Multiple Iexplore.exe processes, slow computer, starts & stops

Inactive
By jbullion
Nov 16, 2011
  1. Following the 5 step process, here are the logs from the scans I ran:

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by JLBullion at 10:25:08 on 2011-11-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.926 [GMT -5:00]
    .
    AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\system32\hasplms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\UsbBoost\TurboHddUsb.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\I8kfanGUI\I8kfanGUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\JLBullion\Desktop\gkuinc0u.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = https://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
    TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
    TB: {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: LinkedIn JobsInsider: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
    uRun: [Google Update] "c:\documents and settings\jlbullion\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [DXDllRegExe] dxdllreg.exe
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [UsbBoost] c:\program files\usbboost\TurboHddUsb.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: army.mil\www.us
    Trusted Zone: bluemountain.com\www
    Trusted Zone: cnn.com\www
    Trusted Zone: dell.com\support
    Trusted Zone: pentagon.mil\uc2apps.hqda-aoc.army
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader5.cab
    DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
    DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bwpglobal.webex.com/client/T27LB/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vnet.ndu.edu/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
    TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
    TCP: Interfaces\{18402DA6-097C-4D1A-92D1-8214CE350BD8} : DhcpNameServer = 71.243.0.12 68.237.161.12
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer c2mp\TerraExplorerX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    AppInit_DLLs: wxvault.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
    LSA: Authentication Packages = msv1_0 wvauth
    LSA: Notification Packages =
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 195.245.119.131 browser-security.microsoft.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-11-14 17904]
    R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2009-11-14 14464]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-12-26 7936]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-11-14 2979280]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
    R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-11-14 51632]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-12 106104]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111114.004\NAVENG.SYS [2011-11-14 86136]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111114.004\NAVEX15.SYS [2011-11-14 1576312]
    RUnknown CDAVFS;CDAVFS; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
    S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-12-26 23680]
    S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
    S3 vsdatant;vsdatant; [x]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 14:40:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-15 14:40:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-15 12:01:32 56200 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eab6f176-1508-4275-96b3-a981e7e29a0c}\offreg.dll
    2011-11-15 12:01:27 6668624 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eab6f176-1508-4275-96b3-a981e7e29a0c}\mpengine.dll
    2011-11-14 16:38:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-11-08 05:20:25 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
    2011-11-08 05:19:36 -------- d-----w- c:\program files\common files\Authentium
    2011-11-08 04:24:46 -------- dc----w- c:\documents and settings\jlbullion\application data\Blackberry Desktop
    2011-11-08 04:19:32 -------- dc----w- c:\documents and settings\jlbullion\application data\Research In Motion
    2011-11-08 04:16:48 -------- dc----w- c:\documents and settings\all users\application data\Research In Motion
    2011-11-08 04:16:01 -------- d-----w- c:\program files\Research In Motion
    2011-11-07 18:51:04 -------- d-----w- c:\program files\CCleaner
    2011-11-03 00:31:17 -------- d-----w- c:\program files\common files\Verizon Shared
    2011-11-03 00:31:16 -------- dc----w- c:\documents and settings\all users\application data\Wi-Fi Connect
    2011-11-03 00:31:16 -------- dc----w- c:\documents and settings\all users\application data\WEngineLite
    2011-11-03 00:31:16 -------- d-----w- c:\program files\Wi-Fi Connect
    2011-11-03 00:31:11 7640576 ----a-w- c:\windows\WiFi_Connect.msi
