SpyWare BeWare! ASAP
March 28, 2017, 05:09:15 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2   Go Down
  Print  
Author Topic: Dell Laptop slow-IE very slow.  (Read 1963 times)
0 Members and 1 Guest are viewing this topic.
amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« on: July 11, 2013, 11:19:13 AM »

Have run disc cleanup, deleted temp files. Defrag. Run Malwarebytes, tddskiller, has MS Sec Esentials installed.
Local shop removed harddrive to scan and found nothing. Laptop was much faster and efficient several weeks ago and had been that way for nearly three years. I cannot find the source of the problem. Please help.

File contents pasted per "Start here" instructions:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Andrew_Johns at 12:09:55 on 2013-07-11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1219 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\system32\ptumlcmsvc.exe
C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Documents and Settings\Andrew_Johns\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Documents and Settings\Andrew_Johns\Application Data\Aventail\epi\epivista.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://webmail.hmc1.comcast.net/
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: GetSavin 5.0: {41BBF514-E452-4B55-923F-92355E31D2C2} - c:\documents and settings\andrew_johns\local settings\application data\getsavin\ie\getsavin_1363368601.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN297BVGP505KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [SearchProtect] c:\documents and settings\andrew_johns\application data\searchprotect\bin\cltmng.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [SearchProtect] c:\documents and settings\networkservice\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\andrew~1\startm~1\programs\startup\launch~1.lnk - c:\documents and settings\andrew_johns\application data\verizon\ua_ar\UtilityApplication.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {05A2C7ED-7962-4A3F-BE2E-0A494B3C6A16} - hxxps://vpn.washco-md.net/wa/AssessLoader.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://vpn.washco-md.net/wa/AccessClientLoader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342027721421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://jve.frederickcountymd.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{46FB6632-7E81-4509-A79D-74039083462F} : DHCPNameServer = 172.31.0.4
TCP: Interfaces\{E2823F7A-44C6-46FF-908C-608922EF5086} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2009-7-7 15448]
R1 MpKsl2ca38987;MpKsl2ca38987;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01a20662-2b0a-4018-83c5-d7c00efce4c2}\MpKsl2ca38987.sys [2013-7-11 29904]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [2011-3-3 55536]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [2010-8-20 24776]
R2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [2010-8-20 44236]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-23 120728]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2010-12-7 241320]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2009-3-5 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2009-12-1 193648]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-4-4 143360]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2010-12-7 22600]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2010-12-7 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2010-12-7 80456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-8 80824]
S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2004-2-9 12928]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-11-9 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-11-9 8448]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2012-11-9 24576]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2010-12-7 25160]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-1-10 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-1-10 11896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-5-30 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-5-30 92288]
S3 pnmdm;Driver for pnmdm Device;c:\windows\system32\drivers\pncom.sys [2012-1-12 39336]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2012-7-5 86176]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2012-7-5 168864]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2012-7-5 168864]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2012-7-5 88864]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2012-7-5 169632]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2012-7-5 55072]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2012-7-5 168864]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2011-11-29 32408]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-8 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-11 13:51:18   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01a20662-2b0a-4018-83c5-d7c00efce4c2}\MpKsl2ca38987.sys
