jjlynn

Members

View Profile See their activity

Posts
10
Joined
August 9, 2013
Last visited
August 28, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by jjlynn

Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Security Center" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\ 6d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="LocalSystem" "Description"="Monitors system security settings and configurations." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\ 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001
- August 27, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Will not start. Message The Security Center services on the Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and alerts services.
- August 26, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Farbar Service Scanner Version: 18-08-2013 Ran by jpoulos (administrator) on 26-08-2013 at 08:51:32 Running from "C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Temporary Internet Files\Content.IE5\LWYDYAPF" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoUpdate"=DWORD:1 File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= DNE(10) Gpc(7) IPSec(5) NetBT(6) PSched(8) Tcpip(4) 0x0B00000005000000010000000200000003000000040000000B0000000600000007000000080000000A00000009000000 IpSec Tag value is correct. **** End of log ****
- August 26, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

c Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.23.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 jpoulos :: VFLWS-5L [administrator] 8/23/2013 8:19:45 AM MBAM-log-2013-08-23 (09-04-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 416271 Time elapsed: 30 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- August 23, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Still Getting this HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter)
- August 16, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Here is the combo fix log, I will report back on how the computer runs. Thanks Joe ComboFix 13-08-14.01 - jpoulos 08/14/2013 9:02.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.895 [GMT -4:00] Running from: c:\documents and settings\jpoulos.VOGELWI\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\jpoulos.VOGELWI\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\documents and settings\dnoakes.VOGELWI\Application Data\Sun\Java\Deployment\cache\6.0\24\2d333ed8-67371320" "c:\documents and settings\jpoulos.VOGELWI\My Documents\Downloads\MICROSOFT_OFFICE_2010_PROFESSIONAL__PLUS_X86_X64_SP1_[thethingy]_secure.exe" "c:\windows\LTSvc\scripts\ProduKey.exe" . . ((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 ))))))))))))))))))))))))))))))) . . 2013-08-13 16:02 . 2013-08-13 16:02 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\offreg.dll 2013-08-13 16:02 . 2013-08-13 16:02 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\MpKsl973b60e5.sys 2013-08-13 14:40 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\mpengine.dll 2013-08-13 14:22 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-13 12:19 . 2013-08-13 12:19 -------- d-----w- c:\program files\ESET 2013-08-13 11:54 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-06 13:12 . 2013-08-06 13:12 -------- d-----w- c:\windows\ERUNT 2013-07-31 15:10 . 2013-07-31 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG 2013-07-31 15:08 . 2013-07-31 15:08 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG 2013-07-31 15:07 . 2013-07-31 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG 2013-07-31 15:07 . 2013-07-31 15:07 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\AVG SafeGuard toolbar 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\TuneUp Software 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG SafeGuard toolbar 2013-07-30 19:35 . 2013-08-13 11:50 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-07-30 19:35 . 2013-07-30 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-07-30 19:31 . 2013-07-30 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2013-07-30 19:31 . 2013-08-01 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2013-07-30 19:31 . 2013-07-30 19:31 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\MFAData 2013-07-30 19:26 . 2013-07-30 19:29 -------- d-----w- c:\windows\system32\MRT 2013-07-30 18:05 . 2013-07-30 18:05 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-07-24 18:02 . 2013-07-24 18:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-07-24 15:02 . 2013-08-13 11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-23 02:14 . 2013-08-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-19 12:52 . 2013-07-19 12:52 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\Malwarebytes 2013-07-19 12:51 . 2013-07-19 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-19 01:50 . 2013-01-20 20:59 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-12 14:26 . 2013-02-17 22:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 14:26 . 2011-10-07 10:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-04 08:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-04 08:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-02-20 23:40 . 2013-02-20 23:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Akamai NetSession Interface"="c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 131072] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 159744] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-10-07 2629632] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-8-29 1283944] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico -user_logon [2009-5-18 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mstsc.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\MODI\\11.0\\MSPSCAN.EXE"= "c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\SMPCSetup.exe"= "c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\smwinvnc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"= "c:\\Documents and Settings\\jpoulos.VOGELWI\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\LTsvc\\LTSVC.exe"= "c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"= "c:\\WINDOWS\\LTsvc\\LTTray.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "54925:UDP"= 54925:UDP:BrotherNetwork Scanner . R1 MpKsl973b60e5;MpKsl973b60e5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\MpKsl973b60e5.sys [8/13/2013 12:02 PM 29904] R2 LTService;xPulse Monitoring Service;c:\windows\LTSvc\LTSVC.exe [4/30/2012 11:16 AM 13171712] R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [4/30/2012 11:17 AM 97792] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672] R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/30/2013 3:35 PM 1616048] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/5/2013 10:22 AM 245760] R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 1:05 PM 87808] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 7:19 AM 36352] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664] S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [9/20/2007 6:28 AM 58352] S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [9/20/2007 6:28 AM 8304] S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [9/20/2007 6:28 AM 93904] S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [9/20/2007 6:28 AM 73696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/30/2013 2:05 PM 35144] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174336] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [3/26/2007 6:11 PM 19640] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL973B60E5 . Contents of the 'Scheduled Tasks' folder . 2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 14:26] . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59] . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59] . 2013-08-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 22:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;<local> IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: directnetworksinc.com\homebase TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\jpoulos.VOGELWI\Application Data\Mozilla\Firefox\Profiles\bk61gruq.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-14 09:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????R??4?0?3?3??????? ??4B??????????????hB? ????R? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1288) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(868) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\webcheck.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-08-14 09:14:55 ComboFix-quarantined-files.txt 2013-08-14 13:14 ComboFix2.txt 2013-08-12 16:59 . Pre-Run: 13,507,739,648 bytes free Post-Run: 13,636,984,832 bytes free . - - End Of File - - 85D28BC05D0B44C939A0F995A10B8DD3 EDC00A9C9E79634953F952C6D701052F
- August 14, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

c ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.4 (08.12.2013:1) OS: Microsoft Windows XP x86 Ran by jpoulos on Tue 08/13/2013 at 7:16:39.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/13/2013 at 7:22:11.64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/13/2013 at 07:48:36 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : jpoulos - VFLWS-5L # Boot Mode : Normal # Running from : C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Temporary Internet Files\Content.IE5\DG14WDU6\adwcleaner[1].exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search ***** [Registry] ***** Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) ************************* AdwCleaner[R4].txt - [1000 octets] - [13/08/2013 07:47:43] AdwCleaner[R5].txt - [1060 octets] - [13/08/2013 07:48:11] AdwCleaner[s3].txt - [1002 octets] - [13/08/2013 07:48:36] ########## EOF - C:\AdwCleaner[s3].txt - [1062 octets] ########## C:\Documents and Settings\dnoakes.VOGELWI\Application Data\Sun\Java\Deployment\cache\6.0\24\2d333ed8-67371320 a variant of Java/Exploit.CVE-2011-3521.A trojan C:\Documents and Settings\jpoulos.VOGELWI\My Documents\Downloads\MICROSOFT_OFFICE_2010_PROFESSIONAL__PLUS_X86_X64_SP1_[thethingy]_secure.exe Win32/TopMedia.B application C:\WINDOWS\LTSvc\scripts\ProduKey.exe a variant of Win32/PSWTool.ProductKey application Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 jpoulos :: VFLWS-5L [administrator] 8/13/2013 7:56:01 AM mbam-log-2013-08-13 (07-56-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 413488 Time elapsed: 22 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- August 13, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

