Author Topic: Iexplorer showing multiples in task manager and hanging up (Read 16362 times)

scuff · « **on:** February 04, 2013, 10:39:21 PM »

Hello,

Thanks for the help in advance. Internet Explorer seems to hang up from time to time. When I click on task manager to see what is going on, there are multiple IE's running. One will have a crap load of activity and the other will be fairly inactive. Sometimes there are 4 of them running in task manager and I only have one window open.... I know the second tab will account for 2 running but 4?

Ok, I followed your directions and think I have the logs you need.... If I screwed up, let me know.. thanks again..

Reply

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 00:14:56
# Updated 03/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michael - SCAFFIDI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michael\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1873 octets] - [05/02/2013 00:12:01]
AdwCleaner[R2].txt - [1933 octets] - [05/02/2013 00:14:39]
AdwCleaner[S1].txt - [1734 octets] - [05/02/2013 00:14:56]

########## EOF - C:\AdwCleaner[S1].txt - [1794 octets] ##########

Malwarebytes log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: SCAFFIDI [administrator]

2/5/2013 12:21:31 AM
mbam-log-2013-02-05 (00-21-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230463
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS
Attach Notepad

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2010 1:22:22 AM
System Uptime: 2/5/2013 12:15:51 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0W620R
Processor: Intel Pentium III Xeon processor | Microprocessor | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 90.067 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_02331028&REV_07\3&61AAA01&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_02331028&REV_07\3&61AAA01&0&10
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2A43&SUBSYS_02331028&REV_07\3&61AAA01&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2A43&SUBSYS_02331028&REV_07\3&61AAA01&0&11
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Service:
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&380800DF&0&0201
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&380800DF&0&0201
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02331028&REV_03\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02331028&REV_03\3&61AAA01&0&FB
Service:
.
==== System Restore Points ===================
.
RP999: 11/17/2012 12:44:34 AM - System Checkpoint
RP1000: 11/17/2012 9:51:15 PM - Software Distribution Service 3.0
RP1001: 11/18/2012 4:08:49 AM - Software Distribution Service 3.0
RP1002: 11/19/2012 4:44:19 AM - System Checkpoint
RP1003: 11/19/2012 11:53:03 PM - Software Distribution Service 3.0
RP1004: 11/20/2012 11:59:43 PM - Software Distribution Service 3.0
RP1005: 11/22/2012 12:01:16 AM - System Checkpoint
RP1006: 11/22/2012 10:09:06 PM - Software Distribution Service 3.0
RP1007: 11/23/2012 10:08:08 PM - Software Distribution Service 3.0
RP1008: 11/24/2012 10:07:08 PM - Software Distribution Service 3.0
RP1009: 11/26/2012 1:35:25 PM - Software Distribution Service 3.0
RP1010: 11/27/2012 2:00:38 PM - System Checkpoint
RP1011: 11/27/2012 8:31:41 PM - Software Distribution Service 3.0
RP1012: 11/29/2012 8:35:57 AM - Software Distribution Service 3.0
RP1013: 11/30/2012 9:28:26 AM - System Checkpoint
RP1014: 11/30/2012 7:51:21 PM - Software Distribution Service 3.0
RP1015: 12/1/2012 7:55:48 PM - Software Distribution Service 3.0
RP1016: 12/2/2012 2:10:50 AM - Software Distribution Service 3.0
RP1017: 12/2/2012 7:55:21 PM - Software Distribution Service 3.0
RP1018: 12/3/2012 8:38:18 PM - System Checkpoint
RP1019: 12/4/2012 8:47:07 AM - Software Distribution Service 3.0
RP1020: 12/5/2012 2:10:59 PM - System Checkpoint
RP1021: 12/5/2012 6:31:11 PM - Software Distribution Service 3.0
RP1022: 12/6/2012 8:15:43 PM - System Checkpoint
