Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have Trojans, can't Remove, HiJack This log [RESOLVED]

Started by mandyp , Aug 02 2005 02:39 PM

  • This topic is locked This topic is locked

#1
mandyp
Posted 02 August 2005 - 02:39 PM

mandyp

    New Member

  • Member
  • Pip
  • 9 posts
I keep getting an AVG alert on Trojans, however when I do a full scan AVG doesn't find anything. I've scanned with Search & Destroy/AdawareSE and used CCleaner, nothing found. I did an online Kapersky scan, here's the log:

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, August 02, 2005 20:17:23
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/08/2005
Kaspersky Anti-Virus database records: 133452
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 51032
Number of viruses found: 4
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 2438 sec

Infected Object Name - Virus Name
C:\WINDOWS\explorer.scf:aioup:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\explorer.scf:hlzxh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ieov32.exe:kbrnl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\LGICC.DLL:hpjsw:$DATA Infected: Backdoor.Win32.Small.dc
C:\WINDOWS\msdfmap.ini:pczgza:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\notepad.exe:ejnqn:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\ODBCINST.INI:pkraj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z
C:\WINDOWS\uninNMP.exe:dpmpb:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\uninNMP.exe:zfskc:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\vbaddin.ini:gjpay:$DATA Infected: Trojan-Downloader.Win32.Agent.bq

Scan process completed.

Here's my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 21:37:57, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8CE634-736D-4EFA-A44E-42EF3C0F5833}: NameServer = 80.225.249.178 80.225.255.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C8CE634-736D-4EFA-A44E-42EF3C0F5833}: NameServer = 80.225.249.178 80.225.255.58
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I've ran AVG/Adaware and Search and Destroy off, but still nothing. Can anyone help with getting rid of the Trojans. Any help gratefully received. Oh, have also ran CWS Shredder.

Thanks in advance!

Mandy
  • 0

Advertisements

#2
mandyp
Posted 02 August 2005 - 04:45 PM

mandyp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry don't intend to 'bump' this, but thought I'd better update on what I've now done. I've ran all of the following:

Panda online scan
TrojanScan
AboutBuster
Mwav.exe

When I ran Mwav.exe these entries are a bit of a worry, but I've no idea how to fix it:

Tue Aug 02 23:23:14 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Tue Aug 02 23:23:22 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Aug 02 23:24:39 2005 => File C:\WINDOWS\system32\.pif infected by "Trojan-Downloader.BAT.Ftp.z" Virus! Action Taken: No Action Taken.

I'm trying to sort this out but am now totally stumped. Any help gratefully received and sorry for what appears to be 'bumping'....just wanted to keep my post up to date before I went to bed!

Forgot to say, I can't stay online for too long at a time, it seems to be hanging a lot.

Edited by mandyp, 02 August 2005 - 04:46 PM.

  • 0

#3
mandyp
Posted 03 August 2005 - 01:57 PM

mandyp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Just to update I've ran Ewido, here's the log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:33:05, 03/08/2005
+ Report-Checksum: F4DD847C

+ Scan result:

C:\WINDOWS\ieov32.exe:kbrnl -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\LGICC.DLL:hpjsw -> Backdoor.Small.dc : Cleaned without backup
C:\WINDOWS\msdfmap.ini:pczgza -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\notepad.exe:ejnqn -> TrojanDownloader.Agent.jb : Cleaned without backup
C:\WINDOWS\ODBCINST.INI:pkraj -> TrojanDownloader.Agent.bq : Cleaned without backup
C:\WINDOWS\system32\TFTP3020 -> Heuristic.Win32.Morphine-Crypted : Cleaned without backup
C:\WINDOWS\uninNMP.exe:dpmpb -> TrojanDownloader.Agent.jb : Cleaned without backup
C:\WINDOWS\uninNMP.exe:zfskc -> TrojanDownloader.Agent.jb : Cleaned without backup
C:\WINDOWS\vbaddin.ini:gjpay -> TrojanDownloader.Agent.bq : Cleaned without backup


::Report End

Also ran Housecall and got rid of some other stuff, here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 20:46:07, on 03/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I've tried and tried to 'fix' this one:
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
It just won't go, not sure it's too much of a problem since I use Firefox (unless a site really won't display). I'll continue to google for this one, but in the meantime if someone can check the rest of my log to make sure it's clean I'd be very grateful.
  • 0

#4
mandyp
Posted 03 August 2005 - 02:09 PM

mandyp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay, I now, finally think it's clean...against my better judgement, I thought I'd have a look in the registry and see if I could find .frame.crazywinnings.com and there it was, so I deleted it, rebooted and here's my new HJT log...which is hopefully clean:

Logfile of HijackThis v1.99.1
Scan saved at 21:04:20, on 03/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#5
Metallica
Posted 10 August 2005 - 06:20 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
You will have to re-install SpywareGuard. The BHO it uses got removed but is still stuck in the registry.

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

The rest of the log looks good.

Regards,
  • 0

#6
mandyp
Posted 11 August 2005 - 03:49 AM

mandyp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Great, Thanks for checking....I'll reinstall Spyguard!
  • 0

#7
Metallica
Posted 11 August 2005 - 04:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP