Pum. Disabled.SecurityCenter

[jjlynn]

Ran Malaware and did not remove it.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.15.2
Run by jpoulos at 9:29:26 on 2013-08-09
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.884 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\LTSvc\LTSVC.exe
C:\WINDOWS\LTsvc\LTSvcMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\WINDOWS\LTSvc\LTTray.exe
C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Akamai NetSession Interface] "c:\documents and settings\jpoulos.vogelwi\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe













TCP: NameServer = 192.168.1.1
TCP: Interfaces\{501D9C84-BD77-4BAB-AC75-7ADFCE60EEB4} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jpoulos.vogelwi\application data\mozilla\firefox\profiles\bk61gruq.default\

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 211560]
R2 LTService;xPulse Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2012-4-30 13171712]
R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2012-4-30 97792]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.4.0\ToolbarUpdater.exe [2013-7-30 1616048]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-2-5 245760]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-9-20 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-9-20 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-9-20 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2007-9-20 73696]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-30 35144]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174336]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2007-3-26 19640]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-09 13:27:45 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb007ac0-7508-4809-9c0b-24c86ba432eb}\mpengine.dll
2013-08-08 12:21:18 7143960 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-06 13:12:44 -------- d-----w- c:\windows\ERUNT
2013-07-31 15:08:32 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\AVG
2013-07-31 15:07:31 -------- d-----w- c:\documents and settings\all users\application data\AVG
2013-07-31 15:07:23 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-30 19:35:52 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\local settings\application data\AVG SafeGuard toolbar
2013-07-30 19:35:43 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\TuneUp Software
2013-07-30 19:35:38 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\AVG SafeGuard toolbar
2013-07-30 19:35:33 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-07-30 19:35:33 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar
2013-07-30 19:31:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-07-30 19:31:11 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\local settings\application data\MFAData
2013-07-30 19:31:11 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-07-30 19:26:11 -------- d-----w- c:\windows\system32\MRT
2013-07-30 18:05:45 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-24 18:02:03 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-07-24 15:02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-23 02:14:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-07-23 00:38:43 -------- d-sha-r- C:\cmdcons
2013-07-19 12:52:09 -------- d-----w- c:\documents and settings\jpoulos.vogelwi\application data\Malwarebytes
2013-07-19 12:51:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M  ====================
.
2013-06-19 01:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-12 14:26:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 14:26:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 03:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH:  9:30:47.93 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2007 6:31:27 PM
System Uptime: 8/9/2013 9:13:22 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 30AA
Processor: Intel® Core2 CPU         T5500  @ 1.66GHz | U10 | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 12.889 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1419: 7/1/2013 8:43:12 AM - Software Distribution Service 3.0