RP1023: 12/6/2012 11:02:40 PM - Software Distribution Service 3.0
RP1024: 12/7/2012 9:17:09 PM - Software Distribution Service 3.0
RP1025: 12/8/2012 10:09:51 PM - Software Distribution Service 3.0
RP1026: 12/9/2012 10:09:45 PM - Software Distribution Service 3.0
RP1027: 12/10/2012 4:23:13 PM - Configured Microsoft Office Professional Plus 2007
RP1028: 12/10/2012 10:08:06 PM - Software Distribution Service 3.0
RP1029: 12/12/2012 12:47:17 AM - System Checkpoint
RP1030: 12/12/2012 9:12:41 AM - Software Distribution Service 3.0
RP1031: 12/12/2012 9:32:33 AM - Software Distribution Service 3.0
RP1032: 12/12/2012 9:36:59 AM - Software Distribution Service 3.0
RP1033: 12/13/2012 9:37:16 AM - Software Distribution Service 3.0
RP1034: 12/14/2012 9:41:09 AM - System Checkpoint
RP1035: 12/14/2012 8:22:04 PM - Software Distribution Service 3.0
RP1036: 12/15/2012 8:22:56 PM - Software Distribution Service 3.0
RP1037: 12/16/2012 1:18:11 AM - Software Distribution Service 3.0
RP1038: 12/16/2012 2:08:05 AM - Software Distribution Service 3.0
RP1039: 12/17/2012 8:24:04 AM - Software Distribution Service 3.0
RP1040: 12/18/2012 8:43:42 AM - System Checkpoint
RP1041: 12/18/2012 11:28:31 PM - Software Distribution Service 3.0
RP1042: 12/20/2012 4:15:24 AM - Software Distribution Service 3.0
RP1043: 12/21/2012 4:14:55 AM - Software Distribution Service 3.0
RP1044: 12/22/2012 4:14:59 AM - Software Distribution Service 3.0
RP1045: 12/22/2012 2:13:25 PM - Software Distribution Service 3.0
RP1046: 12/22/2012 2:27:39 PM - Restore Operation
RP1047: 12/23/2012 1:36:10 AM - Software Distribution Service 3.0
RP1048: 12/24/2012 2:32:21 AM - System Checkpoint
RP1049: 12/24/2012 2:55:35 PM - Software Distribution Service 3.0
RP1050: 12/25/2012 2:55:23 PM - Software Distribution Service 3.0
RP1051: 12/26/2012 2:55:26 PM - Software Distribution Service 3.0
RP1052: 12/27/2012 2:54:40 PM - Software Distribution Service 3.0
RP1053: 12/28/2012 2:54:10 PM - Software Distribution Service 3.0
RP1054: 12/29/2012 9:15:31 PM - Software Distribution Service 3.0
RP1055: 12/30/2012 2:07:35 AM - Software Distribution Service 3.0
RP1056: 12/30/2012 9:13:07 PM - Software Distribution Service 3.0
RP1057: 12/31/2012 9:14:02 PM - Software Distribution Service 3.0
RP1058: 1/1/2013 9:17:50 PM - Software Distribution Service 3.0
RP1059: 1/2/2013 9:25:53 PM - System Checkpoint
RP1060: 1/3/2013 7:53:36 PM - Software Distribution Service 3.0
RP1061: 1/3/2013 9:34:10 PM - Software Distribution Service 3.0
RP1062: 1/5/2013 1:39:09 AM - System Checkpoint
RP1063: 1/5/2013 7:10:06 PM - Software Distribution Service 3.0
RP1064: 1/6/2013 2:03:06 AM - Software Distribution Service 3.0
RP1065: 1/6/2013 7:10:49 PM - Software Distribution Service 3.0
RP1066: 1/7/2013 7:11:07 PM - Software Distribution Service 3.0
RP1067: 1/8/2013 7:10:54 PM - Software Distribution Service 3.0
RP1068: 1/8/2013 8:00:15 PM - Software Distribution Service 3.0
RP1069: 1/9/2013 8:57:23 PM - System Checkpoint
RP1070: 1/9/2013 9:05:01 PM - Software Distribution Service 3.0
RP1071: 1/10/2013 9:46:11 PM - Software Distribution Service 3.0
RP1072: 1/11/2013 9:46:33 PM - Software Distribution Service 3.0
RP1073: 1/12/2013 9:46:57 PM - Software Distribution Service 3.0
RP1074: 1/13/2013 2:24:55 AM - Software Distribution Service 3.0
RP1075: 1/13/2013 9:45:51 PM - Software Distribution Service 3.0
RP1076: 1/14/2013 5:41:51 PM - Software Distribution Service 3.0
RP1077: 1/15/2013 9:44:41 AM - Software Distribution Service 3.0
RP1078: 1/16/2013 9:45:38 AM - Software Distribution Service 3.0
RP1079: 1/17/2013 12:05:26 PM - System Checkpoint
RP1080: 1/17/2013 8:07:04 PM - Software Distribution Service 3.0
RP1081: 1/18/2013 7:55:37 PM - Software Distribution Service 3.0
RP1082: 1/19/2013 7:54:44 PM - Software Distribution Service 3.0
RP1083: 1/20/2013 11:16:19 PM - System Checkpoint
RP1084: 1/22/2013 1:09:31 AM - System Checkpoint
RP1085: 1/22/2013 9:42:41 AM - Software Distribution Service 3.0
RP1086: 1/22/2013 10:19:37 PM - Software Distribution Service 3.0
