[InActive K] Permanent "Install Updates and Shut Down" auto prompt,

[Marco]

When I go to shut down or put this machine into sleep mode, "install Updates and Shut Down" auto prompts, no matter how many times I run the update. All operations are excessively slow, including internet (I've been using Firefox) and all software. It took almost 25 seconds to delete a text file from the desk top. Thank you! Here are the DDS files:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2004 9:19:35 PM
System Uptime: 12/7/2012 11:59:40 AM (1 hours ago)
.
Motherboard: Compaq |  | 06E4h
Processor: AMD Athlon(tm) Processor | U12A | 1001/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (FAT32) - 39 GiB total, 16.467 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 1.745 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2EEFE43E&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2EEFE43E&0
Service: i8042prt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Active Disk
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Creative Suite
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader 6.0
Adobe Reader 8.3.1
Adobe SVG Viewer 3.0
Advanced Drawing
ANIO Service
ANIWZCS2 Service
AppCore
AV
Belkin 11Mbps Wireless USB Network Adapter
ccCommon
CCleaner
Citrix ICA Client
ClickArt 250,000 Premier Image Pack
ClickArt® Gallery
Comcast Desktop Software (v1.2.1)
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Corel Applications
CorelDRAW 10
D-Link Xtreme N Dual Band DWA-160
Easy CD Creator 5 Platinum
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
IE Help
IEC system
Internet Worm Protection
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 26
Kazaa Media Desktop 2.0.2
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage 2002
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office XP Professional
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.1.0
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom (Web installer)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Quicken 2002 Home & Business
QuickTime
Rescue Disk
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SiSoftware Sandra Standard 2003 (3DVelocity.com version)
SPBBC 32bit
SpyBot - Search & Destroy 1.1
Spybot - Search & Destroy 1.4
Symantec
Symantec Real Time Storage Protection Component
SymNet
U-Storage Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows XP Uninstall
WinZip
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/7/2012 12:01:57 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 0010B5711C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/7/2012 11:14:38 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/7/2012 11:10:13 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
12/7/2012 11:09:41 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
12/5/2012 5:41:48 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2686509).
12/5/2012 5:40:49 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================


DDS (Ver_2012-11-07.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by Administrator at 12:23:44 on 2012-12-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.640.87 [GMT -8:00]
.
AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Quickenw\Qwdlls.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer presented by Comcast
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer presented by Comcast
uProxyServer = :0
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] c:\program files\d-link\dwa-160 reva\AirNCFG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [NAV4BE6] c:\windows\system32\regsvr32.exe /s c:\progra~1\norton~1\NAVResc.dll
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\Qwdlls.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\Billmind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Poker - hxxp://download2.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveblockauctions.com/container_repository/laiexec.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.87.85.98 68.87.69.146
TCP: Interfaces\{49757EAC-66B7-486D-96ED-F349F79FF1F7} : DHCPNameServer = 68.87.85.98 68.87.69.146
TCP: Interfaces\{66275366-1225-4CCE-A4D5-B9963B23DC1F} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vvtic2tx.default\
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-12-6 147456]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-4 112688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071220.003\NAVENG.SYS [2007-12-20 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071220.003\NAVEX15.SYS [2007-12-20 865904]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-7-11 23153]
S3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2010-12-6 457728]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2001-8-17 114944]
S3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter(R);c:\windows\system32\drivers\bkusbxp.sys [2004-2-16 99584]
S3 Remipxyrstn;Remipxyrstn;

.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-12-07 20:20:51   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-12-07 20:19:56   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2012-12-07 20:21:24   1409   ----a-w-   c:\windows\QTFont.for
2012-12-07 20:19:32   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-12-07 20:19:30   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-12-07 20:08:44   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-07 20:08:42   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-16 13:30:36   4528   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2012-10-22 08:37:32   1866368   ----a-w-   c:\windows\system32\win32k.sys
2012-10-02 18:04:22   58368   ----a-w-   c:\windows\system32\synceng.dll
2005-03-02 05:49:24   10831584   ----a-w-   c:\program files\PestPatrolv5.exe
.
============= FINISH: 12:25:30.21 ===============

[kevinf80]

Hello Marco and welcome,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go here http://support.microsoft.com/kb/971759 and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
  
• Close any open browsers and any other programs you might have running
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
     
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

[Marco]

Combo fix has been running over half an hour. It went through the Deleting Files routine and seems to be stuck at:

Deleting Folders:

C:\Documents and Settings\Administrator\WINDOWS

I did scroll up after 15 minutes of no activity.

