Inactive Multiple Iexplore.exe processes, slow computer, starts & stops

[jbullion]

Following the 5 step process, here are the logs from the scans I ran:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by JLBullion at 10:25:08 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.926 [GMT -5:00]
.
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\JLBullion\Desktop\gkuinc0u.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
TB: {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: LinkedIn JobsInsider: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.0.4.1100\LinkedinIEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
uRun: [Google Update] "c:\documents and settings\jlbullion\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UsbBoost] c:\program files\usbboost\TurboHddUsb.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: army.mil\www.us
Trusted Zone: bluemountain.com\www
Trusted Zone: cnn.com\www
Trusted Zone: dell.com\support
Trusted Zone: pentagon.mil\uc2apps.hqda-aoc.army
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader5.cab
DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bwpglobal.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vnet.ndu.edu/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
TCP: Interfaces\{18402DA6-097C-4D1A-92D1-8214CE350BD8} : DhcpNameServer = 71.243.0.12 68.237.161.12
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer c2mp\TerraExplorerX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages =
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 195.245.119.131 browser-security.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-11-14 17904]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2009-11-14 14464]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-12-26 7936]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-11-14 2979280]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-11-14 51632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-12 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111114.004\NAVENG.SYS [2011-11-14 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111114.004\NAVEX15.SYS [2011-11-14 1576312]
RUnknown CDAVFS;CDAVFS; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-12-26 23680]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 vsdatant;vsdatant; [x]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
.
=============== Created Last 30 ================
.
2011-11-15 14:40:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 14:40:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-15 12:01:32 56200 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eab6f176-1508-4275-96b3-a981e7e29a0c}\offreg.dll
2011-11-15 12:01:27 6668624 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eab6f176-1508-4275-96b3-a981e7e29a0c}\mpengine.dll
2011-11-14 16:38:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-08 05:20:25 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-11-08 05:19:36 -------- d-----w- c:\program files\common files\Authentium
2011-11-08 04:24:46 -------- dc----w- c:\documents and settings\jlbullion\application data\Blackberry Desktop
2011-11-08 04:19:32 -------- dc----w- c:\documents and settings\jlbullion\application data\Research In Motion
2011-11-08 04:16:48 -------- dc----w- c:\documents and settings\all users\application data\Research In Motion
2011-11-08 04:16:01 -------- d-----w- c:\program files\Research In Motion
2011-11-07 18:51:04 -------- d-----w- c:\program files\CCleaner
2011-11-03 00:31:17 -------- d-----w- c:\program files\common files\Verizon Shared
2011-11-03 00:31:16 -------- dc----w- c:\documents and settings\all users\application data\Wi-Fi Connect
2011-11-03 00:31:16 -------- dc----w- c:\documents and settings\all users\application data\WEngineLite
2011-11-03 00:31:16 -------- d-----w- c:\program files\Wi-Fi Connect
2011-11-03 00:31:11 7640576 ----a-w- c:\windows\WiFi_Connect.msi
2011-11-03 00:30:22 -------- dc----w- c:\documents and settings\all users\application data\WiFiTemp
2011-11-03 00:28:51 -------- d-----w- c:\documents and settings\jlbullion\local settings\application data\SupportSoft