RP1420: 7/2/2013 8:45:11 AM - System Checkpoint
RP1421: 7/3/2013 7:46:22 AM - Software Distribution Service 3.0
RP1422: 7/8/2013 7:49:56 AM - Software Distribution Service 3.0
RP1423: 7/9/2013 8:55:07 AM - System Checkpoint
RP1424: 7/10/2013 9:32:51 AM - Software Distribution Service 3.0
RP1425: 7/11/2013 10:40:41 AM - System Checkpoint
RP1426: 7/12/2013 11:24:45 AM - Software Distribution Service 3.0
RP1427: 7/15/2013 7:46:28 AM - Software Distribution Service 3.0
RP1428: 7/16/2013 7:59:44 AM - Software Distribution Service 3.0
RP1429: 7/17/2013 10:32:56 AM - System Checkpoint
RP1430: 7/17/2013 1:42:43 PM - Software Distribution Service 3.0
RP1431: 7/19/2013 8:05:41 AM - Software Distribution Service 3.0
RP1432: 7/22/2013 7:41:31 AM - Software Distribution Service 3.0
RP1433: 7/22/2013 10:06:39 PM - Malwarebytes Anti-Rootkit Restore Point
RP1434: 7/23/2013 7:53:12 AM - Software Distribution Service 3.0
RP1435: 7/24/2013 11:00:32 AM - Malwarebytes Anti-Rootkit Restore Point
RP1436: 7/24/2013 11:16:59 AM - Software Distribution Service 3.0
RP1437: 7/24/2013 12:05:51 PM - Software Distribution Service 3.0
RP1438: 7/24/2013 1:57:45 PM - Malwarebytes Anti-Rootkit Restore Point
RP1439: 7/26/2013 8:32:47 AM - Software Distribution Service 3.0
RP1440: 7/29/2013 7:00:34 AM - Software Distribution Service 3.0
RP1441: 7/30/2013 9:35:25 AM - System Checkpoint
RP1442: 7/30/2013 2:47:57 PM - Malwarebytes Anti-Rootkit Restore Point
RP1443: 7/30/2013 3:21:36 PM - Software Distribution Service 3.0
RP1444: 7/30/2013 3:25:51 PM - Software Distribution Service 3.0
RP1445: 7/30/2013 3:33:18 PM - Installed AVG 2013
RP1446: 7/30/2013 3:33:57 PM - Installed AVG 2013
RP1447: 7/31/2013 11:07:47 AM - Installed AVG PC TuneUp
RP1448: 8/1/2013 7:56:29 AM - Removed AVG 2013
RP1449: 8/1/2013 7:58:40 AM - Removed AVG 2013
RP1450: 8/1/2013 7:59:16 AM - Removed AVG PC TuneUp
RP1451: 8/1/2013 7:59:48 AM - Removed AVG PC TuneUp Language Pack (en-US)
RP1452: 8/1/2013 9:37:50 AM - Malwarebytes Anti-Rootkit Restore Point
RP1453: 8/1/2013 10:22:06 AM - Software Distribution Service 3.0
RP1454: 8/5/2013 8:17:27 AM - Software Distribution Service 3.0
RP1455: 8/6/2013 7:50:04 AM - Malwarebytes Anti-Rootkit Restore Point
RP1456: 8/6/2013 12:22:09 PM - Software Distribution Service 3.0
RP1457: 8/7/2013 1:10:59 PM - System Checkpoint
RP1458: 8/8/2013 8:21:08 AM - Software Distribution Service 3.0
RP1459: 8/8/2013 12:55:34 PM - Malwarebytes Anti-Rootkit Restore Point
RP1460: 8/9/2013 8:50:24 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Agere Systems HDA Modem
Akamai NetSession Interface
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B5
Bonjour
Broadcom NetXtreme Ethernet Controller
Brother MFL-Pro Suite MFC-J6710DW
Cisco Systems VPN Client 5.0.03.0560
Compatibility Pack for the 2007 Office system
DWG TrueView 2013
Fingerprint Sensor Minimum Install
getPlus® for Adobe
getPlus®_ocx
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Support Phone Numbers
HP User Guides 0015
HpSdpAppCoreApp
ImageMixer VCD/DVD2 for OLYMPUS
InstallVC90Support
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD 8
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 15
Java Auto Updater
Java 6 Update 24
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Runtime Environment 6 Update 1
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nuance PaperPort 12
Nuance PDF Viewer Plus
OpenOffice.org Installer 1.0
PaperPort Image Printer
QuickTime
Scansoft PDF Professional
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813347)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Southern Safety and Supply v7.1.4
SureTrak 3.0
Synaptics Pointing Device Driver
Type2045 TWAIN Driver Ver.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Hotfix [see KB832353 for more information]
Windows XP Service Pack 3
WinZip
.
==== End Of File ===========================
 

[CatByte]

Hello and welcome to Malwarebytes Forums

Please run the following:

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Direct link to the file: http://downloads.malwarebytes.org/file/mbar

• Be sure to print out and follow the instructions provided on that same page.
• Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
• Doubleclick on the MBAR file you downloaded.
• Approve the UAC prompt in Vista and newer operating systems.
• Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
• By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click 'Next' if you agree.
• On the Update Database screen, click on the 'Update' button.
• Once you see 'Success: Database was successfully updated' click on 'Next'.
• Click the 'Scan' button.
  • With some infections, you may see two messages boxes.
  • 1.'Could not load protection driver'. Click 'OK'.
  • 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

• If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

  Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

  mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

  system-log.txt

[jjlynn]

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.12.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jpoulos :: VFLWS-5L [administrator]

8/12/2013 8:38:36 AM
mbar-log-2013-08-12 (08-38-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 405717
Time elapsed: 44 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[CatByte]

Hello,

 

OK, you can run MBAR again and this time, click the "clean" button

 

 

NEXT

 

 

Download ComboFix from the following location:

Link

 

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

 

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[jjlynn]

ComboFix 13-08-12.01 - jpoulos 08/12/2013  12:46:17.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.844 [GMT -4:00]
Running from: c:\documents and settings\jpoulos.VOGELWI\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-12 to 2013-08-12  )))))))))))))))))))))))))))))))
.
.
2013-08-12 15:55 . 2013-08-12 15:55 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\MpKslde21bba8.sys
2013-08-12 15:51 . 2013-08-12 15:51 146648 ----a-w- c:\windows\system32\drivers\48230029.sys
2013-08-12 12:23 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\mpengine.dll
2013-08-09 14:20 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-06 13:12 . 2013-08-06 13:12 -------- d-----w- c:\windows\ERUNT
2013-07-31 15:10 . 2013-07-31 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2013-07-31 15:08 . 2013-07-31 15:08 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG
2013-07-31 15:07 . 2013-07-31 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-07-31 15:07 . 2013-07-31 15:07 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\AVG SafeGuard toolbar
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\TuneUp Software
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG SafeGuard toolbar
2013-07-30 19:35 . 2013-08-01 12:21 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-07-30 19:35 . 2013-07-30 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-07-30 19:31 . 2013-07-30 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-07-30 19:31 . 2013-08-01 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-07-30 19:31 . 2013-07-30 19:31 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\MFAData
2013-07-30 19:26 . 2013-07-30 19:29 -------- d-----w- c:\windows\system32\MRT
2013-07-30 18:05 . 2013-07-30 18:05 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-24 18:02 . 2013-07-24 18:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-07-24 15:02 . 2013-07-24 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-23 02:14 . 2013-08-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-19 12:52 . 2013-07-19 12:52 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\Malwarebytes
2013-07-19 12:51 . 2013-07-19 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 01:50 . 2013-01-20 20:59 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-12 14:26 . 2013-02-17 22:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:26 . 2011-10-07 10:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 08:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 08:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-02-20 23:40 . 2013-02-20 23:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Akamai NetSession Interface"="c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 131072]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 159744]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-10-07 2629632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"A0"="c:\documents and settings\jpoulos.VOGELWI\Desktop\mbar\mbar.exe" [2013-08-07 770872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-8-29 1283944]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico -user_logon [2009-5-18 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\MODI\\11.0\\MSPSCAN.EXE"=
"c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\SMPCSetup.exe"=
"c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\smwinvnc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=
"c:\\Documents and Settings\\jpoulos.VOGELWI\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"1381:TCP"= 1381:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\48230029.sys [8/12/2013 11:51 AM 146648]
R1 MpKslde21bba8;MpKslde21bba8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E96AD6-2BDC-46E4-AAFD-63EC1B4BECB9}\MpKslde21bba8.sys [8/12/2013 11:55 AM 29904]
R2 LTService;xPulse Monitoring Service;c:\windows\LTSvc\LTSVC.exe [4/30/2012 11:16 AM 13171712]
R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [4/30/2012 11:17 AM 97792]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/30/2013 3:35 PM 1616048]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/5/2013 10:22 AM 245760]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 1:05 PM 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 7:19 AM 36352]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [9/20/2007 6:28 AM 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [9/20/2007 6:28 AM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [9/20/2007 6:28 AM 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [9/20/2007 6:28 AM 73696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/30/2013 2:05 PM 35144]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174336]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [3/26/2007 6:11 PM 19640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSLDE21BBA8
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 14:26]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59]
.
2013-08-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 22:05]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: directnetworksinc.com\homebase
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\jpoulos.VOGELWI\Application Data\Mozilla\Firefox\Profiles\bk61gruq.default\

.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-12 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????R??????d????????? ??4B??????????????hB? ????R?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-08-12  12:59:08
ComboFix-quarantined-files.txt  2013-08-12 16:59
.
Pre-Run: 13,657,980,928 bytes free
Post-Run: 13,913,223,168 bytes free
.
- - End Of File - - 35F87A0427E3D6C78D9100C06F41B6AA
EDC00A9C9E79634953F952C6D701052F

[CatByte]

Please run the following:

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right-mouse click JRT.exe and select Run as administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Delete
• Once done it will ask to reboot, allow the reboot
• On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[jjlynn]

_c

_{~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Microsoft Windows XP x86
Ran by jpoulos on Tue 08/13/2013 at  7:16:39.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}

 

_{~~~ Services}

 

_{~~~ Registry Values}

 

_{~~~ Registry Keys}

 

_{~~~ Files}

_{Successfully deleted: [File] "C:\WINDOWS\wininit.ini"}

 

_{~~~ Folders}

 

 

_{~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/13/2013 at  7:22:11.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~}

_{# AdwCleaner v2.306 - Logfile created 08/13/2013 at 07:48:36
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jpoulos - VFLWS-5L
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Temporary Internet Files\Content.IE5\DG14WDU6\adwcleaner[1].exe
# Option [Delete]}

_{***** [services] *****}

_{***** [Files / Folders] *****}

_{Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search}

_{***** [Registry] *****}

_{Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin}

_{***** [internet Browsers] *****}

_{-\\ Internet Explorer v8.0.6001.18702}

_{[OK] Registry is clean.}

_{-\\ Mozilla Firefox v19.0 (en-US)}

_{*************************}

_{AdwCleaner[R4].txt - [1000 octets] - [13/08/2013 07:47:43]
AdwCleaner[R5].txt - [1060 octets] - [13/08/2013 07:48:11]
AdwCleaner[s3].txt - [1002 octets] - [13/08/2013 07:48:36]}

_{########## EOF - C:\AdwCleaner[s3].txt - [1062 octets] ##########}

_{C:\Documents and Settings\dnoakes.VOGELWI\Application Data\Sun\Java\Deployment\cache\6.0\24\2d333ed8-67371320 a variant of Java/Exploit.CVE-2011-3521.A trojan
C:\Documents and Settings\jpoulos.VOGELWI\My Documents\Downloads\MICROSOFT_OFFICE_2010_PROFESSIONAL__PLUS_X86_X64_SP1_[thethingy]_secure.exe Win32/TopMedia.B application
C:\WINDOWS\LTSvc\scripts\ProduKey.exe a variant of Win32/PSWTool.ProductKey application}
 

_{Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org}

_{Database version: v2013.08.13.02}

_{Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jpoulos :: VFLWS-5L [administrator]}

_{8/13/2013 7:56:01 AM
mbam-log-2013-08-13 (07-56-01).txt}

_{Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413488
Time elapsed: 22 minute(s), 5 second(s)}

_{Memory Processes Detected: 0
(No malicious items detected)}

_{Memory Modules Detected: 0
(No malicious items detected)}

_{Registry Keys Detected: 0
(No malicious items detected)}

_{Registry Values Detected: 0
(No malicious items detected)}

_{Registry Data Items Detected: 0
(No malicious items detected)}

_{Folders Detected: 0
(No malicious items detected)}

_{Files Detected: 0
(No malicious items detected)}

_(end)

[CatByte]

Please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::C:\Documents and Settings\dnoakes.VOGELWI\Application Data\Sun\Java\Deployment\cache\6.0\24\2d333ed8-67371320 C:\Documents and Settings\jpoulos.VOGELWI\My Documents\Downloads\MICROSOFT_OFFICE_2010_PROFESSIONAL__PLUS_X86_X64_SP1_[thethingy]_secure.exe C:\WINDOWS\LTSvc\scripts\ProduKey.exe ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

[jjlynn]

Here is the combo fix log, I will report back on how the computer runs.

Thanks Joe

 

ComboFix 13-08-14.01 - jpoulos 08/14/2013   9:02.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.895 [GMT -4:00]
Running from: c:\documents and settings\jpoulos.VOGELWI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jpoulos.VOGELWI\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\dnoakes.VOGELWI\Application Data\Sun\Java\Deployment\cache\6.0\24\2d333ed8-67371320"
"c:\documents and settings\jpoulos.VOGELWI\My Documents\Downloads\MICROSOFT_OFFICE_2010_PROFESSIONAL__PLUS_X86_X64_SP1_[thethingy]_secure.exe"
"c:\windows\LTSvc\scripts\ProduKey.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-14 to 2013-08-14  )))))))))))))))))))))))))))))))
.
.
2013-08-13 16:02 . 2013-08-13 16:02 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\offreg.dll
2013-08-13 16:02 . 2013-08-13 16:02 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\MpKsl973b60e5.sys
2013-08-13 14:40 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\mpengine.dll
2013-08-13 14:22 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-13 12:19 . 2013-08-13 12:19 -------- d-----w- c:\program files\ESET
2013-08-13 11:54 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-06 13:12 . 2013-08-06 13:12 -------- d-----w- c:\windows\ERUNT
2013-07-31 15:10 . 2013-07-31 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2013-07-31 15:08 . 2013-07-31 15:08 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG
2013-07-31 15:07 . 2013-07-31 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-07-31 15:07 . 2013-07-31 15:07 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\AVG SafeGuard toolbar
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\TuneUp Software
2013-07-30 19:35 . 2013-07-30 19:35 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\AVG SafeGuard toolbar
2013-07-30 19:35 . 2013-08-13 11:50 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-07-30 19:35 . 2013-07-30 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-07-30 19:31 . 2013-07-30 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-07-30 19:31 . 2013-08-01 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-07-30 19:31 . 2013-07-30 19:31 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\MFAData
2013-07-30 19:26 . 2013-07-30 19:29 -------- d-----w- c:\windows\system32\MRT
2013-07-30 18:05 . 2013-07-30 18:05 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-24 18:02 . 2013-07-24 18:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-07-24 15:02 . 2013-08-13 11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-23 02:14 . 2013-08-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-19 12:52 . 2013-07-19 12:52 -------- d-----w- c:\documents and settings\jpoulos.VOGELWI\Application Data\Malwarebytes
2013-07-19 12:51 . 2013-07-19 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 01:50 . 2013-01-20 20:59 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-12 14:26 . 2013-02-17 22:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:26 . 2011-10-07 10:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 08:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 08:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-02-20 23:40 . 2013-02-20 23:40 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Akamai NetSession Interface"="c:\documents and settings\jpoulos.VOGELWI\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 131072]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 159744]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-10-07 2629632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-8-29 1283944]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico -user_logon [2009-5-18 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\MODI\\11.0\\MSPSCAN.EXE"=
"c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\SMPCSetup.exe"=
"c:\\Documents and Settings\\dnoakes.VOGELWI\\Local Settings\\Temp\\IXP000.TMP\\smwinvnc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=
"c:\\Documents and Settings\\jpoulos.VOGELWI\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R1 MpKsl973b60e5;MpKsl973b60e5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1260BC41-9CED-43B5-B21E-E6ACCB870891}\MpKsl973b60e5.sys [8/13/2013 12:02 PM 29904]
R2 LTService;xPulse Monitoring Service;c:\windows\LTSvc\LTSVC.exe [4/30/2012 11:16 AM 13171712]
R2 LTSvcMon;xPulse Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [4/30/2012 11:17 AM 97792]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/30/2013 3:35 PM 1616048]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/5/2013 10:22 AM 245760]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 1:05 PM 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 7:19 AM 36352]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [9/20/2007 6:28 AM 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [9/20/2007 6:28 AM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [9/20/2007 6:28 AM 93904]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [9/20/2007 6:28 AM 73696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 12:59 PM 135664]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/30/2013 2:05 PM 35144]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174336]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [3/26/2007 6:11 PM 19640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL973B60E5
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 14:26]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:59]
.
2013-08-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 22:05]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: directnetworksinc.com\homebase
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\jpoulos.VOGELWI\Application Data\Mozilla\Firefox\Profiles\bk61gruq.default\

