.html
C:\Old temp\NDR2C.tmp
C:\Old temp\NDR2F.tmp
C:\Old temp\NDR31.tmp
C:\Old temp\NDr7B.tmp.html
C:\Old temp\NDr7C.tmp.html
C:\Old temp\NDr7F.tmp.html
C:\Old temp\NDR91.tmp
C:\Old temp\Norton Setup 15,0,0 6-23-2008 17h39m28s.log
C:\Old temp\Norton Setup 15,0,0 6-24-2008 19h21m52s.log
C:\Old temp\Norton Setup 15,5,0 6-24-2008 19h57m58s.log
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\catchme.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\temp\itmp4
C:\temp\itmp4\mkbv4i.log
C:\WINDOWS\system32\{ebb0b145-a1b9-03c8-5366-8cf4d7eb3489}.dll-uninst.exe
C:\WINDOWS\system32\{ebb0b145-a1b9-03c8-5366-8cf4d7eb3489}.dll
C:\WINDOWS\system32\1049a
C:\WINDOWS\system32\1049a\hinacomDE.exe
C:\WINDOWS\system32\axc
C:\WINDOWS\system32\axc\ashcom3e.exe
C:\WINDOWS\system32\bgi
C:\WINDOWS\system32\bgi\pidam2.exe
C:\WINDOWS\system32\eb10
C:\WINDOWS\system32\eb10\zvuxderr.exe
C:\WINDOWS\system32\jlwnw64j.exe
C:\WINDOWS\system32\vlwnw64.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-24 20:16 . 2008-06-24 20:16 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-24 20:16 . 2008-06-25 06:09 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-24 16:54 . 2008-06-24 16:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-23 21:05 . 2008-06-23 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 21:03 . 2008-06-23 21:03 812,344 --a------ C:\HJTInstall.exe
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Documents and Settings\smercer2\Application Data\Symantec
2008-06-21 08:19 . 2008-06-21 08:19 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-18 06:59 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:06 --------- d-----w C:\Program Files\Viewpoint
2008-06-25 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-25 10:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 10:53 --------- d-----w C:\Program Files\Browser Mouse
2008-06-25 10:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-25 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-25 00:19 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-25 00:19 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-25 00:19 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-25 00:19 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-25 00:19 --------- d-----w C:\Program Files\Symantec
2008-06-22 11:00 --------- d-----w C:\Program Files\DevalVR
2008-06-21 12:47 --------- d-----w C:\Program Files\Google
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-29 22:01 --------- d-----w C:\Documents and Settings\smercer2\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2005-04-15 22:09 5,647,872 ----a-w C:\Program Files\Dameware.MSI
2005-04-15 21:41 10,061,312 ----a-w C:\Program Files\vpnclient-win-msi-4.0.5.C-k9.exe
2005-04-15 20:45 967,486 ----a-w C:\Program Files\tightvnc-1.2.9-setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 14:02 61440]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 11:19 757760]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 11:46 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-01-26 11:46 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-27 21:20 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 10:57 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 18:30 517768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\smercer2\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2005-04-15 17:51:07 6144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"novarozy"= {6a21d3b2-e1df-43b8-95ea-b6cae2843288} - C:\Documents and Settings\All Users\Application Data\novarozy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 10:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 15:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-12 20:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\TightVNC\\WinVNC.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87be01b3-a4f9-11db-95a9-00e018a937ae}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - LIVEUPDATE_NOTICE_EX
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 15:52:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-27 15:59:29
ComboFix-quarantined-files.txt 2008-06-27 19:58:25
ComboFix2.txt 2008-06-26 21:09:59

Pre-Run: 45,194,825,728 bytes free
Post-Run: 45,127,962,624 bytes free

317 --- E O F --- 2008-06-20 07:04:49


Here is my MalwareBytes log:

Malwarebytes' Anti-Malware 1.18
Database version: 895

4:50:57 PM 6/27/2008
mbam-log-6-27-2008 (16-50-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 93322
Time elapsed: 35 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080625-161543-869.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Old temp\Downloader.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Old temp\ldrleem.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jlwnw64j.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mcntmadm.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntaxdm.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vlwnw64.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\1049a\hinacomDE.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\axc\ashcom3e.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bgi\pidam2.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\eb10\zvuxderr.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039321.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039323.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039330.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039331.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039332.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0039333.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP624\A0041338.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0041354.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0041355.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0041360.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0042067.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0042068.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045159.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045162.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045207.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045223.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045224.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0045264.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP625\A0046843.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP628\A0046948.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP628\A0046949.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047022.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047024.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047088.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047089.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047091.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047095.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{563816D7-AC0E-46FB-8355-1535D7FB1AA3}\RP629\A0047096.exe (Adware.Agent) -> Quarantined and deleted successfully.


As for the Kaspersky, I was unable to do a scan. It would not let me accept and scan. It kept saying I needed the latest Java software. I installed Java and continue to have the same error message. Any assistance here would be great. Thanks.
smercer2
Active Member
 
Posts: 12
Joined: June 23rd, 2008, 9:18 pm
Top

Re: Help - spyware/virus?

Unread postby dan12 » June 27th, 2008, 5:55 pm

You will need to switch to Internet explorer! are you using firefox to try and do your kaspersky scan?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Help - spyware/virus?

Unread postby smercer2 » June 27th, 2008, 8:33 pm

I am using Internet Explorer. My children installed Firefox and I rarely use it.
smercer2
Active Member
 
Posts: 12
Joined: June 23rd, 2008, 9:18 pm
Top

Re: Help - spyware/virus?

Unread postby dan12 » June 27th, 2008, 10:36 pm

I assume it was the latest version of java you Installed,not to worry.
Let's try another scanner,

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Help - spyware/virus?

Unread postby smercer2 » June 28th, 2008, 12:17 pm

Here's my eset log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3224 (20080627)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=705c5db165c21a408980b5e69aa522bb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-28 03:56:55
# local_time=2008-06-28 11:56:55 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=252696
# found=12
# scan_time=3377
C:\Documents and Settings\smercer2\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75549 Win32/Adware.CommAd application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir multiple infiltrations (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir »ZIP »backups/000070.exe probably a variant of Win32/Genetik trojan (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir »ZIP »backups/000070.exe »NSIS »Yazzle1552OinAdmin.exe probably a variant of Win32/Genetik trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir »ZIP »backups/000090.exe Win32/TrojanDownloader.Small.IAW trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir »ZIP »backups/iftuyszv.exe a variant of Win32/TrojanDownloader.FakeAlert.CV trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\SDFix\backups\backups.zip.vir »ZIP »backups/rwwnw64d.exe Win32/Adware.ZenoSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir a variant of Win32/TrojanDownloader.FakeAlert.CV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\g29.exe.vir Win32/Adware.GooochiBiz application (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\g29.exe.vir »NSIS »ýª€ Win32/Adware.GooochiBiz application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir Win32/Adware.Sidebar application (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir »NSIS »mysidesearch_sidebar.dll Win32/Adware.Sidebar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
smercer2
Active Member
 
Posts: 12
Joined: June 23rd, 2008, 9:18 pm
Top

Re: Help - spyware/virus?

Unread postby dan12 » June 28th, 2008, 5:51 pm

Items picked up by the scan will be dealt with, once I clean the tools up I used.
Can I see another HJT log as it's been couple of days.
Thanks dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Help - spyware/virus?

Unread postby smercer2 » June 30th, 2008, 6:08 am

Sorry for the delay. Here's my latest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:14 AM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\smercer2\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\smercer2\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Setup.exe" "/SCANUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9249319140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL ... 586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O21 - SSODL: novarozy - {6a21d3b2-e1df-43b8-95ea-b6cae2843288} - C:\Documents and Settings\All Users\Application Data\novarozy.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7718 bytes
smercer2
Active Member
 
Posts: 12
Joined: June 23rd, 2008, 9:18 pm
Top

Re: Help - spyware/virus?

Unread postby dan12 » June 30th, 2008, 9:41 am

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O21 - SSODL: novarozy - {6a21d3b2-e1df-43b8-95ea-b6cae2843288} - C:\Documents and Settings\All Users\Application Data\novarozy.dll (file missing)
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit


UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.



And just to make sure it doesn't run:

Close all windows and try typing this command directly in and see if ComboFix runs.

Remember to use the " marks and there is a space between exe" and /killall

Start > Run > type "%userprofile%\desktop\combofix.exe" /killall

If ComboFix runs, please post the log.




Double click on OTMoveIt2.

Click on CleanUp!.

You will receive a prompt that it has finished downloaded a list. Click OK.

After this, it will prompt you to restart your computer. Please restart your computer.


let me know when carried out post a further HJT log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Help - spyware/virus?

Unread postby Elrond » July 6th, 2008, 2:00 am

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 432 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index