ComboFix 13-08-12.01 - jpoulos 08/12/2013 12:46:17.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.844 [GMT -4:00] Running from: c:\documents and settings\jpoulos.VOGELWI\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2013-07-12 to 2013-08-12 ))))))))))))))))))))))))))))))) . . 2013-08-12 15:55 . 2013-08-12 15:55 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\MpKslde21bba8.sys 2013-08-12 15:51 . 2013-08-12 15:51 146648 ----a-w- c:\windows\system32\drivers\48230029.sys 2013-08-12 12:23 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\mpengine.dll 2013-08-09 14:20 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-06 13:12 . 2013-08-06 13:12 -------- d-----w- c:\windows\ERUNT 2013-07-31 15:10 . 2013-07-31 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG 2013-07-31 15:08 . 2013-07-31 15:08 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG 2013-07-31 15:07 . 2013-07-31 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG 2013-07-31 15:07 . 2013-07-31 15:07 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\AVG SafeGuard toolbar 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\TuneUp Software 2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG SafeGuard toolbar 2013-07-30 19:35 . 2013-08-01 12:21 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-07-30 19:35 . 2013-07-30 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-07-30 19:31 . 2013-07-30 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2013-07-30 19:31 . 2013-08-01 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2013-07-30 19:31 . 2013-07-30 19:31 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\MFAData 2013-07-30 19:26 . 2013-07-30 19:29 -------- d-----w- c:\windows\system32\MRT 2013-07-30 18:05 . 2013-07-30 18:05 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-07-24 18:02 . 2013-07-24 18:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-07-24 15:02 . 2013-07-24 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-23 02:14 . 2013-08-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-19 12:52 . 2013-07-19 12:52 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\Malwarebytes 2013-07-19 12:51 . 2013-07-19 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-19 01:50 . 2013-01-20 20:59 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-12 14:26 . 2013-02-17 22:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 14:26 . 2011-10-07 10:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-08 03:55 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-04 08:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-04 08:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-02-20 23:40 . 2013-02-20 23:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Akamai NetSession Interface"="c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 131072] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 159744] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-10-07 2629632] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "A0"="c:\documents and settings\jpoulos.VOGELWI\Desktop\mbar\mbar.exe" [2013-08-07 770872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-8-29 1283944] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico -user_logon [2009-5-18 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mstsc.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\MODI\\11.0\\MSPSCAN.EXE"= "c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\SMPCSetup.exe"= "c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\smwinvnc.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"= "c:\\Documents and Settings\\jpoulos.VOGELWI\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\LTsvc\\LTSVC.exe"= "c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"= "c:\\WINDOWS\\LTsvc\\LTTray.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent "54925:UDP"= 54925:UDP:BrotherNetwork Scanner "1381:TCP"= 1381:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\48230029.sys [8/12/2013 11:51 AM 146648] R1 MpKslde21bba8;MpKslde21bba8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\MpKslde21bba8.sys [8/12/2013 11:55 AM 29904] R2 LTService;xPulse Monitoring Service;c:\windows\LTSvc\LTSVC.exe [4/30/2012 11:16 AM 13171712] R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [4/30/2012 11:17 AM 97792] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672] R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/30/2013 3:35 PM 1616048] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/5/2013 10:22 AM 245760] R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 1:05 PM 87808] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 7:19 AM 36352] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664] S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [9/20/2007 6:28 AM 58352] S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [9/20/2007 6:28 AM 8304] S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [9/20/2007 6:28 AM 93904] S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [9/20/2007 6:28 AM 73696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/30/2013 2:05 PM 35144] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174336] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [3/26/2007 6:11 PM 19640] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MPKSLDE21BBA8 . Contents of the 'Scheduled Tasks' folder . 2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 14:26] . 2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59] . 2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59] . 2013-08-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 22:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;<local> IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: directnetworksinc.com\homebase TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\jpoulos.VOGELWI\Application Data\Mozilla\Firefox\Profiles\bk61gruq.default\ . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - . Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) HKLM-Run-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-12 12:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????R??????d????????? ??4B??????????????hB? ????R? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1172) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Completion time: 2013-08-12 12:59:08 ComboFix-quarantined-files.txt 2013-08-12 16:59 . Pre-Run: 13,657,980,928 bytes free Post-Run: 13,913,223,168 bytes free . - - End Of File - - 35F87A0427E3D6C78D9100C06F41B6AA EDC00A9C9E79634953F952C6D701052F
- August 12, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn replied to jjlynn's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.12.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 jpoulos :: VFLWS-5L [administrator] 8/12/2013 8:38:36 AM mbar-log-2013-08-12 (08-38-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 405717 Time elapsed: 44 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
- August 12, 2013
- 21 replies
Pum. Disabled.SecurityCenter