RP1087: 1/23/2013 10:27:52 PM - Software Distribution Service 3.0
RP1088: 1/24/2013 9:12:17 AM - avast! Free Antivirus Setup
RP1089: 1/25/2013 12:52:04 AM - Software Distribution Service 3.0
RP1090: 1/26/2013 12:51:35 AM - Software Distribution Service 3.0
RP1091: 1/27/2013 12:51:09 AM - Software Distribution Service 3.0
RP1092: 1/27/2013 2:31:25 AM - Software Distribution Service 3.0
RP1093: 1/28/2013 3:25:48 AM - System Checkpoint
RP1094: 1/28/2013 1:34:16 PM - Software Distribution Service 3.0
RP1095: 1/29/2013 4:09:25 PM - System Checkpoint
RP1096: 1/30/2013 7:06:16 PM - Software Distribution Service 3.0
RP1097: 1/31/2013 7:06:28 PM - Software Distribution Service 3.0
RP1098: 2/1/2013 7:11:49 PM - System Checkpoint
RP1099: 2/2/2013 10:09:16 PM - System Checkpoint
RP1100: 2/2/2013 11:21:01 PM - Software Distribution Service 3.0
RP1101: 2/3/2013 2:06:48 AM - Software Distribution Service 3.0
RP1102: 2/3/2013 11:20:58 PM - Software Distribution Service 3.0
RP1103: 2/4/2013 11:21:15 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CutePDF Writer 3.0
Dell Driver Download Manager
Dell Touchpad
Dell Video Chat
DVD-MovieAlbumSE 4.2
DW WLAN Card Utility
eReg
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.1.0.880
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HPDiagnosticCoreDll
IDT Audio
ieSpell
Intel(R) Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech SetPoint 6.30
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NexDef Plug-in
PokerStars
QuickTime
Remote Control USB Driver
RICOH R5C83x/84x Media Driver Ver.3.53.02
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Click to Call
Skype™ 6.0
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Verizon Wireless UML290 Firmware Updates
VLC media player 1.1.0
VZAccess Manager
WebEx
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/4/2013 5:25:20 PM, error: Dhcp [1002] - The IP address lease 172.20.22.202 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/4/2013 10:56:56 AM, error: Dhcp [1002] - The IP address lease 172.20.4.2 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/1/2013 8:35:56 AM, error: Dhcp [1002] - The IP address lease 172.20.3.176 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/1/2013 5:56:49 PM, error: Dhcp [1002] - The IP address lease 172.20.6.136 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/1/2013 11:19:02 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1283.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072f76 Error description: The requested header was not found
1/31/2013 8:24:09 AM, error: Dhcp [1002] - The IP address lease 172.20.3.137 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/31/2013 6:24:10 PM, error: Dhcp [1002] - The IP address lease 172.20.22.176 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/31/2013 11:08:11 PM, error: Service Control Manager [7000] - The MyFunCardsService service failed to start due to the following error: The system cannot find the path specified.
1/31/2013 11:08:11 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
1/30/2013 8:44:14 PM, error: Dhcp [1002] - The IP address lease 172.20.22.170 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/30/2013 10:50:29 AM, error: Dhcp [1002] - The IP address lease 172.20.2.224 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/30/2013 1:50:30 PM, error: Dhcp [1002] - The IP address lease 172.20.27.102 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/29/2013 8:32:55 AM, error: Dhcp [1002] - The IP address lease 172.20.2.50 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/29/2013 7:04:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.999.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072f76 Error description: The requested header was not found
1/29/2013 6:21:25 PM, error: Dhcp [1002] - The IP address lease 172.20.22.160 for the Network Card with network address 904CE52C3B22 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

