Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Nasty, nasty "XP Security Center" infestation

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Nasty, nasty "XP Security Center" infestation

Unread postby Crunchyhippo » May 26th, 2008, 12:40 am

I have surely somehow gotten some spyware today. I seemed to have spontaneously downloaded - without even knowing it - "XP Security Center," which gave me a nice icon on my Taskbar (how nice of them). It also automatically rebooted my computer, enabling this monster onto my computer. Having McAfee, Windows Defender, and Pest Patrol made no difference whatsover.

So here's my HijackThis logfile. I hope someone can help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:58 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\SYSTEM32\WINMINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Media-Codec\pmsngr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {0441781A-3075-4C8F-9FDB-A6BCAE8769A1} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Share ... mCtl32.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclien ... AXXPEE.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/ ... vt/mvt.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterphoto.com/_shared/uplo ... oader3.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 9001 bytes
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida
Advertisement
Register to Remove

Re: Nasty, nasty "XP Security Center" infestation

Unread postby flashh4 » May 26th, 2008, 10:01 am

Hello and welcome to the forums

My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

If you can do those things, everything should go smoothly

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back shortly with a fix !!
Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Nasty, nasty "XP Security Center" infestation

Unread postby Crunchyhippo » May 26th, 2008, 11:29 am

Ok, great. I'll be looking forward to your reply.
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Nasty, nasty "XP Security Center" infestation

Unread postby flashh4 » May 27th, 2008, 8:38 pm

Howdy Crunchyhippo, I need to see an uninstall list !

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


NEXT

I need you to disable Windows Defender so it does not interfer with the fix !
Disabling Disabling Windows Defender temporarily and re-enabling it.

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

After i give you the all clean you may enable it.

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, check (tick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, check (tick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.


NEXT


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image


Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Please post these in your next reply to this topic:
1. uninstall_list
2. ComboFix log
3. New HJT log

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Nasty, nasty "XP Security Center" infestation

Unread postby Crunchyhippo » May 28th, 2008, 6:26 pm

Here are the logs. Sorry for the delay; my parents had come in from out-of-state. Thank you so much for your assistance.

Uninstall_list

7-Zip 4.57
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player
American Greetings CreataCard Select 6
ArcSoft TotalMedia Backup & Record
Backup To DVD/CD 5.1
Banctec Service Agreement
Broadcom Management Programs
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Cisco Press CCNA ICND Test
CloneDVD2
Comcast Video Mail - Version 3.4 Build 3778
Compatibility Pack for the 2007 Office system
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
DeepBurner v1.8.0.224
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (734)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DXG-518
EarthLink setup files
ExtractNow
FlashPath
Google Earth
Google Updater
GPL MPEG-1/2 DirectShow Decoder Filter
HijackThis 2.0.2
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Intel(R) Integrated Performance Primitives RTI 4.0
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire 4.10.9
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Media Manager 1.5
Microsoft Office Converter Pack
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Modem Event Monitor
Modem Helper
Modem On Hold
ModemTest V1.3
Mozilla Firefox (1.0.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Music Visualizer Library 1.4.00
Musicmatch® Jukebox
Net MD Simple Burner
Netscape Communicator 4.77
NetXfer 2.22.331
NetZeroInstallers
OLYMPUS CAMEDIA Master 2.5
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
Palm Desktop
Photo Click
Publix Preschool Pals
RealPlayer
Rhapsody Player Engine
ScanCraft CS-P
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
SimulationExams
SolarWinds Advanced Subnet Calculator
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SonicStage 1.5.53
Sony Picture Utility
Sony USB Driver
STOIK Video Converter 2
The Print Shop Premier Edition 5.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
Windows Backup Utility
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WM Converter 2.0
WordPerfect Office 12
XviD MPEG-4 Codec
Yahoo! Install Manager