    2011-11-03 00:30:22 -------- dc----w- c:\documents and settings\all users\application data\WiFiTemp
    2011-11-03 00:28:51 -------- d-----w- c:\documents and settings\jlbullion\local settings\application data\SupportSoft
    2011-11-02 13:27:42 -------- d-----w- c:\documents and settings\jlbullion\local settings\application data\Deployment
    2011-11-01 13:13:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-01 13:13:53 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-10-27 16:00:08 -------- dc----w- c:\documents and settings\all users\application data\GoBoingo(2)
    2011-10-26 17:55:48 90016 ----a-w- c:\windows\system32\drivers\btserial.sys
    .
    ==================== Find3M ====================
    .
    2011-11-02 13:27:59 60304 ----a-w- c:\documents and settings\jlbullion\g2mdlhlpx.exe
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-24 03:33:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-23 18:23:59 256 -c--a-w- c:\documents and settings\jlbullion\pool.bin
    2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 10:28:27.42 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/13/2006 9:52:36 PM
    System Uptime: 11/15/2011 3:30:14 AM (7 hours ago)
    .
    Motherboard: Dell Inc. | | 0JK187
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 22.613 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
    Service: b57w2k
    .
    ==== System Restore Points ===================
    .
    RP908: 9/23/2011 10:58:47 PM - Removed BlackBerry Desktop Software 4.3.
    RP909: 9/23/2011 11:08:55 PM - Removed Roxio Media Manager
    RP910: 9/23/2011 11:51:39 PM - Installed BlackBerry Desktop Software 6.1.
    RP911: 9/23/2011 11:57:42 PM - Installed Windows XP Wdf01009.
    RP912: 9/25/2011 5:14:22 PM - System Checkpoint
    RP913: 9/26/2011 7:00:18 AM - Software Distribution Service 3.0
    RP914: 9/27/2011 2:22:09 AM - Software Distribution Service 3.0
    RP915: 9/28/2011 9:00:38 AM - System Checkpoint
    RP916: 9/29/2011 8:09:25 AM - Software Distribution Service 3.0
    RP917: 9/30/2011 10:07:02 AM - Software Distribution Service 3.0
    RP918: 10/1/2011 10:29:56 PM - System Checkpoint
    RP919: 10/3/2011 9:33:20 AM - System Checkpoint
    RP920: 10/4/2011 4:53:36 AM - Software Distribution Service 3.0
    RP921: 10/5/2011 9:32:22 AM - System Checkpoint
    RP922: 10/7/2011 7:59:12 AM - Software Distribution Service 3.0
    RP923: 10/8/2011 8:03:29 AM - System Checkpoint
    RP924: 10/9/2011 10:12:33 AM - System Checkpoint
    RP925: 10/10/2011 11:42:20 AM - System Checkpoint
    RP926: 10/11/2011 7:13:40 AM - Software Distribution Service 3.0
    RP927: 10/12/2011 7:53:03 AM - System Checkpoint
    RP928: 10/13/2011 6:57:39 AM - Software Distribution Service 3.0
    RP929: 10/14/2011 7:06:15 AM - Software Distribution Service 3.0
    RP930: 10/14/2011 12:30:36 PM - Software Distribution Service 3.0
    RP931: 10/14/2011 1:59:38 PM - Software Distribution Service 3.0
    RP932: 10/17/2011 10:15:11 AM - System Checkpoint
    RP933: 10/18/2011 7:30:04 AM - Software Distribution Service 3.0
    RP934: 10/19/2011 1:44:46 PM - System Checkpoint
    RP935: 10/21/2011 12:10:24 AM - System Checkpoint
    RP936: 10/21/2011 6:08:43 PM - Software Distribution Service 3.0
    RP937: 10/23/2011 3:51:52 PM - System Checkpoint
    RP938: 10/25/2011 1:35:56 AM - Removed BlackBerry Desktop Software 6.1.
    RP939: 10/25/2011 1:55:16 AM - Installed BlackBerry Desktop Software 6.1.
    RP940: 10/25/2011 8:38:12 AM - Software Distribution Service 3.0
    RP941: 10/26/2011 9:52:45 PM - System Checkpoint
    RP942: 10/27/2011 11:59:28 AM - Removed Boingo Wi-Fi
    RP943: 10/27/2011 12:00:07 PM - Installed Boingo Wi-Finder
    RP944: 10/28/2011 1:07:00 PM - System Checkpoint
    RP945: 10/28/2011 7:57:24 PM - Software Distribution Service 3.0
    RP946: 10/30/2011 9:52:00 AM - System Checkpoint
    RP947: 10/31/2011 6:44:54 PM - System Checkpoint
    RP948: 11/1/2011 9:11:01 AM - Restore Operation
    RP949: 11/1/2011 10:29:35 AM - Removed Boingo Wi-Fi
    RP950: 11/1/2011 10:31:11 AM - Removed Bonjour
    RP951: 11/1/2011 11:06:43 PM - Software Distribution Service 3.0
    RP952: 11/2/2011 3:00:49 AM - Software Distribution Service 3.0
    RP953: 11/3/2011 8:31:57 AM - System Checkpoint
    RP954: 11/4/2011 9:40:33 AM - Software Distribution Service 3.0
    RP955: 11/6/2011 7:46:20 PM - System Checkpoint
    RP956: 11/7/2011 10:47:58 PM - Removed BlackBerry Desktop Software 6.1.
    RP957: 11/7/2011 11:15:07 PM - Installed BlackBerry Desktop Software 6.1.
    RP958: 11/8/2011 10:42:04 AM - Software Distribution Service 3.0
    RP959: 11/10/2011 6:48:51 AM - Software Distribution Service 3.0
    RP960: 11/11/2011 4:22:02 PM - Software Distribution Service 3.0
    RP961: 11/12/2011 9:01:00 AM - Software Distribution Service 3.0
    RP962: 11/13/2011 12:20:40 PM - System Checkpoint
    RP963: 11/15/2011 7:01:24 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    5500
    5500_Help
    5500Tour
    5500Trb
    Acrobat.com
    ActivClient CAC 6.1 x86
    ActivIdentity Device Installer
    Adobe Acrobat Connect Add-in
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    Adobe® Photoshop® Album Starter Edition 3.2
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Application Support
    Apple Software Update
    ApproveIt Desktop 5.8.2
    ArcExplorer Java Edition
    ATT-RC Self Support Tool
    AVSDK5
    BlackBerry Desktop Software 6.1
    Carbonite
    CCleaner
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    CutePDF Writer 2.8
    DBsign Web Signer
    Emsisoft Anti-Malware
    Facebook Plug-In
    Fax
    Genie Backup Assistant
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.0.0.799
    Honda Worldwide BETA Screen Saver
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Driver Diagnostics
    HP Image Zone 3.5
    HP PSC & OfficeJet 3.5
    I8kfanGUI V3.1
    InstallVC90Support
    iTunes
    Java(TM) 6 Update 25
    KODAK Gallery Upload Software
    LinkedIn Internet Explorer Toolbar
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Sounds
    Microsoft Office Standard Edition 2003
    Microsoft Outlook Personal Folders Backup
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    MSXML4 Parser
    OGA Notifier 2.0.0048.0
    ooVoo
    Overland
    Philips PC Camera
    PrintScreen
    PureEdge Viewer 6.5
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    SCR531 Smartcard Reader
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Simple Family Tree (remove only)
    Skype™ 3.8
    Sportsmans Challenge
    Spybot - Search & Destroy
    Symantec Endpoint Protection
    TerraExplorer C2MP
    TerraGo Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URGE
    UsbBoost
    WebEx
    Wi-Fi Connect
    WIDCOMM Bluetooth Software
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Detect
    Yontoo Layers Runtime (Drop Down Deals) 1.10.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 9:59:13 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
    11/9/2011 11:43:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 172.16.42.1 (The DHCP Server sent a DHCPNACK message).
    11/9/2011 1:39:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 192.168.146.1 (The DHCP Server sent a DHCPNACK message).
    11/8/2011 5:50:58 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    11/8/2011 3:58:12 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
    11/8/2011 11:31:07 AM, error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.
    11/15/2011 9:58:33 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    11/15/2011 10:00:18 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    11/14/2011 4:55:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasAuto service.
    11/14/2011 10:43:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    11/13/2011 11:36:08 AM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
    11/13/2011 11:35:13 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    11/13/2011 11:35:11 AM, error: Service Control Manager [7000] - The NetBEUI Protocol service failed to start due to the following error: The system cannot find the file specified.
    11/12/2011 9:01:16 AM, error: Dhcp [1002] - The IP address lease 172.16.31.14 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/11/2011 9:21:31 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE931A87. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/11/2011 9:21:06 AM, error: Dhcp [1002] - The IP address lease 192.239.36.102 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/11/2011 9:09:02 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/11/2011 9:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    11/11/2011 4:27:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
    11/10/2011 6:43:19 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
    11/10/2011 6:42:11 AM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2011 1:37:22 PM, error: Dhcp [1002] - The IP address lease 192.168.40.168 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-15 12:44:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541080G9SA00 rev.MB4OC60R
    Running: gkuinc0u.exe; Driver: C:\DOCUME~1\JLBULL~1\LOCALS~1\Temp\pxtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    Emsisoft Anti-Malware - Version 6.0
    Last update: 11/14/2011 11:52:11 AM
    Edit to delete unrequested scan resulta from Emsisoft by Bobbye
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I will help with the malware problem, but here are some comments and questions:

    First: the main problem is malware called SpywareProtect2009 It shows in you logs as
    Hosts: 195.245.119.131 browser-security.microsoft.com This is a fake rogue security program. This IP is in UA Ukraine, and that where your searches are being directed.
    =======================================
    1. Is there some reason why you ran scan with Emisoft instead of Malwarebytes? I have removed that log and would like you to run Mbam instead:

    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    2. You are running 2 antivirus programs: Emisoft & Symantec. Not only can this create a vulnerability, but it can also slow the system down.: I recommend that you remove Emisoft. Here is part of 1 review to tell you why:
    Please reboot the computer when the removal is complete.
    ===========================
    3. There are processes from 8 outdated Java programs, none is the current version. There are also a vulnerability:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    4. I strongly recommend that you remove these domains from the Trusted Zone. The security is lower in that zone and this creates another vulnerability. Nothing need to be in this zone!
    Trusted Zone: army.mil\www.us
    Trusted Zone: bluemountain.com\www
    Trusted Zone: cnn.com\www
    Trusted Zone: dell.com\support
    ===========================================
    5. When using IE8, it is normal to have multiple iexplore.exe processes. But since malware can hide within almost any name, it is possible to have malware6. The main reason you are slow is because you are running too many unnecessary processes. They start on boot, slow the load time down, slow the surf time down more as you add temporary internet file, then slows the shutdown time.
    =========================================
    6. How much RAM is installed? Your report of slows and stops would be an indication of not having enough RAM.
    =======================================
    7. Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please include logs from the following in next reply:
    Malwarebytes
    Combofix
    Eset online scan
    .
  3. jbullion

    jbullion Newcomer, in training Topic Starter

    Thanks!

    Wow! a lot to do! Thank you.

    In the meantime, here is the malware log:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8182

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/17/2011 8:42:45 AM
    mbam-log-2011-11-17 (08-42-45).txt

    Scan type: Quick scan
    Objects scanned: 184799
    Time elapsed: 12 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. jbullion

    jbullion Newcomer, in training Topic Starter

    Combofix log 1

    ComboFix 11-11-17.03 - JLBullion 11/17/2011 9:47:37.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1797 [GMT -5:00]
    Running from: C:\Documents and Settings\JLBullion\Desktop\Malware\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\All Users\Application Data\Tarma Installer
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    C:\Documents and Settings\JLBullion\g2mdlhlpx.exe
    C:\Documents and Settings\JLBullion\GoToAssistDownloadHelper.exe
    C:\Documents and Settings\JLBullion\WINDOWS
    C:\install.exe
    C:\restore
    C:\WINDOWS\CSC\d6
    C:\WINDOWS\system\msjava.dll
    C:\WINDOWS\system32\msjava.dll
    C:\WINDOWS\system32\PowerToyReadme.htm


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS


    ((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))


