Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] TrojanDownloader:Win32/Renos.BAH - Removal Help Neede

Started by MikeBoa , Apr 23 2009 06:30 PM

  • This topic is locked This topic is locked
22 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 03 May 2009 - 07:40 PM

MikeBoa,

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

c:\windows\system32\svchost.exe <===this file

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for the following files also:
c:\windows\system32\userinit.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\drivers\tcpip.sys

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#17 MikeBoa

MikeBoa

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 03 May 2009 - 09:45 PM

Tom, I'm not having anymore freezes, or perpetual hangs on Windows shut downs. File: svchost.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18 Packers detected: - File: userinit.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: a93aee1928a9d7ce3e16d24ec7380f89 Packers detected: - File: spoolsv.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: d8e14a61acc1d4a6cd0d38aebac7fa3b Packers detected: - File: explorer.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 12896823fb95bfb3dc9b46bcaedc9923 Packers detected: - File: tcpip.sys Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 9aefa14bd6b182d61e3119fa5f436d3d Packers detected: -

#18 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 03 May 2009 - 10:40 PM

MikeBoa,

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\.dot\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.xlb\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.xlc\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

I need you to run the following scan: Eset Online Scanner

  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#19 MikeBoa

MikeBoa

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 04 May 2009 - 01:08 AM

Tom, Here're those logs. I figured out how to disable CA Anti-Virus (not just snooze), so much better w/ ComboFix & the Recovery Console was installed.

Mike


ComboFix 09-05-03.1 - Hagens 05/04/2009 0:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1439 [GMT -5:00]
Running from: c:\documents and settings\Hagens\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hagens\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-04 04:58 . 2009-05-04 04:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-04 04:52 . 2009-05-04 04:53 -------- d-----w c:\program files\QuickTime
2009-05-04 04:44 . 2009-05-04 04:44 -------- d-----w c:\program files\Bonjour
2009-05-01 05:48 . 2009-05-01 05:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-01 01:07 . 2009-05-01 01:07 -------- d-----w c:\documents and settings\Hagens\Application Data\Malwarebytes
2009-05-01 01:06 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 01:06 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 01:06 . 2009-05-01 01:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 01:06 . 2009-05-01 01:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 19:27 . 2009-04-30 19:27 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-30 19:25 . 2009-04-30 19:25 -------- d-----w c:\program files\Windows Desktop Search
2009-04-30 19:24 . 2008-03-07 17:02 29696 -c----w c:\windows\system32\dllcache\mimefilt.dll
2009-04-30 19:24 . 2008-03-07 17:02 98304 -c----w c:\windows\system32\dllcache\nlhtml.dll
2009-04-30 19:24 . 2008-03-07 17:02 192000 -c----w c:\windows\system32\dllcache\offfilt.dll
2009-04-30 17:52 . 2009-04-30 17:52 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-30 17:47 . 2009-04-30 17:47 -------- d-sh--w c:\documents and settings\Hagens\IECompatCache
2009-04-30 17:36 . 2009-04-30 17:36 -------- d-sh--w c:\documents and settings\Hagens\IETldCache
2009-04-30 17:05 . 2009-04-30 17:05 -------- d-----w c:\windows\ie8updates
2009-04-30 17:05 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-30 17:02 . 2009-04-30 17:04 -------- dc-h--w c:\windows\ie8
2009-04-30 16:22 . 2009-04-30 16:22 -------- d-----w C:\c47082bdf5e2f584aa28addf7d
2009-04-29 23:59 . 2009-04-30 00:00 -------- d-----w c:\program files\TaxCut08
2009-04-29 05:38 . 2009-04-29 05:38 -------- d-----w c:\documents and settings\Hagens\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-29 03:24 . 2009-04-29 03:24 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-29 03:17 . 2009-04-29 03:17 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-29 03:17 . 2009-04-29 03:17 -------- d-----w c:\program files\NOS
2009-04-29 01:02 . 2009-04-30 18:16 -------- d-----w c:\documents and settings\Hagens\Application Data\Acronis
2009-04-29 00:36 . 2009-04-29 00:36 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys
2009-04-29 00:34 . 2009-04-29 00:34 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-28 23:30 . 2009-04-28 23:30 -------- d-----w c:\program files\Trend Micro
2009-04-28 22:57 . 2009-04-28 22:57 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-28 22:57 . 2009-04-28 22:57 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-28 22:56 . 2007-08-20 18:38 21512 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-28 22:56 . 2007-08-20 18:38 32264 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-28 22:56 . 2007-08-20 18:38 21128 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-28 22:56 . 2007-08-20 18:38 26376 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-28 22:56 . 2007-08-20 18:37 99592 ----a-w c:\windows\system32\isafeif.dll
2009-04-28 22:56 . 2007-08-20 18:37 75016 ----a-w c:\windows\system32\isafprod.dll
2009-04-28 22:56 . 2007-08-20 18:26 79424 ----a-w c:\windows\system32\vetredir.dll
2009-04-28 22:55 . 2009-04-28 22:55 -------- d-----w c:\program files\Common Files\Scanner
2009-04-28 21:48 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-28 21:48 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-28 21:48 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-28 21:48 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-28 21:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 21:48 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 21:48 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 21:48 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-28 21:48 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-28 21:46 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-28 21:46 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 05:13 . 2006-07-06 09:00 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 05:04 . 2006-10-24 21:00 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-05-04 05:02 . 2006-07-09 23:25 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-04 05:02 . 2006-07-10 21:12 -------- d-----w c:\program files\PANA LINK
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2009-05-04 05:00 . 2009-04-28 23:08 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2009-05-04 05:00 . 2009-04-28 23:08 214782 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2009-05-04 04:59 . 2006-07-10 23:21 -------- d-----w c:\program files\iTunes
2009-05-04 04:58 . 2006-07-08 23:00 -------- d-----w c:\program files\iPod
2009-05-04 04:58 . 2008-09-13 22:37 -------- d-----w c:\program files\Common Files\Apple
2009-05-02 22:11 . 2008-08-12 04:28 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-05-01 21:57 . 2006-07-11 07:06 74176 ----a-w c:\documents and settings\Hagens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 05:47 . 2006-07-24 06:32 -------- d-----w c:\program files\Java
2009-04-30 21:50 . 2006-09-29 04:02 -------- d-----w c:\program files\Kodak
2009-04-30 15:53 . 2008-12-17 00:22 -------- d-----w c:\program files\V CAST Music with Rhapsody
2009-04-30 15:50 . 2007-05-04 22:52 -------- d-----w c:\program files\BitTorrent
2009-04-29 15:22 . 2006-07-06 20:51 -------- d-----w c:\program files\NetExchange Pro3.0
2009-04-29 03:24 . 2006-07-06 11:36 -------- d-----w c:\program files\Common Files\Adobe
2009-04-29 02:29 . 2007-02-27 03:41 2069784 ----a-w c:\windows\system32\AutoPartNt.exe
2009-04-29 00:36 . 2006-07-08 22:04 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-29 00:36 . 2006-07-08 22:04 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-29 00:34 . 2006-07-13 06:23 -------- d-----w c:\program files\Common Files\Acronis
2009-04-29 00:34 . 2006-07-13 06:23 -------- d-----w c:\program files\Acronis
2009-04-28 23:56 . 2009-04-28 22:56 516 ----a-w c:\windows\Tasks\CAAntiSpywareScan_Daily as Hagens at 5 56 PM.job
2009-04-28 22:55 . 2006-07-08 03:41 -------- d-----w c:\program files\CA
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-07-09 23:25 . 2006-07-09 23:25 56 --sha-r c:\windows\system32\0BEB2A6912.sys
.