jjlynn posted a topic in Resolved Malware Removal Logs

Ran Malaware and did not remove it. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2 Run by jpoulos at 9:29:26 on 2013-08-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.884 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\LTSvc\LTSVC.exe C:\WINDOWS\LTsvc\LTSvcMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\Program Files\ControlCenter4\BrCtrlCntr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Browny02\BrYNSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ControlCenter4\BrCcUxSys.exe C:\WINDOWS\LTSvc\LTTray.exe C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler uRun: [Akamai NetSession Interface] "c:\documents and settings\jpoulos.vogelwi\local settings\application data\akamai\netsession_win.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: SoftwareSASGeneration = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 192.168.1.1 TCP: Interfaces\{501D9C84-BD77-4BAB-AC75-7ADFCE60EEB4} : DHCPNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jpoulos.vogelwi\application data\mozilla\firefox\profiles\bk61gruq.default\ FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\npMSDM.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 211560] R2 LTService;xPulse Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2012-4-30 13171712] R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2012-4-30 97792] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.4.0\ToolbarUpdater.exe [2013-7-30 1616048] R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-2-5 245760] R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 87808] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-9-20 58352] S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-9-20 8304] S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-9-20 93904] S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2007-9-20 73696] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-30 35144] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174336] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-3-26 19640] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . 2013-08-09 13:27:45 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb007ac0-7508-4809-9c0b-24c86ba432eb}\mpengine.dll 2013-08-08 12:21:18 7143960 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-08-06 13:12:44 -------- d-----w- c:\windows\ERUNT 2013-07-31 15:08:32 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\AVG 2013-07-31 15:07:31 -------- d-----w- c:\documents and settings\all users\application data\AVG 2013-07-31 15:07:23 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-07-30 19:35:52 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\local settings\application data\AVG SafeGuard toolbar 2013-07-30 19:35:43 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\TuneUp Software 2013-07-30 19:35:38 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\AVG SafeGuard toolbar 2013-07-30 19:35:33 -------- d-----w- c:\program files\common files\AVG Secure Search 2013-07-30 19:35:33 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar 2013-07-30 19:31:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2013-07-30 19:31:11 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\local settings\application data\MFAData 2013-07-30 19:31:11 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2013-07-30 19:26:11 -------- d-----w- c:\windows\system32\MRT 2013-07-30 18:05:45 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-07-24 18:02:03 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-07-24 15:02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-23 02:14:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable) 2013-07-23 00:38:43 -------- d-sha-r- C:\cmdcons 2013-07-19 12:52:09 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\Malwarebytes 2013-07-19 12:51:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2013-06-19 01:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-12 14:26:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 14:26:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-08 03:55:44 385024 ------w- c:\windows\system32\html.iec 2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 9:30:47.93 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/28/2007 6:31:27 PM System Uptime: 8/9/2013 9:13:22 AM (0 hours ago) . Motherboard: Hewlett-Packard | | 30AA Processor: Intel® Core2 CPU T5500 @ 1.66GHz | U10 | 1662/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 