2011-11-02 13:27:42 -------- d-----w- c:\documents and settings\jlbullion\local settings\application data\Deployment
2011-11-01 13:13:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-01 13:13:53 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-27 16:00:08 -------- dc----w- c:\documents and settings\all users\application data\GoBoingo(2)
2011-10-26 17:55:48 90016 ----a-w- c:\windows\system32\drivers\btserial.sys
.
==================== Find3M ====================
.
2011-11-02 13:27:59 60304 ----a-w- c:\documents and settings\jlbullion\g2mdlhlpx.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 03:33:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 18:23:59 256 -c--a-w- c:\documents and settings\jlbullion\pool.bin
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 10:28:27.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/13/2006 9:52:36 PM
System Uptime: 11/15/2011 3:30:14 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0JK187
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 22.613 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k
.
==== System Restore Points ===================
.
RP908: 9/23/2011 10:58:47 PM - Removed BlackBerry Desktop Software 4.3.
RP909: 9/23/2011 11:08:55 PM - Removed Roxio Media Manager
RP910: 9/23/2011 11:51:39 PM - Installed BlackBerry Desktop Software 6.1.
RP911: 9/23/2011 11:57:42 PM - Installed Windows XP Wdf01009.
RP912: 9/25/2011 5:14:22 PM - System Checkpoint
RP913: 9/26/2011 7:00:18 AM - Software Distribution Service 3.0
RP914: 9/27/2011 2:22:09 AM - Software Distribution Service 3.0
RP915: 9/28/2011 9:00:38 AM - System Checkpoint
RP916: 9/29/2011 8:09:25 AM - Software Distribution Service 3.0
RP917: 9/30/2011 10:07:02 AM - Software Distribution Service 3.0
RP918: 10/1/2011 10:29:56 PM - System Checkpoint
RP919: 10/3/2011 9:33:20 AM - System Checkpoint
RP920: 10/4/2011 4:53:36 AM - Software Distribution Service 3.0
RP921: 10/5/2011 9:32:22 AM - System Checkpoint
RP922: 10/7/2011 7:59:12 AM - Software Distribution Service 3.0
RP923: 10/8/2011 8:03:29 AM - System Checkpoint
RP924: 10/9/2011 10:12:33 AM - System Checkpoint
RP925: 10/10/2011 11:42:20 AM - System Checkpoint
RP926: 10/11/2011 7:13:40 AM - Software Distribution Service 3.0
RP927: 10/12/2011 7:53:03 AM - System Checkpoint
RP928: 10/13/2011 6:57:39 AM - Software Distribution Service 3.0
RP929: 10/14/2011 7:06:15 AM - Software Distribution Service 3.0
RP930: 10/14/2011 12:30:36 PM - Software Distribution Service 3.0
RP931: 10/14/2011 1:59:38 PM - Software Distribution Service 3.0
RP932: 10/17/2011 10:15:11 AM - System Checkpoint
RP933: 10/18/2011 7:30:04 AM - Software Distribution Service 3.0
RP934: 10/19/2011 1:44:46 PM - System Checkpoint
RP935: 10/21/2011 12:10:24 AM - System Checkpoint
RP936: 10/21/2011 6:08:43 PM - Software Distribution Service 3.0
RP937: 10/23/2011 3:51:52 PM - System Checkpoint
RP938: 10/25/2011 1:35:56 AM - Removed BlackBerry Desktop Software 6.1.
RP939: 10/25/2011 1:55:16 AM - Installed BlackBerry Desktop Software 6.1.
RP940: 10/25/2011 8:38:12 AM - Software Distribution Service 3.0
RP941: 10/26/2011 9:52:45 PM - System Checkpoint
RP942: 10/27/2011 11:59:28 AM - Removed Boingo Wi-Fi
RP943: 10/27/2011 12:00:07 PM - Installed Boingo Wi-Finder
RP944: 10/28/2011 1:07:00 PM - System Checkpoint
RP945: 10/28/2011 7:57:24 PM - Software Distribution Service 3.0
RP946: 10/30/2011 9:52:00 AM - System Checkpoint
RP947: 10/31/2011 6:44:54 PM - System Checkpoint
RP948: 11/1/2011 9:11:01 AM - Restore Operation
RP949: 11/1/2011 10:29:35 AM - Removed Boingo Wi-Fi
RP950: 11/1/2011 10:31:11 AM - Removed Bonjour
RP951: 11/1/2011 11:06:43 PM - Software Distribution Service 3.0
RP952: 11/2/2011 3:00:49 AM - Software Distribution Service 3.0
RP953: 11/3/2011 8:31:57 AM - System Checkpoint
RP954: 11/4/2011 9:40:33 AM - Software Distribution Service 3.0
RP955: 11/6/2011 7:46:20 PM - System Checkpoint
RP956: 11/7/2011 10:47:58 PM - Removed BlackBerry Desktop Software 6.1.
RP957: 11/7/2011 11:15:07 PM - Installed BlackBerry Desktop Software 6.1.
RP958: 11/8/2011 10:42:04 AM - Software Distribution Service 3.0
RP959: 11/10/2011 6:48:51 AM - Software Distribution Service 3.0
RP960: 11/11/2011 4:22:02 PM - Software Distribution Service 3.0
RP961: 11/12/2011 9:01:00 AM - Software Distribution Service 3.0
RP962: 11/13/2011 12:20:40 PM - System Checkpoint
RP963: 11/15/2011 7:01:24 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5500
5500_Help
5500Tour
5500Trb
Acrobat.com
ActivClient CAC 6.1 x86
ActivIdentity Device Installer
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Software Update
ApproveIt Desktop 5.8.2
ArcExplorer Java Edition
ATT-RC Self Support Tool
AVSDK5
BlackBerry Desktop Software 6.1
Carbonite
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
DBsign Web Signer
Emsisoft Anti-Malware
Facebook Plug-In
Fax
Genie Backup Assistant
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.0.0.799
Honda Worldwide BETA Screen Saver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
I8kfanGUI V3.1
InstallVC90Support
iTunes
Java(TM) 6 Update 25
KODAK Gallery Upload Software
LinkedIn Internet Explorer Toolbar
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Sounds
Microsoft Office Standard Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MSXML4 Parser
OGA Notifier 2.0.0048.0
ooVoo
Overland
Philips PC Camera
PrintScreen
PureEdge Viewer 6.5
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
SCR531 Smartcard Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Simple Family Tree (remove only)
Skype™ 3.8
Sportsmans Challenge
Spybot - Search & Destroy
Symantec Endpoint Protection
TerraExplorer C2MP
TerraGo Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
UsbBoost
WebEx
Wi-Fi Connect
WIDCOMM Bluetooth Software
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yontoo Layers Runtime (Drop Down Deals) 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 9:59:13 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
11/9/2011 11:43:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 172.16.42.1 (The DHCP Server sent a DHCPNACK message).
11/9/2011 1:39:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 192.168.146.1 (The DHCP Server sent a DHCPNACK message).
11/8/2011 5:50:58 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
11/8/2011 3:58:12 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
11/8/2011 11:31:07 AM, error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.
11/15/2011 9:58:33 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/15/2011 10:00:18 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/14/2011 4:55:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasAuto service.
11/14/2011 10:43:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/13/2011 11:36:08 AM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
11/13/2011 11:35:13 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
11/13/2011 11:35:11 AM, error: Service Control Manager [7000] - The NetBEUI Protocol service failed to start due to the following error: The system cannot find the file specified.
11/12/2011 9:01:16 AM, error: Dhcp [1002] - The IP address lease 172.16.31.14 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/11/2011 9:21:31 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE931A87. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/11/2011 9:21:06 AM, error: Dhcp [1002] - The IP address lease 192.239.36.102 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/11/2011 9:09:02 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2011 9:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/11/2011 4:27:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
11/10/2011 6:43:19 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
11/10/2011 6:42:11 AM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2011 1:37:22 PM, error: Dhcp [1002] - The IP address lease 192.168.40.168 for the Network Card with network address 0018DE931A87 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-15 12:44:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541080G9SA00 rev.MB4OC60R
Running: gkuinc0u.exe; Driver: C:\DOCUME~1\JLBULL~1\LOCALS~1\Temp\pxtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Emsisoft Anti-Malware - Version 6.0
Last update: 11/14/2011 11:52:11 AM
Edit to delete unrequested scan resulta from Emsisoft by Bobbye