Combofix Log

ComboFix 08-05-28.1 - jeffrey 2008-05-28 17:49:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\jeffrey\Desktop\Combo-Fix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\jeffrey\Local Settings\Temporary Internet Files\jozejen.inf
C:\Documents and Settings\jeffrey\Local Settings\Temporary Internet Files\ovebo._dl
C:\Program Files\inetget2
C:\Program Files\winpop
C:\setup.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\wtsisvcc32.exe
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-26 00:05 . 2008-05-26 00:05 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-26 00:05 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-05-25 23:53 . 2008-05-25 23:53 17,066 --a------ C:\Documents and Settings\jeffrey\Application Data\jale.pif
2008-05-25 23:53 . 2008-05-25 23:53 15,706 --a------ C:\WINDOWS\zuqyvogul.vbs
2008-05-25 23:53 . 2008-05-25 23:53 14,500 --a------ C:\WINDOWS\SYSTEM32\oqihul.ban
2008-05-25 23:53 . 2008-05-25 23:53 12,978 --a------ C:\Documents and Settings\All Users\Application Data\nimeto.reg
2008-05-25 23:53 . 2008-05-25 23:53 12,658 --a------ C:\Documents and Settings\All Users\Application Data\rorocesok.com
2008-05-25 23:53 . 2008-05-25 23:53 12,363 --a------ C:\Documents and Settings\jeffrey\Application Data\urime.pif
2008-05-25 23:53 . 2008-05-25 23:53 10,251 --a------ C:\WINDOWS\SYSTEM32\yjulo.exe
2008-05-25 23:53 . 2008-05-25 23:53 10,161 --a------ C:\Documents and Settings\jeffrey\Application Data\ulyqyt.sys
2008-05-25 23:52 . 2008-05-25 23:57 <DIR> d-------- C:\Program Files\XPSecurityCenter
2008-05-25 23:47 . 2008-05-25 23:47 53,760 --a------ C:\Documents and Settings\jeffrey\wn852.exe
2008-05-16 22:34 . 2008-05-21 16:55 <DIR> d-------- C:\Program Files\WM Converter
2008-05-16 22:13 . 2008-05-16 22:13 94 --a------ C:\WINDOWS\MusicRip.ini
2008-05-11 23:03 . 2008-05-13 12:50 <DIR> d-------- C:\Documents and Settings\jeffrey\Application Data\DivX
2008-05-11 23:01 . 2008-03-21 16:30 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2008-05-10 21:32 . 2008-05-10 21:32 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 21:32 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys
2008-04-30 19:44 . 2008-04-30 19:44 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-26 04:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 03:53 15,999 ----a-w C:\Program Files\Common Files\casutapeti.inf
2008-05-18 00:52 142,288 ----a-w C:\Documents and Settings\jeffrey\Application Data\GDIPFONTCACHEV1.DAT
2008-05-17 02:13 --------- d-----w C:\Documents and Settings\jeffrey\Application Data\ArcSoft
2008-05-12 03:45 --------- d-----w C:\Program Files\Photography
2008-05-12 03:02 --------- d-----w C:\Program Files\DivX
2008-05-11 02:48 --------- d-----w C:\Program Files\Tennis
2008-05-11 02:45 --------- d-----w C:\Program Files\President Bush
2008-05-11 02:43 --------- d-----w C:\Program Files\New Pics
2008-05-11 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 01:32 --------- d-----w C:\Program Files\ArcSoft
2008-04-22 14:17 --------- d-----w C:\Program Files\McAfee
2008-04-15 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-15 18:44 --------- d-----w C:\Program Files\Microsoft Picture It!
2008-04-15 18:40 --------- d-----w C:\Program Files\Canon
2008-04-13 01:12 --------- d-----w C:\Program Files\Best of Entertainment
2008-04-11 01:36 --------- d-----w C:\Documents and Settings\jeffrey\Application Data\U3
2008-04-08 18:13 --------- d-----w C:\Program Files\Google
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-03-24 15:14 97,966 ----a-w C:\WINDOWS\Publix Preschool Pals Uninstaller.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\SYSTEM32\PxCpyI64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\SYSTEM32\PxInsI64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2006-04-30 20:16 156,181 ----a-w C:\Program Files\MpegDecoder012.zip
2005-11-14 00:52 8,668,528 -c--a-w C:\Program Files\Realplayer.exe
2005-11-14 00:03 3,723,776 -c--a-w C:\Program Files\Realplayer7.exe
2005-10-20 14:45 52 -c--a-w C:\Program Files\Backup1.BDF
2005-10-20 14:44 52 -c--a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-10-20 14:44 52 -c--a-w C:\Program Files\Save Data and Documents Only.BDF
2005-10-20 14:31 3,736,160 -c--a-w C:\Program Files\Backup-Wizard.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 14:48 180269]
"XP SecurityCenter"="C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" [2008-05-25 23:41 524608]