------- Sigcheck -------

[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-03_23.08.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 05:02 . 2009-05-04 05:02 16384 c:\windows\temp\Perflib_Perfdata_ea4.dat
+ 2009-05-04 05:01 . 2009-05-04 05:01 16384 c:\windows\temp\Perflib_Perfdata_af8.dat
+ 2009-05-04 04:50 . 2009-03-26 20:23 36864 c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-05-04 04:59 . 2009-03-19 21:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
- 2008-08-29 14:53 . 2008-08-29 14:53 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 c:\windows\system32\dns-sd.exe
- 2008-08-29 15:18 . 2008-08-29 15:18 87336 c:\windows\system32\dns-sd.exe
+ 2009-05-04 04:44 . 2009-05-04 04:44 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2008-01-29 17:02 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
- 2008-01-29 17:02 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-05-04 04:59 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-05-04 04:59 . 2009-05-04 04:59 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-05-04 04:50 . 2009-03-26 20:23 1900544 c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-04-28 14088]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-11-29 1544099]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Linksys WMB54G Utility"="c:\program files\Wireless-G Music Bridge\WMB54G.exe" [2006-02-20 1171456]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2005-10-05 32768]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-04-28 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-04-28 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-04-28 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-04-28 1193200]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\Act8.exe" [2006-04-05 1015808]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-09-18 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PANA LINK.lnk - c:\program files\PANA LINK\Panalnks.exe [2006-7-10 1331200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ABIT\\FlashMenu\\FlashMenu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"<NO NAME>"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49157:TCP"= 49157:TCP:TCP49157
"<NO NAME>"=
"49152:UDP"= 49152:UDP:UDP49152
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159

R3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; [x]
R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\progra~1\PLE200\PLCNDIS5.SYS [2007-04-29 17280]
R3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
S0 ABIT-IO;ABIT-IO;c:\windows\system32\Drivers\ABIT-IO.sys [2004-09-10 7680]
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2008-06-25 93712]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-29 134272]
S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-29 971552]
S0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2005-03-31 14848]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-25 63504]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-25 45584]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-25 115216]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-25 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-25 66576]
S2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-25 281104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-10-06 13592]
S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys [2005-09-26 1351360]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2008-09-05 21744]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-25 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-28 c:\windows\Tasks\CAAntiSpywareScan_Daily as Hagens at 5 56 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-05-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netscape.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\VetRedir.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - c:\progra~1\NETEXC~1.0\FlowHook.dll
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
DPF: {CAACCAA2-CFCE-11D2-8683-080009FC2B79} - hxxps://ddri.aegonusa.com/ddrint/work/ddiprintcontrol.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 00:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1808)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(300)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3296)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-04 0:23
ComboFix-quarantined-files.txt 2009-05-04 05:23
ComboFix2.txt 2009-05-03 23:12

Pre-Run: 435,373,592,576 bytes free
Post-Run: 435,476,598,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

362 --- E O F --- 2009-04-30 17:13
________________________________________________

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4050 (20090503)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=4f8e90d94d8a204da73e71f41d42970a
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2009-05-04 07:00:56
# local_time=2009-05-04 02:00:56 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=447322
# found=0
# scan_time=5484

Edited by MikeBoa, 04 May 2009 - 01:17 AM.

#20 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 May 2009 - 09:36 PM

MikeBoa,

Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#21 MikeBoa

MikeBoa

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 04 May 2009 - 10:52 PM

Tom, I understand the above. Thank you much for your great help! Mike

#22 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 May 2009 - 10:59 PM

MikeBoa, You're very welcome. Good Luck and Be Well. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#23 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 04 May 2009 - 11:03 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·