 

[Bobbye]

Welcome to TechSpot! I will help with the malware problem, but here are some comments and questions:

First: the main problem is malware called SpywareProtect2009 It shows in you logs as
Hosts: 195.245.119.131 browser-security.microsoft.com This is a fake rogue security program. This IP is in UA Ukraine, and that where your searches are being directed.
=======================================
1. Is there some reason why you ran scan with Emisoft instead of Malwarebytes? I have removed that log and would like you to run Mbam instead:

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware from from HERE
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
  [o] If you accidentally close it, the log file is saved here and will be named like this:
  [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

========================
2. You are running 2 antivirus programs: Emisoft & Symantec. Not only can this create a vulnerability, but it can also slow the system down.: I recommend that you remove Emisoft. Here is part of 1 review to tell you why:

Program fails to thoroughly remove detected malware. Explicitly identifies valid programs as malware. One-dimensional behavior blocking blocks many valid programs.

Emsisoft Anti-Malware 5.0 is great at finding malware; too bad it flopped at removing what it found. It erroneously flagged several valid programs as specific, named malware, and its behavior-based detection kills both good and bad programs.

Please reboot the computer when the removal is complete.
===========================
3. There are processes from 8 outdated Java programs, none is the current version. There are also a vulnerability:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
4. I strongly recommend that you remove these domains from the Trusted Zone. The security is lower in that zone and this creates another vulnerability. Nothing need to be in this zone!
Trusted Zone: army.mil\www.us
Trusted Zone: bluemountain.com\www
Trusted Zone: cnn.com\www
Trusted Zone: dell.com\support
===========================================
5. When using IE8, it is normal to have multiple iexplore.exe processes. But since malware can hide within almost any name, it is possible to have malware6. The main reason you are slow is because you are running too many unnecessary processes. They start on boot, slow the load time down, slow the surf time down more as you add temporary internet file, then slows the shutdown time.
=========================================
6. How much RAM is installed? Your report of slows and stops would be an indication of not having enough RAM.
=======================================
7. Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please include logs from the following in next reply:
Malwarebytes
Combofix
Eset online scan
.

 

[jbullion]

Thanks!

Wow! a lot to do! Thank you.

In the meantime, here is the malware log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8182

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2011 8:42:45 AM
mbam-log-2011-11-17 (08-42-45).txt

Scan type: Quick scan
Objects scanned: 184799
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[jbullion]

Combofix log 1

ComboFix 11-11-17.03 - JLBullion 11/17/2011 9:47:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1797 [GMT -5:00]
Running from: C:\Documents and Settings\JLBullion\Desktop\Malware\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\Tarma Installer
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Documents and Settings\JLBullion\g2mdlhlpx.exe
C:\Documents and Settings\JLBullion\GoToAssistDownloadHelper.exe
C:\Documents and Settings\JLBullion\WINDOWS
C:\install.exe
C:\restore
C:\WINDOWS\CSC\d6
C:\WINDOWS\system\msjava.dll
C:\WINDOWS\system32\msjava.dll
C:\WINDOWS\system32\PowerToyReadme.htm


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))


2011-11-17 15:12:17 . 2011-11-17 15:12:22 56200 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EAB6F176-1508-4275-96B3-A981E7E29A0C}\offreg.dll
2011-11-15 14:40:07 . 2011-11-17 13:28:32 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-15 14:40:07 . 2011-08-31 22:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-15 12:01:27 . 2011-10-07 03:48:07 6668624 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EAB6F176-1508-4275-96B3-A981E7E29A0C}\mpengine.dll
2011-11-15 11:57:49 . 2011-11-15 11:57:49 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2011-11-14 16:38:56 . 2011-11-17 13:53:13 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
2011-11-08 05:20:25 . 2011-11-08 05:18:29 96200 ----a-w- C:\WINDOWS\system32\drivers\CDAVFS.sys
2011-11-08 05:19:36 . 2011-11-08 05:19:36 -------- d-----w- C:\Program Files\Common Files\Authentium
2011-11-08 04:24:46 . 2011-11-08 04:24:50 -------- dc----w- C:\Documents and Settings\JLBullion\Application Data\Blackberry Desktop
2011-11-08 04:19:32 . 2011-11-08 04:21:01 -------- dc----w- C:\Documents and Settings\JLBullion\Application Data\Research In Motion
2011-11-08 04:16:48 . 2011-11-08 04:16:49 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Research In Motion
2011-11-08 04:16:01 . 2011-11-08 04:16:01 -------- d-----w- C:\Program Files\Research In Motion
2011-11-07 18:51:04 . 2011-11-07 18:51:09 -------- d-----w- C:\Program Files\CCleaner
2011-11-03 00:31:17 . 2011-11-03 00:31:17 -------- d-----w- C:\Program Files\Common Files\Verizon Shared
2011-11-03 00:31:16 . 2011-11-03 00:31:17 -------- d-----w- C:\Program Files\Wi-Fi Connect
2011-11-03 00:31:16 . 2011-11-03 00:31:16 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Wi-Fi Connect
2011-11-03 00:31:16 . 2011-11-03 00:31:16 -------- dc----w- C:\Documents and Settings\All Users\Application Data\WEngineLite
2011-11-03 00:31:11 . 2009-10-16 15:52:12 7640576 ----a-w- C:\WINDOWS\WiFi_Connect.msi
2011-11-03 00:30:22 . 2011-11-03 00:31:38 -------- dc----w- C:\Documents and Settings\All Users\Application Data\WiFiTemp
2011-11-03 00:28:51 . 2011-11-03 00:40:58 -------- d-----w- C:\Documents and Settings\JLBullion\Local Settings\Application Data\SupportSoft
2011-11-02 13:27:42 . 2011-11-02 13:27:58 -------- d-----w- C:\Documents and Settings\JLBullion\Local Settings\Application Data\Deployment
2011-11-01 13:13:53 . 2011-11-01 13:13:53 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-10-27 16:00:08 . 2011-11-01 13:13:21 -------- dc----w- C:\Documents and Settings\All Users\Application Data\GoBoingo(2)
2011-10-26 17:55:48 . 2009-08-14 16:16:56 90016 ----a-w- C:\WINDOWS\system32\drivers\btserial.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-10 14:22:41 . 2004-08-11 22:12:51 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-10-07 03:48:07 . 2009-05-01 00:43:23 6668624 -c--a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 10:06:03 . 2010-06-18 17:22:58 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-10-03 07:37:52 . 2007-12-15 17:01:37 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-09-28 07:06:50 . 2004-08-11 22:00:04 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 15:41:20 . 2008-07-29 23:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 15:41:20 . 2004-08-11 22:00:27 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 15:41:14 . 2004-08-11 22:00:27 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-09-24 03:33:29 . 2011-09-24 03:33:29 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-09-23 18:23:59 . 2010-09-02 02:36:34 256 -c--a-w- C:\Documents and Settings\JLBullion\pool.bin
2011-09-06 13:20:51 . 2011-02-09 20:05:18 1858944 ------w- C:\WINDOWS\system32\win32k.sys
2011-08-22 23:48:55 . 2004-08-11 22:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-08-22 23:48:54 . 2004-08-11 22:00:18 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
2011-08-22 23:48:54 . 2004-08-11 22:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-08-22 11:56:39 . 2004-08-11 22:00:16 385024 ------w- C:\WINDOWS\system32\html.iec

 

[jbullion]

Combofix 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52:02 762000 ----a-r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 16:58:12 856064]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 11:16:24 39408]
"GBMLite8AgentLaCie"="C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 13:05:32 189056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"NVHotkey"="nvHotkey.dll" [2006-01-19 20:14:00 73728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 20:14:00 7401472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 10:56:08 176128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 21:47:22 115560]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 14:50:04 643072]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 13:28:06 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 13:28:26 602182]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 00:12:41 110592]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-08 00:13:38 176128]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 12:38:42 241664]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 20:08:08 293168]
"ApproveItForOfficeSetup"="C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2007-10-29 14:49:12 155648]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-09-14 12:49:32 273528]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 00:52:00 948880]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920]
"UsbBoost"="C:\Program Files\UsbBoost\TurboHddUsb.exe" [2011-01-06 04:19:12 3788800]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 02:35:16 397312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-01-14 19:25:18 421888]
"nwiz"="nwiz.exe" [2006-01-19 20:14:00 1519616]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11:42 49152]
"GBMLite8AgentLaCie"="C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 13:05:32 189056]
"RIMBBLaunchAgent.exe"="C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 16:47:12 79192]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MiddReadmefirst.lnk.disabled [2006-6-13 436]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
MiddReadmefirst.lnk - C:\MiddReadmefirst.doc [N/A]

 

[jbullion]

Combofix 3

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 20:08:16 112640 ----a-w- C:\WINDOWS\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 20:08:12 281088 ----a-w- C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"acautoup"=2 (0x2)
"acachsrv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Boingo Wi-Fi"=C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

 

[jbullion]

Combofix 4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\WINDOWS\\system32\\hasplms.exe"=
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Documents and Settings\\JLBullion\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

 

[jbullion]

Combofix 5

R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [11/14/2009 5:37:02 AM 14464]
R1 FNETURPX;FNETURPX;C:\WINDOWS\system32\drivers\FNETURPX.SYS [12/26/2010 8:15:36 AM 7936]
R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 3:08:40 PM 182576]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run --> C:\WINDOWS\system32\hasplms.exe -run [?]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46:12 PM 117288]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46:18 PM 117288]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46:20 PM 154152]
R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 6:19:58 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 9:18:57 AM 106104]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [3/24/2010 9:09:31 AM 135664]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\drivers\COH_Mon.sys [1/12/2008 5:32:00 PM 23888]
S3 FNETTBOH;FNETTBOH;C:\WINDOWS\system32\drivers\FNETTBOH.SYS [12/26/2010 8:15:31 AM 23680]
S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\system32\drivers\SCR131C.sys [11/7/2002 3:04:00 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\drivers\SCR33X2K.sys [4/6/2004 3:24:00 AM 64088]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [3/24/2010 9:09:31 AM 135664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12


Contents of the 'Scheduled Tasks' folder

2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-24 14:09:31 . 2010-03-24 14:09:07]

2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-24 14:09:31 . 2010-03-24 14:09:07]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4195382807-151745795-1897967598-1011Core.job
- C:\Documents and Settings\JLBullion\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:35:46 . 2011-06-03 01:18:05]

2011-11-17 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4195382807-151745795-1897967598-1011UA.job
- C:\Documents and Settings\JLBullion\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 20:35:46 . 2011-06-03 01:18:05]

2011-11-17 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20:06 . 2006-11-03 23:20:06]

2011-11-17 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4195382807-151745795-1897967598-1011.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22:56 . 2011-08-11 19:22:56]

2011-11-08 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4195382807-151745795-1897967598-1011.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22:56 . 2011-08-11 19:22:56]

2011-11-16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{04EFCAD1-05AD-4D30-AD83-977AB3B54C3E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 22:36:40 . 2009-03-08 08:31:54]


------- Supplementary Scan -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx

- - - - ORPHANS REMOVED - - - -

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
SafeBoot-Symantec Antvirus
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

 

[Bobbye]

Do you plan to complete the Combofix log?

It looks like you're adding some spaces- please don't do that> paste the log in as is, just making sure that Word Wrap is unchecked.
=============================================
Download Security Check by screen317 from one of these links:
Link1
Link 2

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================
You have multiple Wi-Fi processes running. This could put you at risk.[/b
===================================

6. How much RAM is installed? Your report of slows and stops would be an indication of not having enough RAM.

 

[jbullion]

Thanks, Bobbye

I was having trouble pasting and sending the ComboFix results - Techspot kept telling me that the file included too many (>9) graphics - but it is a text file...I was modifying to try to get it through. Any ideas?

I have 2.5 GB of RAM.

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
ArcExplorer Java Edition
Java(TM) 6 Update 29
Adobe Flash Player ( 10.0.45.2) Flash Player out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
JLBullion Desktop Malware SecurityCheck.exe
``````````End of Log````````````

 

[Bobbye]

There have been a couple of glitches in the board the past few days. Work is being done and sometimes it can create a temporary problem. All have been reported, some fixed. But I'd like you to report the complete Combofix log. I'm going to deleting the current log- it isn't the full log and it should not take so many posts.

If you get the 'graphic' notice, stop for now.

 

[Bobbye]

As mentioned, there was a glitch in the board while to busy elves were working on the site. I though all the problems had been resolved.

Please try to post it again. Be sure you don't add any Smiley faced. There is a green Smiley that automatically shows in some entries. If you have a lots of these files with little green faces, please let me know.
=========================================
You are also running 2 antivirus programs:
Symantec Endpoint Protection
AuthentiumAntiVirus5

Please remove one of them and reboot when finished.
----------------------------
It appears that you are participating in SharPoint Foundation 2010 (WROX)
http://msdn.microsoft.com/en-us/library/hh537942.aspx

https://www.nothingbutsharepoint.co...12 Hive File Differences from SP1 to SP2.aspx

DPF: {5EEE5BF6-DC9E-43BE-9100-BF19643943C5} - hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
DPF: {8D5D65AC-273D-491E-8874-BBB4B63DEA67} - hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
-------------------------------------
Are you also using the school network?
http://www3.davidson.edu/cms/x12.xml?debug=2

DPF: {C9BCAEA5-54DC-4504-A2A4-0AE2EEB080D0} - hxxp://www2.davidson.edu/its/wireless/xpressconnect/tools/xc_loader_activex.ocx


Do any processes above or related to the above have green faces on parts of the entry or multiple asterisks> **** ?

You have an extraordinary number of processes running- that's why I asked about the RAM

 

[jbullion]

Thanks, Bobbye. Here it is. Just tried again with the same result - can I send you the file?

 

[Bobbye]

It appears that this is a work system with a military connection:

1. .There are multiple layers of encryption + Multiple AVn:
   [o]ActivClient CAC 6.1 x86
   [o]ActivIdentity Device Installer
   ActivIdentity ActivClient software enables organizations to secure workstations with smart cards and smart USB tokens while enforcing strong authentication for desktop access and network login.
   [o]EMBASSY® Trust Suite
   [o]Authentium AntiVirus5 + Symantec
   [o]NTRU Cryptosystems,
   
2. . There are military domains in the Trusted Zone:
   [o]Trusted Zone: army.mil\www.us
   [o]Trusted Zone: pentagon.mil\uc2apps.hqda-aoc.army
   
3. . There are specific military-related entries:
   [o]ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
   "ApproveIt allows Army users the ability to difitally sign forms using your CAC.
   [o]hxxps://us.jfcom.mil/sites/are/_layouts/DSigCtrl.cab
   [o] hxxps://us.jfcom.mil/sites/are/_layouts/1033/DSigRes.cab
   United States Joint Forces Command (USJFCOM)

=======================================
And as I mentioned previously, there are a great number of processes running>> which I'm confident are going to slow the system down and also possibly cause it to crash.

I have no information on the system other than what I'm seeing in the logs, but your subject line could all cover the multiple processes.

If this system is being used in a military environment, it would be more prudent to allow someone used by the military to review or make changes.