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-14 09:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????R??4?0?3?3??????? ??4B??????????????hB? ????R?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(868)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-14  09:14:55
ComboFix-quarantined-files.txt  2013-08-14 13:14
ComboFix2.txt  2013-08-12 16:59
.
Pre-Run: 13,507,739,648 bytes free
Post-Run: 13,636,984,832 bytes free
.
- - End Of File - - 85D28BC05D0B44C939A0F995A10B8DD3
EDC00A9C9E79634953F952C6D701052F
 

[jjlynn]

Still Getting this

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter)

[CatByte]

Please open the MBAR folder > PLUGINS

and run the FixDamage.exe tool

then please let me know if you are still receiving that notification

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[CatByte]

Please update your Malwarebytes definitions, re-run a quick scan and post the resulting log

[jjlynn]

c

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.23.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jpoulos :: VFLWS-5L [administrator]

8/23/2013 8:19:45 AM
MBAM-log-2013-08-23 (09-04-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416271
Time elapsed: 30 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[CatByte]

Hello

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

it states, no action taken

please select this item, then hit remove.

NEXT

Please download Farbar Service Scanner and run it

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[jjlynn]

 

Farbar Service Scanner Version: 18-08-2013
Ran by jpoulos (administrator) on 26-08-2013 at 08:51:32
Running from "C:\Documents and Settings\jpoulos.VOGELWI\Local Settings\Temporary Internet Files\Content.IE5\LWYDYAPF"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(10) Gpc(7) IPSec(5) NetBT(6) PSched(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000600000007000000080000000A00000009000000
IpSec Tag value is correct.

**** End of log ****

[CatByte]

looks like the security center service is not running:

 

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

 

 

 

Please see if you are able to manually start it

 

Type services into the start box and click on services when it populates in the window above to open the services window

 

scroll down to security Center > right click it > Properties and make certain the startup type is Automatic

 

now start the service by clicking on the "start service" link in the left of the window and see if that is successful.

 

If not, please make note of the exact error message you receive.

[jjlynn]

Will not start.

 

Message

 

The Security Center services on the Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and alerts services.

[CatByte]

let's have a look at the registry key,

please do the following:

• Click Start > Run type Notepad click OK. This will open an empty Notepad file.
• Copy/Paste the contents of the box below into Notepad.

  @echo offregedit.exe /e "%userprofile%\Desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc"Notepad.exe "%userprofile%\Desktop\look.txt"Del %0

• Click Format and ensure Wordwrap is unchecked.
• Save as RegExp.bat
• Save as file type "All Files"
• Save it to your desktop
• Now double click on RegExp.bat to run it.
• If the User Account Control dialog box appears click yes.
• A file "look.txt" will open on your Desktop, please post the contents in your next reply.

[jjlynn]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
  6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
  00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[CatByte]

The registry key looks as it should, so please run the following:

Download the attached fixwmi.zip and save it to your desktop. > double click and extract fixwmi.cmd to your desktop.

fixwmi.zip

Double click fixwmi.cmd to run it

a small back DOS box will flash.

Reboot the computer,

let me know if that fixed the issue

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!