    2011-11-17 15:12:17 . 2011-11-17 15:12:22 56200 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EAB6F176-1508-4275-96B3-A981E7E29A0C}\offreg.dll
    2011-11-15 14:40:07 . 2011-11-17 13:28:32 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2011-11-15 14:40:07 . 2011-08-31 22:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-11-15 12:01:27 . 2011-10-07 03:48:07 6668624 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EAB6F176-1508-4275-96B3-A981E7E29A0C}\mpengine.dll
    2011-11-15 11:57:49 . 2011-11-15 11:57:49 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
    2011-11-14 16:38:56 . 2011-11-17 13:53:13 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
    2011-11-08 05:20:25 . 2011-11-08 05:18:29 96200 ----a-w- C:\WINDOWS\system32\drivers\CDAVFS.sys
    2011-11-08 05:19:36 . 2011-11-08 05:19:36 -------- d-----w- C:\Program Files\Common Files\Authentium
    2011-11-08 04:24:46 . 2011-11-08 04:24:50 -------- dc----w- C:\Documents and Settings\JLBullion\Application Data\Blackberry Desktop
    2011-11-08 04:19:32 . 2011-11-08 04:21:01 -------- dc----w- C:\Documents and Settings\JLBullion\Application Data\Research In Motion
    2011-11-08 04:16:48 . 2011-11-08 04:16:49 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Research In Motion
    2011-11-08 04:16:01 . 2011-11-08 04:16:01 -------- d-----w- C:\Program Files\Research In Motion
    2011-11-07 18:51:04 . 2011-11-07 18:51:09 -------- d-----w- C:\Program Files\CCleaner
    2011-11-03 00:31:17 . 2011-11-03 00:31:17 -------- d-----w- C:\Program Files\Common Files\Verizon Shared
    2011-11-03 00:31:16 . 2011-11-03 00:31:17 -------- d-----w- C:\Program Files\Wi-Fi Connect
    2011-11-03 00:31:16 . 2011-11-03 00:31:16 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Wi-Fi Connect
    2011-11-03 00:31:16 . 2011-11-03 00:31:16 -------- dc----w- C:\Documents and Settings\All Users\Application Data\WEngineLite
    2011-11-03 00:31:11 . 2009-10-16 15:52:12 7640576 ----a-w- C:\WINDOWS\WiFi_Connect.msi
    2011-11-03 00:30:22 . 2011-11-03 00:31:38 -------- dc----w- C:\Documents and Settings\All Users\Application Data\WiFiTemp
    2011-11-03 00:28:51 . 2011-11-03 00:40:58 -------- d-----w- C:\Documents and Settings\JLBullion\Local Settings\Application Data\SupportSoft
    2011-11-02 13:27:42 . 2011-11-02 13:27:58 -------- d-----w- C:\Documents and Settings\JLBullion\Local Settings\Application Data\Deployment
    2011-11-01 13:13:53 . 2011-11-01 13:13:53 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
    2011-10-27 16:00:08 . 2011-11-01 13:13:21 -------- dc----w- C:\Documents and Settings\All Users\Application Data\GoBoingo(2)
    2011-10-26 17:55:48 . 2009-08-14 16:16:56 90016 ----a-w- C:\WINDOWS\system32\drivers\btserial.sys
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-10-10 14:22:41 . 2004-08-11 22:12:51 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
    2011-10-07 03:48:07 . 2009-05-01 00:43:23 6668624 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-10-03 10:06:03 . 2010-06-18 17:22:58 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    2011-10-03 07:37:52 . 2007-12-15 17:01:37 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2011-09-28 07:06:50 . 2004-08-11 22:00:04 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
    2011-09-26 15:41:20 . 2008-07-29 23:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
    2011-09-26 15:41:20 . 2004-08-11 22:00:27 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
    2011-09-26 15:41:14 . 2004-08-11 22:00:27 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
    2011-09-24 03:33:29 . 2011-09-24 03:33:29 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2011-09-23 18:23:59 . 2010-09-02 02:36:34 256 -c--a-w- C:\Documents and Settings\JLBullion\pool.bin
    2011-09-06 13:20:51 . 2011-02-09 20:05:18 1858944 ------w- C:\WINDOWS\system32\win32k.sys
    2011-08-22 23:48:55 . 2004-08-11 22:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2011-08-22 23:48:54 . 2004-08-11 22:00:18 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
    2011-08-22 23:48:54 . 2004-08-11 22:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2011-08-22 11:56:39 . 2004-08-11 22:00:16 385024 ------w- C:\WINDOWS\system32\html.iec
  5. jbullion

    jbullion Newcomer, in training Topic Starter

    Combofix 2

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
    @="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
    [HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
    2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 16:58:12 856064]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 11:16:24 39408]
    "GBMLite8AgentLaCie"="C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 13:05:32 189056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AprvRemoveLegacyExcelKeys"="C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 20:14:00 73728]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 20:14:00 7401472]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 10:56:08 176128]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 21:47:22 115560]
    "masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 14:50:04 643072]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 13:28:06 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 13:28:26 602182]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 00:12:41 110592]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-08 00:13:38 176128]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 12:38:42 241664]
    "accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 20:08:08 293168]
    "ApproveItForOfficeSetup"="C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2007-10-29 14:49:12 155648]
    "TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-09-14 12:49:32 273528]
    "Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 00:52:00 948880]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920]
    "UsbBoost"="C:\Program Files\UsbBoost\TurboHddUsb.exe" [2011-01-06 04:19:12 3788800]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 02:35:16 397312]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-01-14 19:25:18 421888]
    "nwiz"="nwiz.exe" [2006-01-19 20:14:00 1519616]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11:42 49152]
    "GBMLite8AgentLaCie"="C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 13:05:32 189056]
    "RIMBBLaunchAgent.exe"="C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 16:47:12 79192]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    MiddReadmefirst.lnk.disabled [2006-6-13 436]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
    MiddReadmefirst.lnk - C:\MiddReadmefirst.doc [N/A]
  6. jbullion

    jbullion Newcomer, in training Topic Starter

    Combofix 3

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-05-15 20:08:16 112640 ----a-w- C:\WINDOWS\system32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-05-15 20:08:12 281088 ----a-w- C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\WINDOWS\system32\wxvault.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "acautoup"=2 (0x2)
    "acachsrv"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Boingo Wi-Fi"=C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk
    "Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
  7. jbullion

    jbullion Newcomer, in training Topic Starter

    Combofix 4

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\WINDOWS\\system32\\mshta.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\kdx\\KHost.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "C:\\WINDOWS\\system32\\hasplms.exe"=
    "C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
    "C:\\Program Files\\ooVoo\\ooVoo.exe"=
    "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "C:\\Documents and Settings\\JLBullion\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
  8. jbullion

    jbullion Newcomer, in training Topic Starter

    Combofix 5

    R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [11/14/2009 5:37:02 AM 14464]
    R1 FNETURPX;FNETURPX;C:\WINDOWS\system32\drivers\FNETURPX.SYS [12/26/2010 8:15:36 AM 7936]
    R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 3:08:40 PM 182576]
    R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run --> C:\WINDOWS\system32\hasplms.exe -run [?]
    R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46:12 PM 117288]
    R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46:18 PM 117288]
    R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46:20 PM 154152]
    R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 6:19:58 PM 13592]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 9:18:57 AM 106104]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [3/24/2010 9:09:31 AM 135664]
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\drivers\COH_Mon.sys [1/12/2008 5:32:00 PM 23888]
    S3 FNETTBOH;FNETTBOH;C:\WINDOWS\system32\drivers\FNETTBOH.SYS [12/26/2010 8:15:31 AM 23680]
    S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\drivers\SCR131C.sys [11/7/2002 3:04:00 AM 181875]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\drivers\SCR33X2K.sys [4/6/2004 3:24:00 AM 64088]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [3/24/2010 9:09:31 AM 135664]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12


    Contents of the 'Scheduled Tasks' folder

    2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-24 14:09:31 . 2010-03-24 14:09:07]

    2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-24 14:09:31 . 2010-03-24 14:09:07]

    2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4195382807-151745795-1897967598-1011Core.job
    - C:\Documents and Settings\JLBullion\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:35:46 . 2011-06-03 01:18:05]

    2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4195382807-151745795-1897967598-1011UA.job
    - C:\Documents and Settings\JLBullion\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:35:46 . 2011-06-03 01:18:05]

    2011-11-17 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20:06 . 2006-11-03 23:20:06]

    2011-11-17 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4195382807-151745795-1897967598-1011.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22:56 . 2011-08-11 19:22:56]

    2011-11-08 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4195382807-151745795-1897967598-1011.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22:56 . 2011-08-11 19:22:56]

    2011-11-16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{04EFCAD1-05AD-4D30-AD83-977AB3B54C3E}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 22:36:40 . 2009-03-08 08:31:54]


    ------- Supplementary Scan -------

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = https://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
    DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
    DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
    DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx

    - - - - ORPHANS REMOVED - - - -

    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-DXDllRegExe - dxdllreg.exe
    HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    SafeBoot-Symantec Antvirus
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Do you plan to complete the Combofix log?