12.889 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP1419: 7/1/2013 8:43:12 AM - Software Distribution Service 3.0 RP1420: 7/2/2013 8:45:11 AM - System Checkpoint RP1421: 7/3/2013 7:46:22 AM - Software Distribution Service 3.0 RP1422: 7/8/2013 7:49:56 AM - Software Distribution Service 3.0 RP1423: 7/9/2013 8:55:07 AM - System Checkpoint RP1424: 7/10/2013 9:32:51 AM - Software Distribution Service 3.0 RP1425: 7/11/2013 10:40:41 AM - System Checkpoint RP1426: 7/12/2013 11:24:45 AM - Software Distribution Service 3.0 RP1427: 7/15/2013 7:46:28 AM - Software Distribution Service 3.0 RP1428: 7/16/2013 7:59:44 AM - Software Distribution Service 3.0 RP1429: 7/17/2013 10:32:56 AM - System Checkpoint RP1430: 7/17/2013 1:42:43 PM - Software Distribution Service 3.0 RP1431: 7/19/2013 8:05:41 AM - Software Distribution Service 3.0 RP1432: 7/22/2013 7:41:31 AM - Software Distribution Service 3.0 RP1433: 7/22/2013 10:06:39 PM - Malwarebytes Anti-Rootkit Restore Point RP1434: 7/23/2013 7:53:12 AM - Software Distribution Service 3.0 RP1435: 7/24/2013 11:00:32 AM - Malwarebytes Anti-Rootkit Restore Point RP1436: 7/24/2013 11:16:59 AM - Software Distribution Service 3.0 RP1437: 7/24/2013 12:05:51 PM - Software Distribution Service 3.0 RP1438: 7/24/2013 1:57:45 PM - Malwarebytes Anti-Rootkit Restore Point RP1439: 7/26/2013 8:32:47 AM - Software Distribution Service 3.0 RP1440: 7/29/2013 7:00:34 AM - Software Distribution Service 3.0 RP1441: 7/30/2013 9:35:25 AM - System Checkpoint RP1442: 7/30/2013 2:47:57 PM - Malwarebytes Anti-Rootkit Restore Point RP1443: 7/30/2013 3:21:36 PM - Software Distribution Service 3.0 RP1444: 7/30/2013 3:25:51 PM - Software Distribution Service 3.0 RP1445: 7/30/2013 3:33:18 PM - Installed AVG 2013 RP1446: 7/30/2013 3:33:57 PM - Installed AVG 2013 RP1447: 7/31/2013 11:07:47 AM - Installed AVG PC TuneUp RP1448: 8/1/2013 7:56:29 AM - Removed AVG 2013 RP1449: 8/1/2013 7:58:40 AM - Removed AVG 2013 RP1450: 8/1/2013 7:59:16 AM - Removed AVG PC TuneUp RP1451: 8/1/2013 7:59:48 AM - Removed AVG PC TuneUp Language Pack (en-US) RP1452: 8/1/2013 9:37:50 AM - Malwarebytes Anti-Rootkit Restore Point RP1453: 8/1/2013 10:22:06 AM - Software Distribution Service 3.0 RP1454: 8/5/2013 8:17:27 AM - Software Distribution Service 3.0 RP1455: 8/6/2013 7:50:04 AM - Malwarebytes Anti-Rootkit Restore Point RP1456: 8/6/2013 12:22:09 PM - Software Distribution Service 3.0 RP1457: 8/7/2013 1:10:59 PM - System Checkpoint RP1458: 8/8/2013 8:21:08 AM - Software Distribution Service 3.0 RP1459: 8/8/2013 12:55:34 PM - Malwarebytes Anti-Rootkit Restore Point RP1460: 8/9/2013 8:50:24 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Agere Systems HDA Modem Akamai NetSession Interface ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update Application Installer 4.00.B5 Bonjour Broadcom NetXtreme Ethernet Controller Brother MFL-Pro Suite MFC-J6710DW Cisco Systems VPN Client 5.0.03.0560 Compatibility Pack for the 2007 Office system DWG TrueView 2013 Fingerprint Sensor Minimum Install getPlus® for Adobe getPlus®_ocx Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB969084) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) HP Help and Support HP Support Phone Numbers HP User Guides 0015 HpSdpAppCoreApp ImageMixer VCD/DVD2 for OLYMPUS InstallVC90Support Intel® Graphics Media Accelerator Driver InterVideo WinDVD 8 iTunes J2SE Runtime Environment 5.0 Update 6 Java 7 Update 15 Java Auto Updater Java 6 Update 24 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 LiveUpdate 3.1 (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Download Manager Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Nuance PaperPort 12 Nuance PDF Viewer Plus OpenOffice.org Installer 1.0 PaperPort Image Printer QuickTime Scansoft PDF Professional Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2483614) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813347) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Southern Safety and Supply v7.1.4 SureTrak 3.0 Synaptics Pointing Device Driver Type2045 TWAIN Driver Ver.3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Hotfix [see KB832353 for more information] Windows XP Service Pack 3 WinZip . ==== End Of File ===========================
- August 9, 2013
- 21 replies

Sign In

jjlynn

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by jjlynn

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Pum. Disabled.SecurityCenter

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information