2013-07-11 12:06:55   7068072   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{01a20662-2b0a-4018-83c5-d7c00efce4c2}\mpengine.dll
2013-07-10 11:53:28   7068072   ------w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-27 11:46:22   --------   d-----w-   c:\documents and settings\andrew_johns\application data\TeamViewer
2013-06-19 20:20:08   --------   d-----w-   c:\documents and settings\andrew_johns\local settings\application data\Sun
.
==================== Find3M  ====================
.
2013-06-12 14:06:10   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:06:09   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-10 21:04:52   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-06-10 21:04:44   144896   ----a-w-   c:\windows\system32\javacpl.cpl
2013-06-10 21:04:42   866720   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-06-10 21:04:42   788896   ----a-w-   c:\windows\system32\deployJava1.dll
2013-05-07 22:30:06   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-05-07 22:30:05   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29   385024   ----a-w-   c:\windows\system32\html.iec
2013-05-03 01:30:20   2149888   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17   2028544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50   238872   ------w-   c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:10:50.75 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2010 2:07:39 PM
System Uptime: 7/10/2013 4:06:20 PM (20 hours ago)
.
Motherboard: Dell Inc. |  | 0FT292
Processor: Intel(R) Core(TM)2 CPU         T5600  @ 1.83GHz | Microprocessor | 1828/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 13.204 GiB free.
E: is CDROM ()
N: is NetworkDisk (NTFS) - 233 GiB total, 114.779 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP707: 4/12/2013 11:52:54 AM - System Checkpoint
RP708: 4/15/2013 7:49:18 AM - Software Distribution Service 3.0
RP709: 4/17/2013 2:25:38 PM - Software Distribution Service 3.0
RP710: 4/18/2013 4:23:49 PM - Software Distribution Service 3.0
RP711: 4/22/2013 7:37:27 AM - Software Distribution Service 3.0
RP712: 4/24/2013 7:43:58 AM - Software Distribution Service 3.0
RP713: 4/25/2013 12:32:32 PM - Software Distribution Service 3.0
RP714: 4/28/2013 5:54:48 PM - Software Distribution Service 3.0
RP715: 4/30/2013 7:53:23 AM - Software Distribution Service 3.0
RP716: 5/1/2013 1:08:26 PM - System Checkpoint
RP717: 5/1/2013 4:47:11 PM - Software Distribution Service 3.0
RP718: 5/3/2013 7:29:34 AM - Software Distribution Service 3.0
RP719: 5/6/2013 3:40:27 AM - Software Distribution Service 3.0
RP720: 5/7/2013 7:34:21 AM - Software Distribution Service 3.0
RP721: 5/8/2013 1:33:19 PM - Software Distribution Service 3.0
RP722: 5/10/2013 7:38:08 AM - Software Distribution Service 3.0
RP723: 5/13/2013 7:45:35 AM - Software Distribution Service 3.0
RP724: 5/15/2013 7:44:25 AM - Software Distribution Service 3.0
RP725: 5/15/2013 7:50:42 AM - Software Distribution Service 3.0
RP726: 5/16/2013 8:36:31 AM - Software Distribution Service 3.0
RP727: 5/17/2013 2:23:24 PM - Software Distribution Service 3.0
RP728: 5/20/2013 11:35:24 AM - Software Distribution Service 3.0
RP729: 5/22/2013 7:56:45 AM - Software Distribution Service 3.0
RP730: 5/23/2013 1:49:05 PM - Software Distribution Service 3.0
RP731: 5/28/2013 7:40:54 AM - Software Distribution Service 3.0
RP732: 5/29/2013 9:35:45 AM - Software Distribution Service 3.0
RP733: 5/30/2013 4:10:15 PM - Software Distribution Service 3.0
RP734: 6/2/2013 4:29:51 AM - Software Distribution Service 3.0
RP735: 6/3/2013 7:38:42 AM - Software Distribution Service 3.0
RP736: 6/4/2013 7:41:59 AM - Software Distribution Service 3.0
RP737: 6/5/2013 7:45:26 AM - Software Distribution Service 3.0
RP738: 6/6/2013 8:00:28 AM - Software Distribution Service 3.0
RP739: 6/7/2013 4:44:24 PM - Software Distribution Service 3.0
RP740: 6/10/2013 8:02:29 AM - Software Distribution Service 3.0
RP741: 6/10/2013 5:04:23 PM - Installed Java 7 Update 21
RP742: 6/12/2013 8:20:25 AM - Software Distribution Service 3.0
RP743: 6/12/2013 1:19:08 PM - Software Distribution Service 3.0
RP744: 6/13/2013 10:42:23 AM - Software Distribution Service 3.0
RP745: 6/14/2013 1:46:44 PM - Software Distribution Service 3.0
RP746: 6/17/2013 6:49:30 AM - Software Distribution Service 3.0
RP747: 6/18/2013 7:36:59 AM - Software Distribution Service 3.0
RP748: 6/19/2013 8:06:33 AM - Software Distribution Service 3.0
RP749: 6/20/2013 4:09:12 PM - Software Distribution Service 3.0
RP750: 6/21/2013 4:28:22 PM - Software Distribution Service 3.0
RP751: 6/24/2013 8:21:50 AM - Software Distribution Service 3.0
RP752: 6/25/2013 4:37:37 PM - Software Distribution Service 3.0
RP753: 6/27/2013 7:43:26 AM - Software Distribution Service 3.0
RP754: 6/28/2013 7:55:20 AM - Software Distribution Service 3.0
RP755: 6/30/2013 8:47:54 PM - Software Distribution Service 3.0
RP756: 7/2/2013 8:16:29 AM - Software Distribution Service 3.0
RP757: 7/3/2013 2:38:47 PM - Software Distribution Service 3.0
RP758: 7/8/2013 1:26:40 PM - Software Distribution Service 3.0
RP759: 7/10/2013 7:53:26 AM - Software Distribution Service 3.0
RP760: 7/11/2013 8:06:45 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1-Wire Drivers Version 4.03 Beta
3CDaemon
ActivePerl 5.12.2 Build 1202
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Anritsu Tool Box with Line Sweep Tools
Apple Application Support
Apple Software Update
ApxFamilyCPS R04.00.02
ApxFamilyCPS R09.00.02
ApxFamilyTuner R04.00.00
ASTRO 25 Mobile CPS
ASTRO 25 Portable CPS
ASTRO 25 Tuner
ASTRO 7.11 Documentation Set
Astro DIU CSS
ASTRO Radio Tuner
ASTRO Spectra CPS
Audible Download Manager
Aventail Access Manager
Aventail Connect
Aventail OPSWAT End Point Control
Aventail Web Proxy Agent
Broadcom ASF Management Applications
ComAp PC Suite
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Configuration Service Software for A7.11
Configuration Service Software for A7.13
Configuration Service Software for A7.7
Configuration Service Software for A7.8
CPS Reports
Crystal Reports Basic Runtime for Visual Studio 2008
DeepBurner v1.9.0.228
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Mobile Broadband Card Utility
Dell Touchpad
DirectX 9 Runtime
DJ_SF_03_D1500_Software_Min
DW WLAN Card Utility
Enterprise
FirmwareImport 1.5.1
Fujitsu NETSMART® 500
GetSavin
gm_setup 1.8
Google Chrome
Google Update Helper
GoToMeeting 4.8.0.722
Hasp Dongle Drivers 5.86
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet D1500 Printer Driver 10.0 Rel .3
HP Officejet Pro 8600 Basic Device Software
IBConfig 1.8
Intel(R) Graphics Media Accelerator Driver
InteliDDE 4.6.2
InteliMonitor 2.7.2
InterVideo Register Manager
InterVideo WinDVD
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 35
Juniper Networks Setup Client
Juniper Terminal Services Client
Lenovo Central Audio
LiteEdit 4.6.3
LiveUpdate
Malwarebytes Anti-Malware version 1.75.0.1300
Master Software Tools
MCS2000 CPS
MCS2000 Tuner
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WinUsb 2.0
Moscad Moscad-L ToolBox 9.54.03
MOTOBRIDGE GX-MX CT 4.3.53
Motorola ACE3600 System Tools Suite 13.60
Motorola ACE3600 System Tools Suite 13.60 SP1
Motorola APX USB Setup
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
MOTOTRBO Customer Programming Software
MOTOTRBO RDAC
MOTOTRBO Tuner
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MTS2000 CPS
MTS2000 Tuner
National Instruments Software
NI-ORB 1.9.3f0
NI-PAL 2.5.3f0
NI-RPC 4.1.1f0
NI-VISA Runtime 4.6.2
NI Certificates Deployment Support
NI EULA Depot
NI MDF Support
NI mDNS Responder 1.2.0
NI Service Locator
NI Uninstaller
NI VC2008MSMs x86
NI Xerces Delay Load 2.7.1
NVIDIA Drivers
OM-Online WB
OZ776 SCR Driver V1.1.4.202
PANTECH UML290
Perle DeviceManager
PNMTj
QFolder
QuickTime
Radio Service Software
RadioShack USB to Serial Cable
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
SAMSUNG USB Driver for Mobile Phones
Scan
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic CinePlayer Decoder Pack
Symantec Procomm Plus
SyncBackFree
TASC Systems - AMCU
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
Verizon Wireless UML290 Firmware Updates
VISA Shared Components
VZAccess Manager
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - Motorola Corporation (USB_RNDIS) Net  (05/13/2005 5.2.3790.1454)
Windows Driver Package - Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap  (02/17/2012 03.05.00.00)
Windows Driver Package - Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap  (04/12/2011 03.04.00.00)
Windows Driver Package - Motorola Solutions, Inc. Net  (09/27/2011 6.0.6000.16384)
Windows Driver Package - Motorola, Inc. (fudally) MotorolaUSBFlashZap  (11/26/2007 03.04.00.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.0.1
WinRAR archiver
WinScope 1.9.1
Wireshark 0.99.6a
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/9/2013 9:26:04 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/8/2013 9:07:09 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.153.1177.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.9607.0    Error code: 0x80072efd    Error description: A connection with the server could not be established
7/8/2013 1:14:46 PM, error: Dhcp [1002]  - The IP address lease 10.3.66.153 for the Network Card with network address 00188BD1A137 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/10/2013 4:08:24 PM, error: Service Control Manager [7023]  - The OsaFsLoc service terminated with the following error:  The specified module could not be found.
7/10/2013 3:59:00 PM, error: Srv [2019]  - The server was unable to allocate from the system nonpaged pool because the pool was empty.
.
==== End Of File ===========================
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: July 11, 2013, 12:48:55 PM »

Hi and welcome to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


Before we start, please can I just clarify the ownership & use of the computer.

From the Please Start HERE! topic.

Quote
3.  If you are having problems with a business machine, please consult your IT Department or System Administrator.  We cannot undertake the liability of a business-owned asset.  You are advised to consult your employer's "Acceptable Usage Policy" to ensure that you are not in breach of Company rules by attempting to fix a business asset.


Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #2 on: July 11, 2013, 01:06:47 PM »

My personal laptop I use at work and at home. Any programs or files are easily replaced and I have all docs, favs, etc backed up. Even the desktop.

I remember now when it started. I had an mpeg video clip of my son that would not play all the way through and was trying to find a program to repair it but searched for  mp3 by mistake and installed it. After that it has been slow.

Andrew
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #3 on: July 11, 2013, 02:00:05 PM »

Hi Andrew

Thanks.


Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Quote
GetSavin
Search Protect by conduit
.


AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #4 on: July 11, 2013, 02:25:22 PM »

# AdwCleaner v2.304 - Logfile created 07/11/2013 at 15:23:58
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32

bits)
# User : Andrew_Johns - ANDREW
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew_Johns\My

Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Documents and Settings\Andrew_Johns\Local

Settings\Application Data\Conduit
Folder Found : C:\Documents and

Settings\NetworkService\Application Data\SearchProtect
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found :

HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-

B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Unin

stall\a96845a2d0a3a67f2dc790c88a4f4da3

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Andrew_Johns\Local

Settings\Application Data\Google\Chrome\User

Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1419 octets] - [11/07/2013 15:23:58]

########## EOF - C:\AdwCleaner[R1].txt - [1479 octets]

##########
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #5 on: July 11, 2013, 02:34:03 PM »

Thanks.

Let me know if there's any improvement after this.

AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #6 on: July 11, 2013, 03:27:11 PM »

Yes, that seems to have it. Am operating from IE now while running my webmail in another tab. webmail is now snappy like it used to be.

Do you want to check anything else while we are at it? Or are we going to call it good?

It even downloaded 15 updates and I shut it all the way down and restarted. Also running disc cleanup at the same time. Working good.

Andrew
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #7 on: July 11, 2013, 03:41:38 PM »


ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications

  • Double click combofix.exe & follow the prompts.
  • Combofix may automatically reboot your computer. (possibly more than once). 
  • When finished, it will produce a log.  Please post the contents of that log in your next reply
  • It can also be found at C:\combofix.txt
  • Re-enable all the programs that were disabled during the running of ComboFix.
.
NOTE: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.



Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #8 on: July 12, 2013, 08:08:19 AM »

Ran combofix-found rootkit, ran it again so thought I better post the log and see where to go from here. Log follows.


ComboFix 13-07-11.03 - Andrew_Johns 07/12/2013   8:46.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1606 [GMT -4:00]
Running from: c:\documents and settings\Andrew_Johns\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))
.
.
2013-07-12 11:48 . 2013-07-12 11:48   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 12:06 . 2013-06-12 04:18   7068072   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01A20662-2B0A-4018-83C5-D7C00EFCE4C2}\mpengine.dll
2013-07-10 11:53 . 2013-06-12 04:18   7068072   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 11:46 . 2013-06-27 11:46   --------   d-----w-   c:\documents and settings\Andrew_Johns\Application Data\TeamViewer
2013-06-19 20:20 . 2013-06-19 20:20   --------   d-----w-   c:\documents and settings\Andrew_Johns\Local Settings\Application Data\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 11:48 . 2012-06-02 22:05   144896   ----a-w-   c:\windows\system32\javacpl.cpl
2013-07-12 11:48 . 2012-06-02 22:05   867240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-07-12 11:48 . 2011-10-29 02:07   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-12 14:06 . 2012-04-12 11:48   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:06 . 2011-06-03 11:25   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2010-03-17 12:06   385024   ----a-w-   c:\windows\system32\html.iec
2013-06-07 21:56 . 2010-03-17 12:06   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-03-17 12:06   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2010-03-17 12:06   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2010-03-17 12:06   562688   ----a-w-   c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-03-17 12:06   1876736   ----a-w-   c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 01:47   1543680   ------w-   c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2008-04-14 00:54   2149888   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01   2028544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-07-11 15:55   238872   ------w-   c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-08-21 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"NVHotkey"="nvHotkey.dll" [2009-03-11 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"nwiz"="nwiz.exe" [2009-03-11 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-17 213936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Fujitsu\\NETSMART_500\\Tools\\JRE\\v1.5.0\\bin\\java.exe"=
"c:\\STS1360\\Prg\\wmdlcdrv.exe"=
"c:\\Program Files\\Motorola\\css\\A7.8\\css_jre\\bin\\java.exe"=
"c:\\Program Files\\Motorola\\css\\A7.8\\swdl_jre\\bin\\java.exe"=
"c:\\Program Files\\Motorola\\css\\A7.7\\swdl_jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
"c:\\Program Files\\National Instruments\\Shared\\mDNS Responder\\nimdnsResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43002:TCP"= 43002:TCP:Trend Micro Client/Server Security Agent Listener
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/7/2009 11:23 AM 15448]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [3/3/2011 5:12 PM 55536]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [8/20/2010 4:29 PM 24776]
R2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [8/20/2010 4:29 PM 44236]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 6:58 PM 120728]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [12/7/2010 9:29 AM 241320]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [3/5/2009 4:17 PM 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [12/1/2009 3:59 PM 193648]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [4/4/2011 3:37 PM 143360]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [12/7/2010 9:27 AM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [12/7/2010 9:29 AM 80456]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/8/2013 1:29 PM 80824]
S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2/9/2004 10:39 AM 12928]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/9/2012 9:39 AM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/9/2012 9:39 AM 8448]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/9/2012 9:39 AM 24576]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [12/7/2010 9:29 AM 22600]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [12/7/2010 9:29 AM 25160]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [1/10/2010 4:53 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [1/10/2010 4:51 AM 11896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 8:01 PM 42512]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [5/30/2007 8:50 PM 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [5/30/2007 8:50 PM 92288]
S3 pnmdm;Driver for pnmdm Device;c:\windows\system32\drivers\pncom.sys [1/12/2012 1:17 PM 39336]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [7/5/2012 12:37 PM 86176]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [7/5/2012 12:37 PM 168864]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [7/5/2012 12:37 PM 168864]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [7/5/2012 12:37 PM 88864]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [7/5/2012 12:37 PM 169632]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [7/5/2012 12:37 PM 55072]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [7/5/2012 12:37 PM 168864]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/5/2009 1:32 AM 1124848]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [11/29/2011 2:20 AM 32408]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/8/2013 1:29 PM 181432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
SE2Cbus
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-12 03:43   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 14:06]
.
2013-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 21:28]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 21:28]
.
2013-07-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-07-11 c:\windows\Tasks\Motorola Device Manager Engine.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-04-08 c:\windows\Tasks\Motorola Device Manager Update.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-07-12 c:\windows\Tasks\User_Feed_Synchronization-{C5F9C87A-FD1C-436B-BCFD-C000D6EB79BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.hmc1.comcast.net/
Trusted Zone: hankey-server
TCP: DhcpNameServer = 192.168.1.1
DPF: {05A2C7ED-7962-4A3F-BE2E-0A494B3C6A16} - hxxps://vpn.washco-md.net/wa/AssessLoader.cab
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://vpn.washco-md.net/wa/AccessClientLoader.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-12 08:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-12  09:00:02
ComboFix-quarantined-files.txt  2013-07-12 13:00
ComboFix2.txt  2013-07-12 12:34
.
Pre-Run: 18,806,366,208 bytes free
Post-Run: 18,809,622,528 bytes free
.
- - End Of File - - CE6BAABCDB1BD5804FDEAAB40E547099
8F558EB6672622401DA993E1E865C861
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #9 on: July 12, 2013, 10:51:20 AM »

Hi

Can you also post me the first log, which will be found at:

C:\qoobox\ComboFix2.txt
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #10 on: July 15, 2013, 06:41:12 AM »

Combofix2.txt

ComboFix 13-07-11.03 - Andrew_Johns 07/12/2013   8:17.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1606 [GMT -4:00]
Running from: c:\documents and settings\Andrew_Johns\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\Andrew_Johns\WINDOWS
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\ST6UNST.000
c:\windows\system32\dds_trash_log.cmd
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))
.
.
2013-07-12 11:48 . 2013-07-12 11:48   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 12:06 . 2013-06-12 04:18   7068072   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01A20662-2B0A-4018-83C5-D7C00EFCE4C2}\mpengine.dll
2013-07-10 11:53 . 2013-06-12 04:18   7068072   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 11:46 . 2013-06-27 11:46   --------   d-----w-   c:\documents and settings\Andrew_Johns\Application Data\TeamViewer
2013-06-19 20:20 . 2013-06-19 20:20   --------   d-----w-   c:\documents and settings\Andrew_Johns\Local Settings\Application Data\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 11:48 . 2012-06-02 22:05   144896   ----a-w-   c:\windows\system32\javacpl.cpl
2013-07-12 11:48 . 2012-06-02 22:05   867240   ----a-w-   c:\windows\system32\npdeployJava1.dll
2013-07-12 11:48 . 2011-10-29 02:07   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-12 14:06 . 2012-04-12 11:48   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:06 . 2011-06-03 11:25   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2010-03-17 12:06   385024   ----a-w-   c:\windows\system32\html.iec
2013-06-07 21:56 . 2010-03-17 12:06   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-03-17 12:06   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2010-03-17 12:06   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2010-03-17 12:06   562688   ----a-w-   c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-03-17 12:06   1876736   ----a-w-   c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 01:47   1543680   ------w-   c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2008-04-14 00:54   2149888   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01   2028544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-07-11 15:55   238872   ------w-   c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-08-21 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"NVHotkey"="nvHotkey.dll" [2009-03-11 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"nwiz"="nwiz.exe" [2009-03-11 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-17 213936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Fujitsu\\NETSMART_500\\Tools\\JRE\\v1.5.0\\bin\\java.exe"=
"c:\\STS1360\\Prg\\wmdlcdrv.exe"=
"c:\\Program Files\\Motorola\\css\\A7.8\\css_jre\\bin\\java.exe"=
"c:\\Program Files\\Motorola\\css\\A7.8\\swdl_jre\\bin\\java.exe"=
"c:\\Program Files\\Motorola\\css\\A7.7\\swdl_jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43002:TCP"= 43002:TCP:Trend Micro Client/Server Security Agent Listener
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/7/2009 11:23 AM 15448]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [3/3/2011 5:12 PM 55536]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 COMMSB96;COMMSB96;c:\windows\system32\drivers\COMMSB96.sys [8/20/2010 4:29 PM 24776]
R2 COMMSBEP;COMMSBEP;c:\windows\system32\drivers\COMMSBEP.sys [8/20/2010 4:29 PM 44236]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 6:58 PM 120728]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [12/7/2010 9:29 AM 241320]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [3/5/2009 4:17 PM 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [12/1/2009 3:59 PM 193648]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [4/4/2011 3:37 PM 143360]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [12/7/2010 9:27 AM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [12/7/2010 9:29 AM 80456]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/8/2013 1:29 PM 80824]
S3 fudally;fudally;c:\windows\system32\drivers\fudally.sys [2/9/2004 10:39 AM 12928]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/9/2012 9:39 AM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/9/2012 9:39 AM 8448]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/9/2012 9:39 AM 24576]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [12/7/2010 9:29 AM 22600]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [12/7/2010 9:29 AM 25160]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [1/10/2010 4:53 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [1/10/2010 4:51 AM 11896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 8:01 PM 42512]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [5/30/2007 8:50 PM 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [5/30/2007 8:50 PM 92288]
S3 pnmdm;Driver for pnmdm Device;c:\windows\system32\drivers\pncom.sys [1/12/2012 1:17 PM 39336]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [7/5/2012 12:37 PM 86176]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [7/5/2012 12:37 PM 168864]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [7/5/2012 12:37 PM 168864]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [7/5/2012 12:37 PM 88864]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [7/5/2012 12:37 PM 169632]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [7/5/2012 12:37 PM 55072]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [7/5/2012 12:37 PM 168864]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/5/2009 1:32 AM 1124848]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [11/29/2011 2:20 AM 32408]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/8/2013 1:29 PM 181432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
SE2Cbus
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-12 03:43   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 14:06]
.
2013-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 21:28]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 21:28]
.
2013-07-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-07-11 c:\windows\Tasks\Motorola Device Manager Engine.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-04-08 c:\windows\Tasks\Motorola Device Manager Update.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23 22:58]
.
2013-07-12 c:\windows\Tasks\User_Feed_Synchronization-{C5F9C87A-FD1C-436B-BCFD-C000D6EB79BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.hmc1.comcast.net/
Trusted Zone: hankey-server
TCP: DhcpNameServer = 192.168.1.1
DPF: {05A2C7ED-7962-4A3F-BE2E-0A494B3C6A16} - hxxps://vpn.washco-md.net/wa/AssessLoader.cab
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://vpn.washco-md.net/wa/AccessClientLoader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\documents and settings\Andrew_Johns\Start Menu\Programs\Startup\Launch Utility Application.lnk - c:\documents and settings\Andrew_Johns\Application Data\Verizon\UA_ar\UtilityApplication.exe
SafeBoot-66393950.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-OM-Online - c:\program files\Powerwave\uninst.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-12 08:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-12  08:34:52
ComboFix-quarantined-files.txt  2013-07-12 12:34
.
Pre-Run: 18,590,732,288 bytes free
Post-Run: 18,820,087,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 565C462CDDD8C97B0D2C4D868EAFCF97
8F558EB6672622401DA993E1E865C861
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #11 on: July 16, 2013, 07:00:21 AM »

Thanks.

How's the computer behaving now?

Roguekiller

Download Roguekiller from here & save it to your desktop

  • Double click roguekiller.exe to run it.
  • Wait for the prescan to finish.
  • Accept the EULA
  • Under Options, click the Scan button
  • When the Status reports Scan finished, click Report under Options
  • Notepad will open. Please copy & paste the contents of that report in a reply here.
  • The log can also be found on your desktop entitled RKreport[**].txt
  • Close RogueKiller. Click Yes to the prompt
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #12 on: July 16, 2013, 08:15:53 AM »

Running better! Here is the RougeKiller log:

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew_Johns [Admin rights]
Mode : Scan -- Date : 07/16/2013 09:14:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] epivista.exe -- C:\Documents and Settings\Andrew_Johns\Application Data\Aventail\epi\epivista.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] SSDT[41] : NtCreateKey @ 0x804D7FEC -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xA829A610)
[Inline] SSDT[119] : NtOpenKey @ 0x804D7FF1 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xA8270A18)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980811AS +++++
--- User ---
[MBR] f727551741b82a8a103d9bef1252b6b5
[BSP] 82fb020a45416ca6110921d41414d492 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 5004 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 10249470 | Size: 71311 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07162013_091410.txt >>




Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #13 on: July 16, 2013, 03:43:17 PM »

Hi

One last scan to be sure, but things do look ok.


aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
Logged

amjohns
Newbie
*
Offline Offline

Date Registered:June 27, 2008, 07:12:53 AM
Posts: 48


« Reply #14 on: July 17, 2013, 05:50:44 AM »

Got a BSOD on first run but IE was running so ran smooth the second time. Here is the log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-16 17:07:48
-----------------------------
17:07:48.656    OS Version: Windows 5.1.2600 Service Pack 3
17:07:48.656    Number of processors: 2 586 0xF02
17:07:48.656    ComputerName: ANDREW  UserName:
17:07:58.875    Initialize success
17:08:33.375    AVAST engine defs: 13071601
17:08:37.859    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:08:37.859    Disk 0 Vendor: ST980811AS 3.CDD Size: 76319MB BusType: 3
17:08:38.078    Disk 0 MBR read successfully
17:08:38.078    Disk 0 MBR scan
17:08:38.140    Disk 0 Windows XP default MBR code
17:08:38.140    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         5004 MB offset 63
17:08:38.156    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        71311 MB offset 10249470
17:08:38.187    Disk 0 scanning sectors +156296385
17:08:38.484    Disk 0 scanning C:\WINDOWS\system32\drivers
17:09:01.468    Service scanning
17:09:20.296    Service MpKsl3c645ee5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB5C970-CE86-4C8A-B929-E30C4C090054}\MpKsl3c645ee5.sys **LOCKED** 32
17:09:50.703    Modules scanning
17:10:02.078    Disk 0 trace - called modules:
17:10:02.453    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:10:02.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a84aab8]
17:10:02.453    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8a93cf18]
17:10:02.468    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8e3940]
17:10:02.812    AVAST engine scan C:\WINDOWS
17:10:30.359    AVAST engine scan C:\WINDOWS\system32
17:17:21.328    AVAST engine scan C:\WINDOWS\system32\drivers
17:17:49.343    AVAST engine scan C:\Documents and Settings\Andrew_Johns
18:20:46.093    AVAST engine scan C:\Documents and Settings\All Users
18:33:24.484    Scan finished successfully
06:48:12.734    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew_Johns\Desktop\MBR.dat"
06:48:12.734    The log file has been saved successfully to "C:\Documents and Settings\Andrew_Johns\Desktop\aswMBR.txt"


Logged
Pages: [1] 2   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!