    It looks like you're adding some spaces- please don't do that> paste the log in as is, just making sure that Word Wrap is unchecked.
    =============================================
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===================================
    You have multiple Wi-Fi processes running. This could put you at risk.[/b
    ===================================
  10. jbullion

    jbullion Newcomer, in training Topic Starter

    Thanks, Bobbye

    I was having trouble pasting and sending the ComboFix results - Techspot kept telling me that the file included too many (>9) graphics - but it is a text file...I was modifying to try to get it through. Any ideas?

    I have 2.5 GB of RAM.

    Results of screen317's Security Check version 0.99.28
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Symantec Endpoint Protection
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    ArcExplorer Java Edition
    Java(TM) 6 Update 29
    Adobe Flash Player ( 10.0.45.2) Flash Player out of Date!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Common Files Authentium AntiVirus5 vsedsps.exe
    Common Files Authentium AntiVirus5 vseamps.exe
    Common Files Authentium AntiVirus5 vseqrts.exe
    JLBullion Desktop Malware SecurityCheck.exe
    ``````````End of Log````````````
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    There have been a couple of glitches in the board the past few days. Work is being done and sometimes it can create a temporary problem. All have been reported, some fixed. But I'd like you to report the complete Combofix log. I'm going to deleting the current log- it isn't the full log and it should not take so many posts.

    If you get the 'graphic' notice, stop for now.
  12. jbullion

    jbullion Newcomer, in training Topic Starter

    Here's what I get when I try to send the Combofix results:

    1.You have included 9 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

    Images include use of smilies, the BB code [​IMG]
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    As mentioned, there was a glitch in the board while to busy elves were working on the site. I though all the problems had been resolved.

    Please try to post it again. Be sure you don't add any Smiley faced. There is a green Smiley that automatically shows in some entries. If you have a lots of these files with little green faces, please let me know.
    =========================================
    You are also running 2 antivirus programs:
    Symantec Endpoint Protection
    AuthentiumAntiVirus5

    Please remove one of them and reboot when finished.
    ----------------------------
    It appears that you are participating in SharPoint Foundation 2010 (WROX)
    http://msdn.microsoft.com/en-us/library/hh537942.aspx

    https://www.nothingbutsharepoint.co...12 Hive File Differences from SP1 to SP2.aspx

    DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
    DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
    -------------------------------------
    Are you also using the school network?
    http://www3.davidson.edu/cms/x12.xml?debug=2

    DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx


    Do any processes above or related to the above have green faces on parts of the entry or multiple asterisks> **** ?

    You have an extraordinary number of processes running- that's why I asked about the RAM
     
  14. jbullion

    jbullion Newcomer, in training Topic Starter

    Thanks, Bobbye. Here it is. Just tried again with the same result - can I send you the file?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    It appears that this is a work system with a military connection:
    1. .There are multiple layers of encryption + Multiple AVn:
      [o]ActivClient CAC 6.1 x86
      [o]ActivIdentity Device Installer
      ActivIdentity ActivClient software enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login.
      [o]EMBASSY® Trust Suite
      [o]Authentium AntiVirus5 + Symantec
      [o]NTRU Cryptosystems,
    2. . There are military domains in the Trusted Zone:
      [o]Trusted Zone: army.mil\www.us
      [o]Trusted Zone: pentagon.mil\uc2apps.hqda-aoc.army
    3. . There are specific military-related entries:
      [o]ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
      "ApproveIt allows Army users the ability to difitally sign forms using your CAC.
      [o]hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
      [o] hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
      United States Joint Forces Command (USJFCOM)
    =======================================
    And as I mentioned previously, there are a great number of processes running>> which I'm confident are going to slow the system down and also possibly cause it to crash.

    I have no information on the system other than what I'm seeing in the logs, but your subject line could all cover the multiple processes.

    If this system is being used in a military environment, it would be more prudent to allow someone used by the military to review or make changes.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.