C:\Documents and Settings\jeffrey\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
Introducing Media Manager.lnk - C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-15 01:00:00 156160]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-25 22:56:50 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-23 22:26:09 113664]
FlashPath Monitor.lnk - C:\Program Files\SmartDisk\FlashPath\sdstat.exe [2005-02-28 00:10:13 184320]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-08 14:13:23 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-05-10 21:32:28 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"= C:\Program Files\Media-Codec\pmsngr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2004-09-15 03:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 10:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 10:50 131072 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 17:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-22 14:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 FlashNT;FlashNT;C:\WINDOWS\system32\drivers\FlashNT.sys [2001-02-06 18:39]
R2 ScFBPNT;CanoScan FBP Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT.SYS [2000-02-08 10:33]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:10:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 10:12:49 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-05-28 21:41:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 17:56:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 18:08:10
ComboFix-quarantined-files.txt 2008-05-28 22:07:56

Pre-Run: 1,125,101,568 bytes free
Post-Run: 1,265,721,344 bytes free

202 --- E O F --- 2008-01-27 03:22:35

New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {0441781A-3075-4C8F-9FDB-A6BCAE8769A1} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Share ... mCtl32.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclien ... AXXPEE.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/ ... vt/mvt.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterphoto.com/_shared/uplo ... oader3.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8667 bytes
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Nasty, nasty "XP Security Center" infestation

Unread postby flashh4 » May 31st, 2008, 1:07 am

Howdy Crunchyhippo, now lets move on with the cleaning.

First we need to disable:
MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • right-click it -> chose Exit
  • a popup will warn that protection will now be disabled. Click on Yes to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.
You may enable it after you are all clean !!

NEXT

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\WINDOWS\zuqyvogul.vbs
    
    Folder::
    C:\Program Files\XPSecurityCenter
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XP SecurityCenter"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "pmsngr.exe"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    
    DirLook::
    C:\Program Files\Common Files\Download Manager
    C:\Program Files\New Pics
    
    Suspect::
    C:\Documents and Settings\jeffrey\Application Data\jale.pif
    C:\Documents and Settings\jeffrey\Application Data\urime.pif
    C:\WINDOWS\SYSTEM32\yjulo.exe
    C:\WINDOWS\SYSTEM32\oqihul.ban
    C:\Documents and Settings\All Users\Application Data\rorocesok.com
    C:\Documents and Settings\jeffrey\Application Data\ulyqyt.sys
    C:\Documents and Settings\jeffrey\wn852.exe
    C:\Program Files\Realplayer.exe
    C:\Program Files\Realplayer7.exe
    
    FileLook::
    C:\WINDOWS\system32\ebkp.dll
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\All Users\Application Data\nimeto.reg

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please do the same for the following file/s:
C:\Program Files\Common Files\casutapeti.inf


NEXT

View contents of files

Please open a new Notepad file and copy and paste the following in the Code box into Notepad:

@echo off
echo Log file can be found at C:\check.txt if Notepad doesn't open automatically.
echo Contents of nimeto.reg >> C:\check.txt
echo. >> C:\check.txt
type "C:\Documents and Settings\All Users\Application Data\nimeto.reg" >> C:\check.txt
echo. >> C:\check.txt
echo Contents of casutapeti.inf >> C:\check.txt
type "C:\Program Files\Common Files\casutapeti.inf" >> C:\check.txt
notepad C:\check.txt


Click on File > Save As....

In the File Name box, copy and paste in see.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on see.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.


Please post in next reply to this topic:

1. ComboFix log
2. Jotti scan (both files)
3. Notepad file
4. New HJT log

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Nasty, nasty "XP Security Center" infestation

Unread postby Crunchyhippo » May 31st, 2008, 6:36 pm

I was unable to run the Jotti scan, because the site was administratively down, it would seem; I only got an error message. I was also unable to provide that notepad file from the same site. However, I am producing a Combofix log, along with a new HJT log.

As a matter of interest, the XP Security Center infection didn't load upon reboot after the Combofix scan. Hmm.

Combofix log[b]

ComboFix 08-05-28.1 - jeffrey 2008-05-31 17:55:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -4:00]
Running from: C:\Documents and Settings\jeffrey\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\jeffrey\Desktop\CFScript.txt
* Created a new restore point

[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


FILE ::
C:\WINDOWS\zuqyvogul.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XPSecurityCenter
C:\Program Files\XPSecurityCenter\data\daily.cvd
C:\Program Files\XPSecurityCenter\htmlayout.dll
C:\Program Files\XPSecurityCenter\install.exe
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\XPSecurityCenter\pthreadVC2.dll
C:\Program Files\XPSecurityCenter\un.ico
C:\Program Files\XPSecurityCenter\unzip32.dll
C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg
C:\Program Files\XPSecurityCenter\XPSecurityCenter.dll
C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
C:\WINDOWS\zuqyvogul.vbs

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-26 00:05 . 2008-05-26 00:05 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-26 00:05 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-05-25 23:53 . 2008-05-25 23:53 17,066 --a------ C:\Documents and Settings\jeffrey\Application Data\jale.pif
2008-05-25 23:53 . 2008-05-25 23:53 14,500 --a------ C:\WINDOWS\SYSTEM32\oqihul.ban
2008-05-25 23:53 . 2008-05-25 23:53 12,978 --a------ C:\Documents and Settings\All Users\Application Data\nimeto.reg
2008-05-25 23:53 . 2008-05-25 23:53 12,658 --a------ C:\Documents and Settings\All Users\Application Data\rorocesok.com
2008-05-25 23:53 . 2008-05-25 23:53 12,363 --a------ C:\Documents and Settings\jeffrey\Application Data\urime.pif
2008-05-25 23:53 . 2008-05-25 23:53 10,251 --a------ C:\WINDOWS\SYSTEM32\yjulo.exe
2008-05-25 23:53 . 2008-05-25 23:53 10,161 --a------ C:\Documents and Settings\jeffrey\Application Data\ulyqyt.sys
2008-05-25 23:47 . 2008-05-25 23:47 53,760 --a------ C:\Documents and Settings\jeffrey\wn852.exe
2008-05-16 22:34 . 2008-05-21 16:55 <DIR> d-------- C:\Program Files\WM Converter
2008-05-16 22:13 . 2008-05-16 22:13 94 --a------ C:\WINDOWS\MusicRip.ini
2008-05-11 23:03 . 2008-05-13 12:50 <DIR> d-------- C:\Documents and Settings\jeffrey\Application Data\DivX
2008-05-11 23:01 . 2008-03-21 16:30 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2008-05-10 21:32 . 2008-05-10 21:32 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 21:32 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys
2008-04-30 19:44 . 2008-04-30 19:44 <DIR> d-------- C:\Program Files\MSECache
2008-04-12 21:11 . 2008-04-12 21:12 <DIR> d-------- C:\Program Files\Best of Entertainment
2008-04-08 14:13 . 2008-05-30 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 04:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 03:53 15,999 ----a-w C:\Program Files\Common Files\casutapeti.inf
2008-05-18 00:52 142,288 ----a-w C:\Documents and Settings\jeffrey\Application Data\GDIPFONTCACHEV1.DAT
2008-05-17 02:13 --------- d-----w C:\Documents and Settings\jeffrey\Application Data\ArcSoft
2008-05-12 03:45 --------- d-----w C:\Program Files\Photography
2008-05-12 03:02 --------- d-----w C:\Program Files\DivX
2008-05-11 02:48 --------- d-----w C:\Program Files\Tennis
2008-05-11 02:45 --------- d-----w C:\Program Files\President Bush
2008-05-11 02:43 --------- d-----w C:\Program Files\New Pics
2008-05-11 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 01:32 --------- d-----w C:\Program Files\ArcSoft
2008-04-22 14:17 --------- d-----w C:\Program Files\McAfee
2008-04-15 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-15 18:44 --------- d-----w C:\Program Files\Microsoft Picture It!
2008-04-15 18:40 --------- d-----w C:\Program Files\Canon
2008-04-11 01:36 --------- d-----w C:\Documents and Settings\jeffrey\Application Data\U3
2008-04-08 18:13 --------- d-----w C:\Program Files\Google
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-03-24 15:14 97,966 ----a-w C:\WINDOWS\Publix Preschool Pals Uninstaller.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\SYSTEM32\PxCpyI64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\SYSTEM32\PxInsI64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2006-04-30 20:16 156,181 ----a-w C:\Program Files\MpegDecoder012.zip
2005-11-14 00:52 8,668,528 -c--a-w C:\Program Files\Realplayer.exe
2005-11-14 00:03 3,723,776 -c--a-w C:\Program Files\Realplayer7.exe
2005-10-20 14:45 52 -c--a-w C:\Program Files\Backup1.BDF
2005-10-20 14:44 52 -c--a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-10-20 14:44 52 -c--a-w C:\Program Files\Save Data and Documents Only.BDF
2005-10-20 14:31 3,736,160 -c--a-w C:\Program Files\Backup-Wizard.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- C:\WINDOWS\system32\ebkp.dll ----
Company:
File Description: ebkp Module
File Version: 1, 0, 0, 1
Product Name: ebkp Module
Copyright: Copyright 2001
Original file name: ebkp.DLL
MD5: d83a336fcdb2d53a684bcb4982ae41c6

---- Directory of C:\Program Files\Common Files\Download Manager ----

2008-05-26 00:05 520 --a------ C:\Program Files\Common Files\Download Manager\Spyware Doctor\LMDOWNLOADINFO.xml

---- Directory of C:\Program Files\New Pics ----

2008-05-10 22:44 5632 --ahs---- C:\Program Files\New Pics\Thumbs.db
2007-10-24 20:04 32932 --a------ C:\Program Files\New Pics\Huge prints.jpg


((((((((((((((((((((((((((((( snapshot@2008-05-28_18.07.32.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 13:45:27 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-31 00:12:23 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 14:48 180269]
"XP SecurityCenter"="C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" [ ]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 148480]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2003-05-29 23:47 69632]

C:\Documents and Settings\jeffrey\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
Introducing Media Manager.lnk - C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-15 01:00:00 156160]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-25 22:56:50 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-23 22:26:09 113664]
FlashPath Monitor.lnk - C:\Program Files\SmartDisk\FlashPath\sdstat.exe [2005-02-28 00:10:13 184320]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-08 14:13:23 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-05-10 21:32:28 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2004-09-15 03:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-09-14 10:50 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-09-14 10:50 131072 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 17:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-22 14:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 FlashNT;FlashNT;C:\WINDOWS\system32\drivers\FlashNT.sys [2001-02-06 18:39]
R2 ScFBPNT;CanoScan FBP Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT.SYS [2000-02-08 10:33]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:10:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 10:12:49 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-05-31 04:00:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 17:59:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-31 18:04:58
ComboFix-quarantined-files.txt 2008-05-31 22:04:17
ComboFix2.txt 2008-05-28 22:08:12

Pre-Run: 1,210,294,272 bytes free
Post-Run: 1,182,343,168 bytes free

223 --- E O F --- 2008-01-27 03:22:35


New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:33 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {0441781A-3075-4C8F-9FDB-A6BCAE8769A1} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Share ... mCtl32.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclien ... AXXPEE.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/ ... vt/mvt.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterphoto.com/_shared/uplo ... oader3.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8731 bytes
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Nasty, nasty "XP Security Center" infestation

Unread postby flashh4 » June 1st, 2008, 4:53 pm

Howdy Crunchyhippo, Please pay close attention to info on P2P programs !!
P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.10.9
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.

...............................................................


Please open a new Notepad file and copy and paste the following in the Code box into Notepad:

Code: Select all
@echo off
echo Log file can be found at C:\check.txt if Notepad doesn't open automatically.
echo Contents of nimeto.reg >> C:\check.txt
echo. >> C:\check.txt
type "C:\Documents and Settings\All Users\Application Data\nimeto.reg" >> C:\check.txt
echo. >> C:\check.txt
echo Contents of casutapeti.inf >> C:\check.txt
type "C:\Program Files\Common Files\casutapeti.inf" >> C:\check.txt
notepad C:\check.txt



Click on File > Save As....

In the File Name box, copy and paste in see.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on see.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.

.............................................................................

See if you can locate this file >>> Submit_date@time.zip, where date and time are numbers. This should be located on your desktop.
Then upload it here >>>>> http://www.bleepingcomputer.com/submit- ... ?channel=4

Post these in next reply:
1. Notepad file
2. New HJT log

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Nasty, nasty "XP Security Center" infestation

Unread postby NonSuch » June 6th, 2008, 10:28 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 378 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware