Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall stops, Microsoft Update doesn't run, ...


  • This topic is locked This topic is locked
14 replies to this topic

#1 bill02888

bill02888

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 11 September 2013 - 12:16 PM

Good afternoon.

 

I've got a Windows XP SP3 laptop where Windows Firewall starts, but after a few minutes it stops.

 

Microsoft Update won't run right -- it has a problem I've seen mentioned, where SVCHOST will start using up every CPU cycle. I've tried several fixes but none have resolve the issue. So it's getting out of date with important fixes.

 

I ran a quick Malwarebytes' Anti-Malware scan and a quick SUPERAntiSpyware scan but nothing was found.

 

I tried running ComboFix (don't yell at me!). It saved registry settings and made a checkpoint, but after several minutes it never starts any of the test stages. After a while the clock stops. Sometimes the mouse pointer will still respond.

 

Either I've got a strange combination of problems, or I've got some malware. What's next?

 

Thanks,

Bill



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 12 September 2013 - 04:02 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 12 September 2013 - 12:13 PM

Thanks, Marius. The MBAR is below. It looks clean.

 

Windows Firewall is still running. This surprises me. Recently it has only run for a short time after boot, then stopped.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bill :: LENOVO-36A82AC7 [administrator]

9/12/2013 12:56:05 PM
mbar-log-2013-09-12 (12-56-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 236472
Time elapsed: 13 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 12 September 2013 - 11:54 PM

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 13 September 2013 - 04:26 PM

Interesting. I tried running it twice on the laptop. Both times the system clock stopped after about 5 minutes.

 

On the 3rd attempt I shut down Malwarebytes' Anti-Malware real-time system protection before starting DDS. This time DDS has been running for an hour. The clock is still accurate. For a few minutes there was a lot of drive activity. Now there seems to be almost no drive activity.

 

I tried running DDS on another system (a newer desktop) and it completed in less than a minute. For how long should I let DDS continue to run on the laptop?

 

Bill



#6 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 14 September 2013 - 07:04 AM

I left DSS running overnight. The clock stopped shortly after 4am.



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 15 September 2013 - 06:43 AM

Let´s try something else...

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 15 September 2013 - 08:18 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2013 03

Ran by Bill (administrator) on LENOVO-36A82AC7 on 15-09-2013 09:12:01
Running from C:\Documents and Settings\Bill\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
() C:\Program Files\Eigen\MiraServ\MiraServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
(Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
() C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(IBM Corporation) C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
(Dropbox, Inc.) C:\Documents and Settings\Bill\Application Data\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [128296 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] - C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [94208 2005-08-29] ()
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-29] (ATI Technologies, Inc.)
HKLM\...\Run: [LPManager] - C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [106496 2005-11-24] (Lenovo Group Limited)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [409600 2005-12-15] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [98304 2005-12-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\ACNotify: ACNotify.dll [X]
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\tpfnf2: C:\Windows\system32\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Windows\system32\tphklock.dll ()
Winlogon\Notify\WgaLogon: C:\Windows\system32\WgaLogon.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Bill\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
StartMenuInternet: IEXPLORE.EXE - %programfiles%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://passage.northwest.ca/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://passage.northwest.ca/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\585pfolf.default
FF SelectedSearchEngine: Delta Search
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\585pfolf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [40960 2005-12-15] ()
R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation)
S3 EapSgnSvc; C:\Program Files\Common Files\Wlan SDK\EapSgnSvc.exe [156560 2011-07-06] (Smith Micro Software, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MiraServ; C:\Program Files\Eigen\MiraServ\MiraServ.exe [245760 2005-07-25] ()
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-07] ()
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [372809 2005-07-23] (Intel Corporation )
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
S2 PEVSystemStart; "C:\plips27296p\pev.3XE" EXEC /i "C:\plips27296p\HIDEC.3XE" "C:\plips27296p\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2011-03-02] (Meetinghouse Data Communications)
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-11-08] (IBM Corp.)
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm.sys [15872 2005-02-24] (Atmel, Inc.)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-05-02] (Broadcom Corporation)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-21] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2432 2005-11-08] ()
R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2012-11-29] (LogMeIn, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-09] (MalwareBytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 NWVMModem; C:\Windows\System32\DRIVERS\nwvmmdm.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 NWVMPort; C:\Windows\System32\DRIVERS\nwvmser.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 NWVMPort2; C:\Windows\System32\DRIVERS\nwvmser2.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2000-06-01] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11354 2005-07-23] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73216 1999-07-20] ()
R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2005-08-10] (Microsoft Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9340 2005-08-10] ()
R1 TPHKDRV; C:\Windows\System32\Drivers\TPHKDRV.sys [17699 2005-07-05] (IBM Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2005-08-10] ()
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [3289088 2005-07-20] (Intel® Corporation)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 Nmea; system32\DRIVERS\pctnullport.sys [x]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SMSIWLAN5; \??\C:\PROGRA~1\Sprint\Sprint SmartView\SMSIWLAN5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-15 09:11 - 2013-09-15 09:11 - 00000000 ____D C:\FRST
2013-09-15 09:11 - 2013-09-15 09:06 - 01084047 _____ (Farbar) C:\Documents and Settings\Bill\Desktop\FRST.exe
2013-09-13 15:04 - 2013-09-13 15:01 - 00688992 ____R (Swearware) C:\Documents and Settings\Bill\Desktop\dds.scr
2013-09-13 09:54 - 2013-09-13 09:57 - 1191829574 _____ C:\nwc-wiki.dyndns.zip
2013-09-12 12:54 - 2013-09-12 12:54 - 00005246 _____ C:\WINDOWS\setupapi.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00004106 _____ C:\WINDOWS\KB2876315.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003978 _____ C:\WINDOWS\KB2870699.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003601 _____ C:\WINDOWS\KB2850869.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003588 _____ C:\WINDOWS\KB2876217.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003586 _____ C:\WINDOWS\KB2864063.log
2013-09-11 17:12 - 2013-09-11 17:12 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-11 17:12 - 2013-09-11 17:12 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-11 17:12 - 2013-09-11 17:12 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-09-11 13:58 - 2013-09-12 03:55 - 00003917 _____ C:\WINDOWS\KB2859537.log
2013-09-11 13:23 - 2013-09-11 14:23 - 09430408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-09-09 19:34 - 2013-09-09 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-09-09 17:51 - 2013-09-09 14:12 - 05124371 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\plips.exe
2013-09-09 14:13 - 2013-09-09 14:13 - 00000000 ____D C:\Qoobox
2013-09-09 14:13 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-09 14:13 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-09 14:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-09 14:13 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-09 14:03 - 2013-09-09 14:49 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-09 14:03 - 2013-09-09 14:12 - 05124371 ____R (Swearware) C:\Documents and Settings\Bill\Desktop\ComboFix.exe
2013-09-09 13:05 - 2013-09-09 16:07 - 00007514 _____ C:\WINDOWS\bitssetup.log
2013-09-09 13:03 - 2013-09-09 13:03 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\Bill\Desktop\MicrosoftFixit.wu.LB.147302176943228398.2.1.Run.exe
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Program Files\Auslogics
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-09-09 12:43 - 2013-09-09 12:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Apache HTTP Server 2.2
2013-09-09 12:33 - 2013-09-09 12:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-09 12:32 - 2013-09-09 12:32 - 00000000 ____D C:\Documents and Settings\Bill\Desktop\htdocs
2013-09-09 12:30 - 2013-09-09 12:30 - 06438912 _____ C:\Documents and Settings\Bill\Desktop\httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
2013-09-09 11:33 - 2013-09-12 07:34 - 00000102 _____ C:\Documents and Settings\Bill\Desktop\pwd.txt
2013-09-09 11:25 - 2013-09-13 14:51 - 00000000 ____D C:\nwc-wiki.dyndns.org
2013-09-09 11:25 - 2013-09-11 18:16 - 00000137 _____ C:\Documents and Settings\Bill\Desktop\.htaccess

==================== One Month Modified Files and Folders =======

2013-09-15 09:12 - 2011-03-21 12:10 - 01333073 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-15 09:11 - 2013-09-15 09:11 - 00000000 ____D C:\FRST
2013-09-15 09:11 - 2012-03-15 14:07 - 00000000 ____D C:\Documents and Settings\Bill\Application Data\Dropbox
2013-09-15 09:10 - 2012-07-20 20:35 - 00000000 ___RD C:\Dropbox
2013-09-15 09:09 - 2013-01-18 17:21 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2013-09-15 09:09 - 2004-08-09 15:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-15 09:09 - 1980-01-01 04:00 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-15 09:06 - 2013-09-15 09:11 - 01084047 _____ (Farbar) C:\Documents and Settings\Bill\Desktop\FRST.exe
2013-09-13 15:01 - 2013-09-13 15:04 - 00688992 ____R (Swearware) C:\Documents and Settings\Bill\Desktop\dds.scr
2013-09-13 14:58 - 2011-03-02 18:36 - 00000178 ___SH C:\Documents and Settings\Bill\ntuser.ini
2013-09-13 14:58 - 2004-08-09 15:02 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-13 14:51 - 2013-09-09 11:25 - 00000000 ____D C:\nwc-wiki.dyndns.org
2013-09-13 14:23 - 2013-02-13 12:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-13 09:57 - 2013-09-13 09:54 - 1191829574 _____ C:\nwc-wiki.dyndns.zip
2013-09-12 15:40 - 2013-02-21 15:57 - 00002377 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-12 12:54 - 2013-09-12 12:54 - 00005246 _____ C:\WINDOWS\setupapi.log
2013-09-12 07:34 - 2013-09-09 11:33 - 00000102 _____ C:\Documents and Settings\Bill\Desktop\pwd.txt
2013-09-12 03:55 - 2013-09-12 03:55 - 00004106 _____ C:\WINDOWS\KB2876315.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003978 _____ C:\WINDOWS\KB2870699.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003601 _____ C:\WINDOWS\KB2850869.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003588 _____ C:\WINDOWS\KB2876217.log
2013-09-12 03:55 - 2013-09-12 03:55 - 00003586 _____ C:\WINDOWS\KB2864063.log
2013-09-12 03:55 - 2013-09-11 13:58 - 00003917 _____ C:\WINDOWS\KB2859537.log
2013-09-11 18:16 - 2013-09-09 11:25 - 00000137 _____ C:\Documents and Settings\Bill\Desktop\.htaccess
2013-09-11 17:12 - 2013-09-11 17:12 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-11 17:12 - 2013-09-11 17:12 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-11 17:12 - 2013-09-11 17:12 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-09-11 14:23 - 2013-09-11 13:23 - 09430408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-09-11 14:23 - 2012-04-12 05:07 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 14:23 - 2011-05-23 13:00 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-09 19:34 - 2013-09-09 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-09-09 18:54 - 2013-05-21 11:47 - 00000000 __SHD C:\WINDOWS\CSC
2013-09-09 16:07 - 2013-09-09 13:05 - 00007514 _____ C:\WINDOWS\bitssetup.log
2013-09-09 15:02 - 2013-07-24 09:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-09 14:49 - 2013-09-09 14:03 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-09 14:31 - 2004-08-09 14:52 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-09-09 14:13 - 2013-09-09 14:13 - 00000000 ____D C:\Qoobox
2013-09-09 14:13 - 2012-07-20 19:44 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-09 14:12 - 2013-09-09 17:51 - 05124371 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\plips.exe
2013-09-09 14:12 - 2013-09-09 14:03 - 05124371 ____R (Swearware) C:\Documents and Settings\Bill\Desktop\ComboFix.exe
2013-09-09 13:58 - 2012-06-19 19:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-09 13:04 - 2011-03-03 15:20 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-09-09 13:03 - 2013-09-09 13:03 - 00347424 _____ (Microsoft Corporation) C:\Documents and Settings\Bill\Desktop\MicrosoftFixit.wu.LB.147302176943228398.2.1.Run.exe
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Program Files\Auslogics
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-09-09 12:51 - 2011-03-03 12:16 - 00000000 ____D C:\Program Files\CCleaner
2013-09-09 12:43 - 2013-09-09 12:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Apache HTTP Server 2.2
2013-09-09 12:37 - 2012-06-19 19:31 - 00000000 ____D C:\Program Files\Java
2013-09-09 12:36 - 2013-09-09 12:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-09 12:32 - 2013-09-09 12:32 - 00000000 ____D C:\Documents and Settings\Bill\Desktop\htdocs
2013-09-09 12:30 - 2013-09-09 12:30 - 06438912 _____ C:\Documents and Settings\Bill\Desktop\httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
2013-09-09 12:07 - 2011-03-19 15:56 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-09 12:05 - 2012-07-20 20:32 - 00000000 ____D C:\Documents and Settings\Bill\Start Menu\Programs\Dropbox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[1980-01-01 04:00] - [2008-04-13 20:12] - 1033728 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[1980-01-01 04:00] - [2008-04-13 20:12] - 0507904 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[1980-01-01 04:00] - [2008-04-13 20:12] - 0014336 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[1980-01-01 04:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[1980-01-01 04:00] - [2008-04-13 20:12] - 0578560 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[1980-01-01 04:00] - [2008-04-13 20:12] - 0026112 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[1980-01-01 04:00] - [2008-04-13 14:41] - 0052352 ____A (Microsoft Corporation)


==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-09-2013 03
Ran by Bill at 2013-09-15 09:14:03
Running from C:\Documents and Settings\Bill\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Apache HTTP Server 2.2.25 (Version: 2.2.25)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5157)
ATI Display Driver (Version: 8.362-070405a-046261C)
ATI HYDRAVISION (Version: 3.25.0006)
Auslogics DiskDefrag (Version: 4.1.0.0)
Bomgar Representative Console 12.1.4 [connect.torex.com] (Version: 12.1.4)
Borland Database Engine
Broadband2Go (Version: 3.00.13.011)
CCleaner (Version: 4.05)
Charles 3.7 (Version: 3.7.0.0)
CNET TechTracker (HKCU Version: 2.1.0)
Download App (HKCU Version: 1.1.0)
Dropbox (HKCU Version: 2.2.13)
FolderMatch v3.7.0
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HitmanPro 3.7 (Version: 3.7.7.205)
ImgBurn (Version: 2.5.8.0)
InstallVC90Support (Version: 1.01.0000)
Intel® PROSet/Wireless Software
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Lexmark Software Uninstall
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
mCore (Version: 1.31.0000)
mDriver (Version: 1.31.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools (Version: 9.4.5000.00)
Microsoft SQL Server Management Studio Express (Version: 9.00.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiraServ (Version: 1.00.0000)
mMHouse (Version: 1.31.0000)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
mPfMgr (Version: 1.31.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.31.0000)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
NWC SMS Refrsh
Openfield front end
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001)
Sentinel System Driver
SlickEdit 2012 (17.0.3) (Version: 17.0.3)
SoundMAX (Version: 5.10.01.4230)
SpeedFan (remove only)
Store Management Program
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
TextPad 7 (Version: 7.0.9)
ThinkPad Configuration (Version: 1.50a)
ThinkPad FullScreen Magnifier (Version: 1.15)
ThinkPad Modem (Version: 7.62.00)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.43)
ThinkPad Power Manager (Version: 1.10a)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Wizard (Version: 3.01)
ThinkVantage Access Connections (Version: 4.01)
ThinkVantage Productivity Center (Version: 1.02)
ThinkVantage Technologies Welcome Message (Version: 1.10a)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virgin Mobile Broadband Modem Drivers (Version: 1.001.02.001)
Wallpapers (Version: 2.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
XP Themes (Version: 1.00.0000)

==================== Restore Points  =========================

09-09-2013 20:12:47 ComboFix created restore point
11-09-2013 19:04:56 System Checkpoint
12-09-2013 20:00:16 System Checkpoint

==================== Hosts content: ==========================

1980-01-01 04:00 - 2011-03-23 15:01 - 00000767 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
172.25.96.89    openfield.srspos.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-25 12:23 - 2013-01-25 16:37 - 00092520 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2011-03-02 18:38 - 2005-06-17 02:23 - 00024576 _____ () C:\WINDOWS\system32\tphklock.dll
2013-03-25 12:23 - 2013-01-25 16:37 - 00084352 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2013-03-25 12:23 - 2013-01-25 16:37 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2013-02-04 20:17 - 2011-02-28 18:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2013-03-25 12:23 - 2013-01-25 16:37 - 00053096 _____ (LogMeIn, Inc.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMIproc.dll
2011-03-03 12:12 - 2008-07-06 08:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2011-03-02 18:22 - 2005-12-15 20:56 - 00151552 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
2011-03-02 18:22 - 2005-12-15 20:56 - 00143360 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
2011-03-02 18:22 - 2005-12-15 20:56 - 00077824 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
2011-03-02 18:22 - 2005-12-15 20:56 - 00069632 _____ () C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
2011-03-02 18:22 - 2005-12-15 21:12 - 00466944 _____ () C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll
2011-03-02 18:22 - 2005-12-15 21:13 - 00114688 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
2011-03-02 18:22 - 2005-12-15 21:10 - 00094208 _____ () C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
2013-04-04 18:12 - 2013-04-04 18:12 - 00130736 _____ (Dropbox, Inc.) C:\Documents and Settings\Bill\Application Data\Dropbox\bin\DropboxExt.19.dll
2011-03-02 18:22 - 2005-08-10 05:10 - 00036864 _____ () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2011-03-02 18:22 - 2005-08-10 05:10 - 00073728 _____ () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2011-07-18 20:02 - 2011-07-18 20:02 - 00113024 _____ (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
2013-03-28 17:06 - 2011-08-18 11:22 - 00323584 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
2013-03-28 17:06 - 2010-02-03 11:21 - 00100880 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2011-03-02 18:22 - 2005-12-15 21:14 - 00409600 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
2011-03-02 18:22 - 2005-12-15 21:13 - 00069632 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
2011-03-02 18:22 - 2005-12-15 21:12 - 00090112 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
2011-03-02 18:22 - 2005-12-15 21:12 - 00069632 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcMuroc.dll
1980-01-01 04:00 - 2010-04-23 01:16 - 00173352 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
1980-01-01 04:00 - 2010-04-23 01:16 - 00165160 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2011-03-02 18:06 - 2005-11-24 05:02 - 00057344 _____ () C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
2012-11-13 19:32 - 2012-11-13 19:32 - 03558400 _____ (wxWidgets development team) C:\Documents and Settings\Bill\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 24978944 _____ () C:\Documents and Settings\Bill\Application Data\Dropbox\bin\libcef.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 09956864 _____ (The ICU Project) C:\Documents and Settings\Bill\Application Data\Dropbox\bin\icudt.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: OHCI Compliant IEEE 1394 Host Controller
Description: OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Manufacturer: IEEE 1394 OHCI Compliant Host Controller Vendor
Service: ohci1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2013 00:10:19 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.101 for ServerName     .

Error: (09/09/2013 00:00:12 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.101 for ServerName     .

Error: (09/09/2013 11:47:05 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.215.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (09/09/2013 11:01:08 AM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .

Error: (08/07/2013 11:50:44 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/17/2013 11:49:02 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.3.215.00x80004002morrobootstraper__cupgradeflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2013 01:20:43 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x8000ffffpatchapplicationam bde11.1.4406.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

Error: (07/03/2013 01:17:09 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x80070652mpupdateengineam bde11.1.4406.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

Error: (07/03/2013 00:43:29 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .

Error: (05/17/2013 00:28:58 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (09/15/2013 09:09:21 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/15/2013 09:09:21 AM) (Source: Service Control Manager) (User: )
Description: The Sentinel service depends on the Parallel port driver service which failed to start because of the following error:
%%1058

Error: (09/15/2013 09:09:21 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (09/13/2013 04:10:54 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/13/2013 04:10:54 PM) (Source: Service Control Manager) (User: )
Description: The Sentinel service depends on the Parallel port driver service which failed to start because of the following error:
%%1058

Error: (09/13/2013 04:10:54 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (09/13/2013 04:02:48 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/13/2013 04:02:48 PM) (Source: Service Control Manager) (User: )
Description: The Sentinel service depends on the Parallel port driver service which failed to start because of the following error:
%%1058

Error: (09/13/2013 04:02:48 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (09/13/2013 04:02:12 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 00163628C10D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (09/09/2013 00:10:19 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.101 for ServerName

Error: (09/09/2013 00:00:12 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.101 for ServerName

Error: (09/09/2013 11:47:05 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.215.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (09/09/2013 11:01:08 AM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

Error: (08/07/2013 11:50:44 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/17/2013 11:49:02 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.3.215.00x80004002morrobootstraper__cupgradeflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2013 01:20:43 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x8000ffffpatchapplicationam bde11.1.4406.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

Error: (07/03/2013 01:17:09 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070652mpupdateengineam bde11.1.4406.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

Error: (07/03/2013 00:43:29 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

Error: (05/17/2013 00:28:58 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1534.36 MB
Available physical RAM: 766.7 MB
Total Pagefile: 3430.64 MB
Available Pagefile: 2796.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.03 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:51.68 GB) (Free:27.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 56 GB) (Disk ID: CCCDCCCD)
Partition 1: (Active) - (Size=52 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 16 September 2013 - 01:16 AM

Reboot into safe mode and retry combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 16 September 2013 - 09:50 AM

Hi.

 

I rebooted into safe mode with networking. I started ComboFix. There was an update so I chose to download and run that. At 10:14am ComboFix had displayed the "... may easily double" message. At 10:32am the clock froze. I can still move the mouse pointer. No stages have been displayed yet. It's now 10:45am.

 

What would you like me to do now?

Thanks,

Bill



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 16 September 2013 - 10:22 AM

Can you hear the hard disk working or do you have other significant evidences of activity within your computer?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 16 September 2013 - 10:31 AM

I looked at the laptop's disk drive activity light for 60 seconds. I did not see any disk drive activity.



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 16 September 2013 - 10:33 AM

Do a repair installation following these steps:

 

http://www.wikihow.com/Do-a-Windows-XP-%22Repair-Install%22

 

 

Tell me if that worked for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 bill02888

bill02888
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 18 September 2013 - 08:33 AM

At this point I just feel safer reloading the whole system. Thank you for all of your help. Please close this "ticket".

 

Bill



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 19 September 2013 - 02:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users