Might a virus be responsible for multiple attempts to access a webpage from my PC?

Resolved
By ormolu611
Jul 5, 2011
Topic Status:
Not open for further replies.
  1. Hello all, I hope I am posting this in the correct area. I have gotten great, top notch help here before from Bobbye, and decided to check in again for a very important question that I have with hopes that someone can help.

    A significant portion of my income is from the acceptance of "orders" for property valuations over the internet. These are like informal appraisals that I complete as a real estate agent. I received an email message this morning from the employing company stating that my account has been frozen because I was caught using auto accept software. The thing is, I have done no such thing!

    The coordinator told me that there was an attempt to access my account every three minutes from 6:30pm to 8:20pm with 62 failed attempts. My question is this:

    What could possibly explain an attempt every 3 minutes to my account with 62 failed attempts? A virus? A hacker?

    I am trying to resolve the issue so that I can go back to the coordinator with some useful information to not only exonerate myself, but to get back to work asap! The bottom line is that I have used no auto accept software at all and have attempted no downloads for any such thing. I need to make sure that whatever happened does not happen again. Thanks!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You should understand that thousands of scan are sent very day looking for unprotected systems. If your system security is good: Current ipdates antivirus program, bi-directional firewall, 2 or more antimalware programs of different types, the access should be prevented.

    A few years ago, I once watched as my firewall blocked over 200 attempts to access my computer through one of the music file sharing ports in 10 minutes. (I don't download or do any file sharing). None got through, but that didn't prevent the machine that was trying from sending the scans. Probably some kids looking for free music!

    I do not have enough information at this point, to give you any information of what is happening. Scans from the internet to access unprotected system are "normal internet traffic." You coordinator was much too vague> if 62 attempts were made to access and 62 attempts were blocked, then it sounds like your security is doing it's job!

    If you'd like me to check the system now, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7029

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18372

    7/5/2011 5:16:45 PM
    mbam-log-2011-07-05 (17-16-45).txt

    Scan type: Quick scan
    Objects scanned: 177428
    Time elapsed: 6 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Okay Bobbye, I just received the information from my coordinator that I am pasting below for you to review when you have time. I hope it helps. As I said before, the thing is, I have no kind of auto logger that I installed on my pc. I am at a loss here as to what could have caused this. Thanks.


    Per our IT department:



    Please see log below, session expired, followed immediately by excessive automated login attempts every 3 minutes. The timing of the logins after session expiration would indicate an auto logger of some kind, maybe something like Robo Form. Yes, our software is doing its job and he was locked out after 21 unsuccessful attempts.



    emlprodpv.emlprod.serror_log:[10732] 07/04/2011 08:36:25 WebLogin:Re-Authen Session Expired or Not Found U:LOVET1 IP:174.150.213.44