DDS notepad

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Michael at 0:29:16 on 2013-02-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2000.1322 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Documents and Settings\Michael\Local Settings\Application Data\Autobahn\nexdef.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = 192.168.*.*
uURLSearchHooks: <No Name>: {f4c28532-b9d0-4950-a2df-e83f9929242b} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\nexdef~1.lnk - c:\documents and settings\michael\local settings\application data\autobahn\nexdef.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282339262109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282686537328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://ihr1.interstatehotels.com/vsflex7.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{C00E211C-92E6-47B7-9C12-7DEE68564CEE} : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-8-23 12184]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-20 113664]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-8-20 240344]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
S2 aswFsBlk;aswFsBlk;

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe --> c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\ptduwflt.sys --> c:\windows\system32\drivers\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\ptumlbus.sys --> c:\windows\system32\drivers\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\ptumlcvsp.sys --> c:\windows\system32\drivers\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\ptumlmdm.sys --> c:\windows\system32\drivers\PTUMLMdm.sys [?]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\ptumlnet.sys --> c:\windows\system32\drivers\PTUMLNET.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\ptumlnvsp.sys --> c:\windows\system32\drivers\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\ptumlrmnet.sys --> c:\windows\system32\drivers\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\ptumlvsp.sys --> c:\windows\system32\drivers\PTUMLVsp.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2011-11-29 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-05 04:59:53   --------   d-----w-   c:\program files\CCleaner
2013-02-05 04:21:19   6991832   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72a49637-847d-4866-af55-470f777afaf3}\mpengine.dll
2013-02-04 04:21:01   6991832   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-15 17:55:39   697864   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2013-01-30 10:53:21   232336   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-15 18:58:22   74248   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23:59   290560   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-14 21:49:28   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12   1866368   ----a-w-   c:\windows\system32\win32k.sys
.
============= FINISH: 0:30:22.04 ===============

SuperDave · « **Reply #1 on:** February 05, 2013, 12:24:55 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

scuff · « **Reply #2 on:** February 05, 2013, 03:06:04 PM »

Thanks Dave. It did blue screen on me once and I had to reboot. Made it through the second time.

ComboFix 13-02-03.03 - Michael 02/05/2013 16:56:37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2000.1566 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\g2mdlhlpx.exe
c:\documents and settings\Michael\System
c:\documents and settings\Michael\System\win_qs8.jqx
c:\program files\MyScrapNook_12EI
c:\program files\MyScrapNook_12EI\Installr\1.bin\12EIPlug.dll
c:\program files\MyScrapNook_12EI\Installr\1.bin\NP12EISb.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-05 05:30 . 2013-02-05 05:30   29904   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A49637-847D-4866-AF55-470F777AFAF3}\MpKsl5d64484f.sys
2013-02-05 04:59 . 2013-02-05 05:00   --------   d-----w-   c:\program files\CCleaner
2013-02-05 04:21 . 2013-01-08 01:57   6991832   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A49637-847D-4866-AF55-470F777AFAF3}\mpengine.dll
2013-02-04 04:21 . 2013-01-08 01:57   6991832   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-23 03:04 . 2013-01-23 03:04   --------   d-----w-   c:\documents and settings\Administrator
2013-01-15 17:55 . 2013-01-15 18:58   697864   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-07-19 16:12   232336   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-15 18:58 . 2011-12-05 15:08   74248   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2003-07-16 20:24   290560   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-09-27 06:43   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2003-07-16 20:51   1866368   ----a-w-   c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2010-02-03 2670592]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\documents and settings\Michael\Local Settings\Application Data\Autobahn\nexdef.exe [2011-8-11 15490560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-08-20 17:38   13672   ----a-w-   c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33   66328   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35   946352   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22   3739648   ----a-w-   c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 15:32   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 16:27   17877168   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 MpKsl5d64484f;MpKsl5d64484f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A49637-847D-4866-AF55-470F777AFAF3}\MpKsl5d64484f.sys [2/5/2013 12:30 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/23/2011 12:21 PM 12184]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 4:13 PM 226624]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/20/2010 4:18 PM 113664]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/20/2010 4:13 PM 240344]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S2 aswFsBlk;aswFsBlk;

S2 MyFunCards_5mService;MyFunCardsService;c:\progra~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe --> c:\progra~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys --> c:\windows\system32\DRIVERS\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys --> c:\windows\system32\DRIVERS\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys --> c:\windows\system32\DRIVERS\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys --> c:\windows\system32\DRIVERS\PTUMLMdm.sys [?]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\DRIVERS\PTUMLNET.sys --> c:\windows\system32\DRIVERS\PTUMLNET.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys --> c:\windows\system32\DRIVERS\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys --> c:\windows\system32\DRIVERS\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys --> c:\windows\system32\DRIVERS\PTUMLVsp.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [11/29/2011 4:20 AM 32408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 01:06 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 18:58]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-10 20:51]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-10 20:51]
.
2013-02-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]
.
2013-02-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 362a54b2-847e-4042-8a44-697c9b9d8c73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 444a460e-9dea-4baa-ac36-6c675a87f390.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a211a1ce-d467-46d1-b3bc-f23b26084f80.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: sagehospitality.com\sharp
Trusted Zone: sagehospitality.com\webmail
TCP: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MyFunCards_5m Browser Plugin Loader - c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-05 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-02-05 17:03:47
ComboFix-quarantined-files.txt 2013-02-05 22:03
.
Pre-Run: 96,568,152,064 bytes free
Post-Run: 96,861,609,984 bytes free
.
- - End Of File - - DCEB0F7A3A42539B65B27E7F6ECC06A9

SuperDave · « **Reply #3 on:** February 05, 2013, 04:49:51 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

scuff · « **Reply #4 on:** February 05, 2013, 07:05:47 PM »

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72A49637-847D-4866-AF55-470F777AFAF3}\MpKsl5d64484f.sys
Service Name: ---
Module Base: BA3A0000
Module End: BA3A6000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B85DF000
Module End: B85F7000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA61C000
Module End: BA61E000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: BA65C000
Module End: BA65E000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: BA408000
Module End: BA410000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: B8778640
Driver Base: B876E000
Driver End: B8790000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\0T238DQZ(2)\DYoIWcfVXxvZu9XwJ55OX7Ag,wS3utby-FpmPzzkzRVu0rTYBGYA3B94SosdZQhI6behpDrSrOkwp-fWqvDE3PPiVw6knZEaL3fhjKrRU8lb8kH-UqGYHqc4BIgimApVIgzHqhKDwngxmeggfjQu
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\0T238DQZ(2)\Tg5dPZLJbMFTUQlVjz_1vde0LGJBr_3HBJVolSovY1z8gLZboD3RXIkthhOV1I1pGLcqaU4L7zX23NpyBZZ3tAAV_EElmvsB0q2pWvDrPePxzUZ7o40Si3gKZlnB2QSQW3bPiKGkQ7ferVq-bd9d
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\5948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=1;o
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\5948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=1;o
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\9KSSWZF8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\9KSSWZF8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=8
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\LYVKS7OV\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\LYVKS7OV\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=4
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #5 on:** February 05, 2013, 07:27:52 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
Please run SysPro AntiRootkit again and post the log after doing the above.

scuff · « **Reply #6 on:** February 05, 2013, 07:43:56 PM »

OK, I am a bit confused on the Java piece. You have me verifying my Java and if it needs updating to update. On the site where I verify, it automatically lets me update it, but I was hesitent to do it because you then said "Install the newest version of the Sun Java Runtime Environment" and it was a different link with a diffrent file. Then further down you talk about removing older versions and then installing JavaRa?