    emlprodpv.emlprod.serror_log:[32706] 07/04/2011 18:07:31 WebLogin:Re-Authen Session Expired or Not Found U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[32706] 07/04/2011 18:07:31 WebLogin:Re-Authen [Login Time Expired] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[19744] 07/04/2011 18:07:32 WebLogin:Authenticate [Account Password Error: 1] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[18417] 07/04/2011 18:07:33 WebLogin:Authenticate [Account Password Error: 2] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10967] 07/04/2011 18:07:33 WebLogin:Authenticate [Account Password Error: 3] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10443] 07/04/2011 18:07:33 WebLogin:Authenticate [Account Password Error: 5] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[3339 ] 07/04/2011 18:07:33 WebLogin:Authenticate [Account Password Error: 5] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[2586 ] 07/04/2011 18:07:33 WebLogin:Authenticate [Account Password Error: 6] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[3137 ] 07/04/2011 18:08:49 WebLogin:Authenticate [Account Password Error: 7] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 18:09:02 WebLogin:Authenticate [Account Password Error: 8] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26110] 07/04/2011 18:11:52 WebLogin:Authenticate [Account Password Error: 9] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24033] 07/04/2011 18:12:04 WebLogin:Authenticate [Account Password Error: 10] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[3339 ] 07/04/2011 18:14:55 WebLogin:Authenticate [Account Password Error: 11] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[12906] 07/04/2011 18:15:08 WebLogin:Authenticate [Account Password Error: 12] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[14730] 07/04/2011 18:18:04 WebLogin:Authenticate [Account Password Error: 13] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[18417] 07/04/2011 18:18:18 WebLogin:Authenticate [Account Password Error: 14] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5600 ] 07/04/2011 18:21:15 WebLogin:Authenticate [Account Password Error: 15] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[30920] 07/04/2011 18:21:29 WebLogin:Authenticate [Account Password Error: 16] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7985 ] 07/04/2011 18:24:20 WebLogin:Authenticate [Account Password Error: 17] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[14730] 07/04/2011 18:24:32 WebLogin:Authenticate [Account Password Error: 18] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24033] 07/04/2011 18:27:22 WebLogin:Authenticate [Account Password Error: 19] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[31890] 07/04/2011 18:27:35 WebLogin:Authenticate [Account Password Error: 20] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7210 ] 07/04/2011 18:30:25 WebLogin:Authenticate [Too Many Password Attempts: 21] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10967] 07/04/2011 18:30:36 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10967] 07/04/2011 18:30:36 WebLogin:Authenticate [Too Many Password Attempts: 22] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 18:33:27 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 18:33:28 WebLogin:Authenticate [Too Many Password Attempts: 23] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10732] 07/04/2011 18:33:40 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10732] 07/04/2011 18:33:40 WebLogin:Authenticate [Too Many Password Attempts: 24] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26180] 07/04/2011 18:36:30 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26180] 07/04/2011 18:36:30 WebLogin:Authenticate [Too Many Password Attempts: 25] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[30920] 07/04/2011 18:36:41 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[30920] 07/04/2011 18:36:41 WebLogin:Authenticate [Too Many Password Attempts: 26] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 18:39:31 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 18:39:31 WebLogin:Authenticate [Too Many Password Attempts: 27] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 18:39:43 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 18:39:43 WebLogin:Authenticate [Too Many Password Attempts: 28] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[3339 ] 07/04/2011 18:42:34 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[3339 ] 07/04/2011 18:42:34 WebLogin:Authenticate [Too Many Password Attempts: 29] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[388 ] 07/04/2011 18:42:46 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[388 ] 07/04/2011 18:42:46 WebLogin:Authenticate [Too Many Password Attempts: 30] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24124] 07/04/2011 18:46:00 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24124] 07/04/2011 18:46:00 WebLogin:Authenticate [Too Many Password Attempts: 31] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1666 ] 07/04/2011 18:49:02 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1666 ] 07/04/2011 18:49:02 WebLogin:Authenticate [Too Many Password Attempts: 32] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4585 ] 07/04/2011 18:52:04 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4585 ] 07/04/2011 18:52:04 WebLogin:Authenticate [Too Many Password Attempts: 33] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10967] 07/04/2011 18:55:06 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10967] 07/04/2011 18:55:06 WebLogin:Authenticate [Too Many Password Attempts: 34] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7985 ] 07/04/2011 18:58:08 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7985 ] 07/04/2011 18:58:08 WebLogin:Authenticate [Too Many Password Attempts: 35] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 19:01:10 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 19:01:10 WebLogin:Authenticate [Too Many Password Attempts: 36] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10732] 07/04/2011 19:04:13 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[10732] 07/04/2011 19:04:13 WebLogin:Authenticate [Too Many Password Attempts: 37] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[27889] 07/04/2011 19:07:15 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[27889] 07/04/2011 19:07:15 WebLogin:Authenticate [Too Many Password Attempts: 38] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[16203] 07/04/2011 19:10:18 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[16203] 07/04/2011 19:10:18 WebLogin:Authenticate [Too Many Password Attempts: 39] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7210 ] 07/04/2011 19:13:20 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7210 ] 07/04/2011 19:13:20 WebLogin:Authenticate [Too Many Password Attempts: 40] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[31890] 07/04/2011 19:16:22 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[31890] 07/04/2011 19:16:22 WebLogin:Authenticate [Too Many Password Attempts: 41] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7720 ] 07/04/2011 19:19:24 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7720 ] 07/04/2011 19:19:24 WebLogin:Authenticate [Too Many Password Attempts: 42] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[14157] 07/04/2011 19:22:26 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[14157] 07/04/2011 19:22:26 WebLogin:Authenticate [Too Many Password Attempts: 43] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[16203] 07/04/2011 19:25:28 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[16203] 07/04/2011 19:25:28 WebLogin:Authenticate [Too Many Password Attempts: 44] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[23328] 07/04/2011 19:28:31 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[23328] 07/04/2011 19:28:31 WebLogin:Authenticate [Too Many Password Attempts: 45] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 19:31:33 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 19:31:33 WebLogin:Authenticate [Too Many Password Attempts: 46] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1309 ] 07/04/2011 19:34:35 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1309 ] 07/04/2011 19:34:35 WebLogin:Authenticate [Too Many Password Attempts: 47] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 19:37:37 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 19:37:37 WebLogin:Authenticate [Too Many Password Attempts: 48] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[21513] 07/04/2011 19:40:40 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[21513] 07/04/2011 19:40:40 WebLogin:Authenticate [Too Many Password Attempts: 49] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[27889] 07/04/2011 19:43:42 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[27889] 07/04/2011 19:43:42 WebLogin:Authenticate [Too Many Password Attempts: 50] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[31890] 07/04/2011 19:46:44 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[31890] 07/04/2011 19:46:44 WebLogin:Authenticate [Too Many Password Attempts: 51] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 19:49:46 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 19:49:46 WebLogin:Authenticate [Too Many Password Attempts: 52] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 19:52:48 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 19:52:48 WebLogin:Authenticate [Too Many Password Attempts: 53] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24133] 07/04/2011 19:55:51 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[24133] 07/04/2011 19:55:51 WebLogin:Authenticate [Too Many Password Attempts: 54] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 19:58:53 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11796] 07/04/2011 19:58:53 WebLogin:Authenticate [Too Many Password Attempts: 55] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 20:01:55 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[5948 ] 07/04/2011 20:01:55 WebLogin:Authenticate [Too Many Password Attempts: 56] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 20:04:57 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26183] 07/04/2011 20:04:57 WebLogin:Authenticate [Too Many Password Attempts: 57] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[30435] 07/04/2011 20:07:59 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[30435] 07/04/2011 20:07:59 WebLogin:Authenticate [Too Many Password Attempts: 58] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1666 ] 07/04/2011 20:11:02 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[1666 ] 07/04/2011 20:11:02 WebLogin:Authenticate [Too Many Password Attempts: 59] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7985 ] 07/04/2011 20:14:04 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[7985 ] 07/04/2011 20:14:04 WebLogin:Authenticate [Too Many Password Attempts: 60] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 20:17:07 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[4260 ] 07/04/2011 20:17:07 WebLogin:Authenticate [Too Many Password Attempts: 61] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26110] 07/04/2011 20:20:09 WebLogin:CheckDB [User Account:Locked Out] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[26110] 07/04/2011 20:20:09 WebLogin:Authenticate [Too Many Password Attempts: 62] U:LOVET1 IP:24.127.253.49

    emlprodpv.emlprod.serror_log:[11994] 07/05/2011 10:28:35 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[16907] 07/05/2011 10:28:47 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[10732] 07/05/2011 10:30:53 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[19621] 07/05/2011 10:33:56 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[23668] 07/05/2011 10:47:09 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[16203] 07/05/2011 11:22:50 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:174.150.180.155

    emlprodpv.emlprod.serror_log:[27277] 07/05/2011 12:32:18 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:108.106.39.13

    emlprodpv.emlprod.serror_log:[30473] 07/05/2011 15:03:23 WebLogin:CheckDB [User Account:Disabled] U:LOVET1 IP:108.107.100.230

    emlprodpv.emlprod.serror_log:[30473] 07/05/2011 15:03:24 WebLogin:Authenticate [Too Many Password Attempts: 63] U:LOVET1 IP:108.107.100.230
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Is this your user name on the account: U:LOVET1?
  6. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Actually,it is:

    LOVET1
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Per the entries sent to you, it appears that U:LOVE1 may be "User" = LOVE1. If that is your account name, the access attempts are being made under your account name. If by chance that isn't your user name, I found a user named LOVET1 here >>http://www.king.com/profiles/lovet1?language=en_US

    The IPs are:
    IP 174.150.213.44>> Sprint Nextel Corporation SPRINT-WIRELESS
    IP 24.127.253.49>> Comcast Cable Communications
    ===============================

    Questions and Comments:
    1. "These are like informal appraisals that I complete as a real estate agent.">>>
    Do you add these appraisals to a database by way of sending it to your employer?
    How do you do this? Do you access the database online, log in, then add the information?
    Do you send the result through email? If yes, which email are you using?
    ====================
    The coordinator has sent you a copy of their error log, showing the multiple attempts to access the database where both user and password has failed and the number of failed attempts exceeded their pre-set number.

    2. The activities I see on what the coordinator sent to you:
    1. You-or someone- was logged on to the account. It would be a secure account.
    2. A length of time passed without activity and a message was sent something to the effect of:
      "Your session have expired. Do you want to remain connected?"
    3. If answer was Yes, account would be signed on again, requiring re-authentication.
    4. Multiple attempts were made to enter the password, but the password wasn't correct.
    5. After a pre-set number of attempts that are wrong, the user will be locked out of the account.
    6. Eventually, more attempts were made to enter a password. They were wrong and again, after a pre-set number of attempts, the account were locked down again.
    7. First the user is locked out. If the behavior continues, the account will be disabled.

    3. The Web Login would go something like this:
    [o] The company may have a single sign on set up for web based services.
    [o] Some companies will use a CRYPTOCard authentication which creates a login session that lets you access services and information from many web sites. A session lasts for up to X hours and is preset by the company
    4. The basics:
    [o]Logging In> User name, Password
    [o]Logging out should follow when the session is over
    [o]To further protect against unauthorized access, inactive sessions are automatically closed. On site sessions are closed if they are idle for X hours, X minutes for sessions .
    ===============================================
    4.Account Security
    You can protect your account by taking a few simple precautions when using the web. These are especially important when using public systems at kiosks, cyber cafes, and conferences.
    • Do not leave an active web session unattended; exit the browser, logout, or lock the screen.
    • If you use a CRYTPOCard for logging in and it is lost, you should contact the company immediately
    • If you get repeated, unexplained "Invalid passcode" errors. Your account may have been compromised.
    • Do not enter your password into an unfamiliar web site; you could be giving someone you don't know the information needed to login as you.
    • Only send your login information over a secure connection. You can verify this by looking for https: in the location.
    • If you get warning screens about "certificates". You may be about to send your login information to an adversary's system.

    If any of the above Account Security applies to you, you will need to advise the company coordinator and ask for help in cleaning the system from their IT.

    I cannot handle this over this internet help forum. Even if we found and remove malware, that would not assure that the system hadn't been compromised.
    ===============================================
    I'm leaving the information for you with the hope that it will help you determine how your account could have been breached. The coordinator is doing what is necessary to protect the security of the company. You are being advised that attempt are being made to access from within your system. You are being advised, not blamed.
  8. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Bobbye. Thanks so much for this useful information. To answer your question, I do not send the completed reports via email, but rather complete the employer's online forms and submit them via this secure form directly to the employer. The interface/website is provided by and is the property of the employer. It sounds as if someone or something was trying to hack into my account? Every 3 minutes for about two hours certainly sounds automated.

    The two ip addresses that you mentioned are legit. The wireless Sprint ip address is my own network, and the Comcast one is my girlfriend's broadband connection, which is where I was when this happened it looks like. I wonder if this might be the result of something on her network? Whatever was trying to gain access obviously did not have my password, right? I would think that if I had some automatic software, it would be able to sign in just fine, because I would have provided the correct password, right? I wonder if something like this might stem from my girlfriend's network? I have to somehow convince my employer (and myself) that this will not happen again. To recap, it seems that something (because it appears automated) was trying to hack into my account, right? Am I understanding this? Thanks so very much.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Explain what you mean please and what kind of 'network' you're referring to.

    Is there some reason why you don't want to run the scans? In addition to Mbam, there is GMER and DDS. They will provide logs that may be of help.

    Please add the following scan to the others:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
  10. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_24
    Run by Thomas Love at 14:14:58 on 2011-07-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.418 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\WINDOWS\SkyTel.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.emortgagelogic.com/www/index.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513075038.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe
    mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
    mRun: [TPSODDCtl] TPSODDCtl.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [TOSDCR] TOSDCR.EXE
    mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
    mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [00THotkey] c:\windows\system32\00THotkey.exe
    mRun: [000StTHK] 000StTHK.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TFNF5] TFNF5.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://web11.farvv.com/sn/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D22A640E-00A4-4F2B-95FB-34476E405A51} : DhcpNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: psfus - psqlpwd.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    Notify: TSigNP - TSigNP.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\thomas love\application data\mozilla\firefox\profiles\olrqrkyz.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nefar.com/memberMain.php|http://flexmls.realtyweb.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\thomas love\application data\mozilla\firefox\profiles\olrqrkyz.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npxsciter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 387480]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-10 84200]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-5-12 14336]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-1 171168]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-1 141792]
    R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-3-24 98560]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-10 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-10 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-10 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88736]
    R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208]
    S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys --> c:\windows\system32\drivers\avg7core.sys [?]
    S1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys --> c:\windows\system32\drivers\avg7rsw.sys [?]
    S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys --> c:\windows\system32\drivers\avg7rsxp.sys [?]
    S1 AvgClean;AVG Clean Driver;c:\windows\system32\drivers\avgclean.sys --> c:\windows\system32\drivers\avgclean.sys [?]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-10 56064]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-10 84488]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-9-23 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-5-19 174720]
    S4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe --> c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [?]
    S4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe --> c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [?]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
    S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-1 271480]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-1 271480]
    S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-1 271480]
    S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-1 271480]
    S4 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-1 188136]
    S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976]
    .
    =============== Created Last 30 ================
    .
    2011-07-06 01:14:26 -------- d-----w- c:\program files\Carbonite
    2011-07-06 01:14:26 -------- d-----w- c:\documents and settings\all users\application data\Carbonite
    2011-06-24 05:51:27 413696 ----a-r- c:\documents and settings\thomas love\application data\microsoft\installer\{75157f34-02c6-4831-bd66-3bc49e7a8394}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2011-06-24 05:51:26 69632 ----a-r- c:\documents and settings\thomas love\application data\microsoft\installer\{75157f34-02c6-4831-bd66-3bc49e7a8394}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2011-06-24 05:51:26 413696 ----a-r- c:\documents and settings\thomas love\application data\microsoft\installer\{75157f34-02c6-4831-bd66-3bc49e7a8394}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2011-06-24 05:51:25 413696 ----a-r- c:\documents and settings\thomas love\application data\microsoft\installer\{75157f34-02c6-4831-bd66-3bc49e7a8394}\ARPPRODUCTICON.exe
    2011-06-17 19:35:11 -------- d-----w- c:\program files\iPod
    2011-06-17 19:35:05 -------- d-----w- c:\program files\iTunes
    2011-06-16 03:42:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    ==================== Find3M ====================
    .
    2011-06-24 20:27:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
    .
    ============= FINISH: 14:16:48.64 ===============
  11. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/2/2006 8:54:42 AM
    System Uptime: 7/7/2011 11:09:29 AM (3 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFC-PGA Socket | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 49.533 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2: 5/14/2011 10:45:39 AM - Googe Redirect Recovery
    RP3: 5/17/2011 1:42:08 AM - NMEA Port
    RP4: 5/17/2011 1:42:58 AM - Removed Sprint SmartView.
    RP5: 5/24/2011 8:40:07 PM - System Checkpoint
    RP6: 5/28/2011 2:21:52 PM - System Checkpoint
    RP7: 6/3/2011 7:23:05 PM - System Checkpoint
    RP8: 6/8/2011 12:54:45 PM - System Checkpoint
    RP9: 6/9/2011 7:46:51 PM - System Checkpoint
    RP10: 6/16/2011 7:24:07 PM - Software Distribution Service 3.0
    RP11: 6/19/2011 2:33:56 PM - System Checkpoint
    RP12: 6/19/2011 3:00:17 PM - Software Distribution Service 3.0
    RP13: 6/24/2011 12:32:13 AM - Installed Microsoft Office Outlook Connector
    RP14: 6/24/2011 2:10:57 PM - Software Distribution Service 3.0
    RP15: 6/29/2011 9:53:22 PM - Software Distribution Service 3.0
    RP16: 7/5/2011 7:59:57 PM - Installed Java(TM) 6 Update 26
    RP17: 7/7/2011 11:51:23 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    7300
    7300_Help
    7300Trb
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0.1
    Adobe Reader X (10.1.0)
    Agilix GoBinder Lite
    AiO_Scan
    AiOSoftware
    Akamai NetSession Interface
    ALPS Touch Pad Driver
    America Online (Choose which version to remove)
    AnswerWorks 5.0 English Runtime
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Arachnophilia 5.4
    ArcSoft Panorama Maker 5
    ArcSoft Software Suite
    AudibleManager
    Bejeweled 2 Deluxe
    BlackBerry Desktop Software 6.1
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    BufferChm
    Carbonite
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    CutePDF Writer 2.7
    Destinations
    Director
    DocProc
    DocumentViewer
    DVD-RAM Driver
    FATE
    Fax
    File Uploader
    Florida Real Estate Exam Manual
    FranklinCovey TabletPlanner
    Google AFE
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Officejet 7300 series
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPSystemDiagnostics
    Ink Art
    InstallVC90Support
    InstantShare
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 24
    K-Lite Codec Pack 5.5.1 (Standard)
    LivePost powered by PostNexus
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MapSource - City Select North America v7
    MarketResearch
    McAfee Security Scan Plus
    McAfee SecurityCenter
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Education Pack for Windows XP Tablet PC Edition
    Microsoft Energy Blue Theme Pack
    Microsoft Experience Pack for Tablet PC
    Microsoft Ink Crossword
    Microsoft Ink Desktop
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Media Transfer
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office OneNote 2003
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Publisher 2002
    Microsoft Silverlight
    Microsoft Snipping Tool 2.0
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.6.13)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    MyConnect Special Offer
    mZConfig
    Nikon Message Center
    Nikon Transfer
    oDesk Team
    Office 2003 Trial Assistant
    Opera 11.50
    PanoStandAlone
    PhotoGallery
    Picture Control Utility
    Polar Golfer
    PrimoPDF -- by Nitro PDF Software
    ProductContext
    Protector Suite 5.4
    Pure Networks Port Magic
    QFolder
    Quicken 2008
    QuickTime
    Readme
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.85
    Scan
    ScannerCopy
    SCRABBLE
    SD Secure Module
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    Tablet PC Tutorials for Microsoft Windows XP SP2
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Top Producer Editor
    TOSHIBA Accelerometer Utilities
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    TOSHIBA Display Devices Change Utility
    TOSHIBA Game Console
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility for Display Devices
    TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP
    TOSHIBA Password Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA Rotation Utility
    TOSHIBA SD Memory Boot Utility
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Tablet Access Code Logon Utility
    TOSHIBA TouchPad On/Off Utility V2.05.01
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    TrayApp
    Trial1-2-3FileConvert v3.0
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB961813)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    ViewNX
    Viewpoint Media Player
    W Photo Studio
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8 Release Candidate 1
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/6/2011 8:32:03 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.
    7/6/2011 8:31:37 PM, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 00130288A1D0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/6/2011 5:04:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
    7/6/2011 4:49:28 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.12. The machine with the IP address 192.168.0.1 did not allow the name to be claimed by this machine.
    7/1/2011 8:52:25 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    7/1/2011 8:52:25 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    7/1/2011 8:51:07 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.104. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.
    7/1/2011 2:33:11 PM, error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
    7/1/2011 2:33:11 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
    .
    ==== End Of File ===========================
     
  12. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    I'm sorry about the confusion. I am using the wrong term? When I typed network, I simply meant that I was accessing the internet using her Comcast account. I just posted the logs for your review when you have the time.

    Someone also gave me another bit of info that might prove to be helpful. I was told that IE8 can sometimes be set to auto refresh itself. I looked into my security settings, and sure enough, META REFRESH was enabled. I disabled it. I wonder if I had a browser window open to my employer's site in the background, and Internet Explorer was auto refreshing every 3 minutes? I wonder if that could come across on their end as 62 failed attempts to log in every 3 minutes? Does that even sound plausible? Thanks again for all of your help.
  13. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/07/2011 at 03:47 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7385
    Trace Rules Database Version: 5197

    Scan type : Complete Scan
    Total Scan Time : 01:03:35

    Memory items scanned : 626
    Memory threats detected : 0
    Registry items scanned : 8482
    Registry threats detected : 0
    File items scanned : 30208
    File threats detected : 160

    Adware.Tracking Cookie
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@invitemedia[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@adxpose[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ru4[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ad.wsod[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@content.yieldmanager[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@statcounter[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@collective-media[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@mm.chitika[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@overture[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@adserver.adtechus[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@r1-ads.ace.advertising[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@apmebf[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.monster[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@eyewonder[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.bridgetrack[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@pointroll[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@liveperson[3].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@affiliates.trafficsynergy[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@citi.bridgetrack[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@theclosetentrepreneur[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ar.atwola[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@burstnet[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@zillow.122.2o7[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@fastclick[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@xiti[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@doubleclick[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@media6degrees[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@revsci[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@imrworldwide[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.pointroll[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@lucidmedia[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@content.yieldmanager[3].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.m4internet[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@liveperson[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@realmedia[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@legolas-media[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@specificclick[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ad.yieldmanager[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@advertising[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@snap9.advertserve[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@tacoda.at.atwola[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@azjmp[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@trafficmp[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@accounts.youtube[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@stats.talkingpointsmemo[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@atdmt[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.undertone[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@a1.interclick[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@www.googleadservices[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@tribalfusion[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@questionmarket[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@ads.nefar[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@yieldmanager[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@interclick[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@serving-sys[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@adbrite[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@at.atwola[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@liveperson[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@mediaplex[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@mediabrandsww[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@zedo[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@counters.gigya[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@pro-market[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@microsoftwindows.112.2o7[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@sales.liveperson[2].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@t.pointroll[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@account.carbonite[1].txt
    C:\Documents and Settings\Thomas Love\Cookies\thomas_love@statse.webtrendslive[1].txt
    ia.media-imdb.com [ C:\Documents and Settings\Thomas Love\Application Data\Macromedia\Flash Player\#SharedObjects\LDQ5RESL ]
    media.mtvnservices.com [ C:\Documents and Settings\Thomas Love\Application Data\Macromedia\Flash Player\#SharedObjects\LDQ5RESL ]
    polltracker.talkingpointsmemo.com [ C:\Documents and Settings\Thomas Love\Application Data\Macromedia\Flash Player\#SharedObjects\LDQ5RESL ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\Thomas Love\Application Data\Macromedia\Flash Player\#SharedObjects\LDQ5RESL ]
    .pro-market.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .pro-market.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .xiti.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .ar.atwola.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    segment-pixel.invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    g-pixel.invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    bridge2.admarketplace.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .admarketplace.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .stopzilla.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .stopzilla.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .stopzilla.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .a1.interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\cookies.sqlite ]
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I only see Tracking Cookie for the account of Thomas Love Most are the 'run if the mil' internet advertising Cookies. But it does show you have no protection from 3rd party Cookies. I will have you reset the Cookies. If you did not check the line in SuperantiSpyware to remove the entries, run another scan and remove. Then>>>

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ============================================
    One site in particular could put you more at risk, so you need to block it:

    For IE: Access Internet Options through Tools in IE or through the Control Panel> Security tab> Restricted Sites> Sites> type the following in then click on Block:
    *. azjmp.com

    For Firefox: Open Firefox> Tools> Options> Security> Allow Cookies> Exceptions> type in *. azjmp.com> Block.

    To summarize =User Review Summary for azjmp.com
    This site spams
    Adware, spyware, or viruses
    Phishing or other scams
    Bad shopping experience
    =================================================
    For the record, I have 'allow metadata' checked. It has not caused a problem. But I still only have IE6 as I use Firefox exclusively.
    No
    =================================================
    Your are still running Windows Internet Explorer 8 Release Candidate 1 This has been out in Final Version for a while. You need to update to the final.
    ================================================
    You still have AVG v7 installed and running. This will cause a conflict with McAfee. V7 has not been support for a long time, so it doesn't have a current database:
    Download AVG Remover:32bit
    Run this AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior to launching AVG Remover.
    • Follow any screen promotes to run.
    Reboot the computer when done:
    ===================================================
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    ===========================================
    I still have some removals to run through Combofix but I don't know that any of the will solve the problem. Seems to me you need to seek some guidance from the coordinator and/or office IT. They may thing it's best to reformat and reinstall the OS. If you haven't backed up, consider doing it now.
  15. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Okay, thanks Bobbye. I am wondering though, should I follow through with these remaining steps or might it be a better idea to just reinstall the OS as you suggested? What is your honest opinion? Another related question: If I reinstall the OS, I have everything backed up via Carbonite online backup service. If there is a problem such as some malicious entity lurking on my pc, might there be a danger of reinstalling it if I recover date via Carbonite? Thanks!

    Oh, and as for using IE, I wish I didn't have to use it, but the employer's site is only compatable with IE....frustrating. Anyways, thanks again.
  16. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Sorry, but I think I just answered the Carbonite question....

    10. What if I get a virus? Will Carbonite back that up too?

    Viruses live in and affect executable files. By "executable files", I mean files that can perform some kind of task. In the past, it was safe to say that viruses only affected programs, but these days most documents support some type of embedded macro or scripting language. It's possible that documents created by Microsoft Office or other programs could contain what is called a "macro virus" - a virus that can run when that file is opened by the program that created it. Luckily, these types of viruses tend to be the easiest to correct and remove while the virus is still dormant.

    When recovering from a virus infection, my recommendation would be to reinstall your operating system and applications, and in particular a good anti-virus program. Be sure to get the latest virus definition files from the manufacturer of the anti-virus program. (This is usually included as part of your subscription, and the latest definition files can be downloaded via the Internet.) After reinstalling your operating system and anti-virus program, restore your backup, but be careful not to open your restored documents until after scanning them for viruses.

    Well, there you go. That's our top ten. I hope you find this information helpful. You can find more detail on these topics by searching the frequently asked questions in Carbonite support. But as always, if you have additional questions, please let us know by e-mailing customersupport@carbonite.com.
  17. ormolu611

    ormolu611 Newcomer, in training Topic Starter Posts: 33

    Update: Bobbye, you won't believe this, but I just heard from my coordinator and the problem was on their end this entire time! She said that when it first happened to me, it was an isolated event, but all this week, it has happened to someone new every day. Anyway, my profile has been reactivated and I am very much relieved. I will follow the instructions in your last post. Thank you for all of your help!
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Ha! So it was their server trying to hack! That is one for the books. Thanks for letting me know. Ask the coordinator if the company will pay for the grey hairs you got trying to figure out their problem!

    As for this:
    Really a convoluted statement there. Carbonite is the only site I could find using this wording. Check http://www.computerhope.com/jargon/e/execfile.htm and here http://en.wikipedia.org/wiki/Executable

    Anyway, glad you're back in good standing!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.