Sorry, but I guess I'm more of a novice....

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

scuff · « **Reply #7 on:** February 05, 2013, 09:40:09 PM »

Ok,

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B84E6000
Module End: B84FE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5F6000
Module End: BA5F8000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: B85DF640
Driver Base: B85D5000
Driver End: B85F7000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\0T238DQZ(2)\DYoIWcfVXxvZu9XwJ55OX7Ag,wS3utby-FpmPzzkzRVu0rTYBGYA3B94SosdZQhI6behpDrSrOkwp-fWqvDE3PPiVw6knZEaL3fhjKrRU8lb8kH-UqGYHqc4BIgimApVIgzHqhKDwngxmeggfjQu
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\0T238DQZ(2)\Tg5dPZLJbMFTUQlVjz_1vde0LGJBr_3HBJVolSovY1z8gLZboD3RXIkthhOV1I1pGLcqaU4L7zX23NpyBZZ3tAAV_EElmvsB0q2pWvDrPePxzUZ7o40Si3gKZlnB2QSQW3bPiKGkQ7ferVq-bd9d
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\5948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=1;o
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\5948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=1;o
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\931G3551\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\9KSSWZF8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\9KSSWZF8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=8
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\LYVKS7OV\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\LYVKS7OV\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=1
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=4
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;dcopt=ist;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Documents and Settings\TEMP(2)\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\M3NHO0G8\_id=725948;ind=31;csize=g;csize_num=1500;zip=85756;gdr=m;cntry=us;reg=0;jobs=1;sub=0;con=g;ipc=us;cont=na;ipct=na;sjt=161;jpos=0;extra%3Dnull;s=0;ord=6
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #8 on:** February 06, 2013, 12:44:01 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

scuff · « **Reply #9 on:** February 06, 2013, 03:19:51 PM »

Hey Dave,

Will you look at an answer my emails please?

Thanks,

scuff · « **Reply #10 on:** February 06, 2013, 05:46:34 PM »

I ran ESET and there were no infections found. It did not give me an option to create a file.

SuperDave · « **Reply #11 on:** February 07, 2013, 12:11:49 PM »

Quote

Will you look at an answer my emails please?

I don't know what this means. Could you please explain?
Also, how's your computer working now?

scuff · « **Reply #12 on:** February 07, 2013, 01:30:45 PM »

Thanks Dave,

I sent you a couple of emails on this site the other night. Computer seems to be working ok, but I have refrained from using it much until you think its all clean. I did have a problem trying to access a data security flash drive. It won't bring up my password screen. Do you have that disabled?

I haven't done much on the net due to the lack of AV progams. I had them disabled. Did I have infections?

Scuff

SuperDave · « **Reply #13 on:** February 07, 2013, 04:30:25 PM »

We can do some cleanup.
Please enable your Firewall and AV.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

scuff · « **Reply #14 on:** February 07, 2013, 05:08:32 PM »

Thank you Dave!

I will install the recogmended programs. Question though. Can one have too many anti-spyware programs on a system, or will certain ones clash? I have superantispyware and malwarebytes already.

Again, I appreciate the help and will let you know if I run into any of those Iexplorer hang ups any more...

Scuff

Computer Hope Forum

News:

Author Topic: Iexplorer showing multiples in task manager and hanging up (Read 16362 times)

scuff

Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up

SuperDave

Re: Iexplorer showing multiples in task manager and hanging up

scuff

Re: Iexplorer showing multiples in task manager and hanging up