[kevinf80]

Combofix can time well in excess of an hour with the latest infections, even over 2 hours. If you start using your PC during the run the system can freeze or even crash.
Leave it to run a minimum of 2 hours, if no activity, open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):
•   PEV.exe
•   NirCmd.3XE
•   PEV.3XE
•   SED
•   GREP
•   any file that has the extension *.3XE

One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.
When the system has restarted check here C:\ is there a file name Combofix.txt, if so post it. Also a folder named Qoobox, look inside for any sub-folders. C:\QooBox\ComboFix-quarantined-files.txt, also post that..

Kevin

[kevinf80]

Do you still need help/advice?

[Marco]

Yep - Re-running Combofix right now. Sorry about the delay. I was out of town for the weekend.

[Marco]

Of all the items listed, Only the C:\Qoobox folder exists, but no "quarantined-files.txt" inside anywhere. I'm re-running Combofix now.

[kevinf80]

ok, wait until CF finishes then post the log..

[Marco]

Ran for over 3 hours and got stuck again at:

Deleting Folders:

C:\Documents and Settings\Administrator\WINDOWS

On Friday Combofix deleted many files. This time, no deleted files.
There is no C:\Combofix.txt or C:\*\Combofix.txt or C:\QooBox\ComboFix-quarantined-files.txt
I couldn't any logs to post.

[kevinf80]

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown



Post those two logs in your reply.

[Marco]

mbar.exe will not run. I get this prompt:

mbar.exe - Unable to Locate Component

This application failed to start because QtGui4.dll was not found. Re-installing the application may fix the problem.

I tried re-downloading and re-installing. Same message.

[kevinf80]

download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• 1. Wait until Prescan has finished...
• The following EULA will appear, please select accept

• 2. Ensure MBR scan, Check faked and AntiRootkit are checked
• 3. Select Scan

• When the scan completes select Report, copy and paste that to your reply.

Kevin

[Marco]

RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/11/2012 12:20:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLISTDLL] HKCU\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit) -> FOUND
[RUN][BLACKLISTDLL] HKUS\S-1-5-21-329068152-484763869-1060284298-500[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x836ED7B0)
SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x836CCD38)
SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x835A6330)
SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x835CD8C8)
SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x835A8E98)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x836B91A0)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x835636F0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x836B9398)
SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x8365DD40)
SSDT[108] : NtMapViewOfSection @ 0x8057CA99 -> HOOKED (Unknown @ 0x836BC2A0)
SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x835BC9A0)
SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x835DDC78)
SSDT[129] : NtOpenThreadToken @ 0x80570B26 -> HOOKED (Unknown @ 0x834D50C8)
SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x8351CDC0)
SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x835F2420)
SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x834CD6D0)
SSDT[229] : NtSetInformationThread @ 0x8056C596 -> HOOKED (Unknown @ 0x835C6C30)
SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x836B74E0)
SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x836CE778)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x8357E1F8)
SSDT[258] : NtTerminateThread @ 0x80577F9F -> HOOKED (Unknown @ 0x836B1A28)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x83607928)
SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x836E5BF8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD450AA-60BAA0 +++++
--- User ---
[MBR] 7c099b914466e9579578840888942a9a
[BSP] 752195926c5100b0333de0ad2015e5df : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 40132 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 82192320 | Size: 2798 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12112012_02d1220.txt >>
RKreport[1]_S_12112012_02d1220.txt

[kevinf80]

Go to Virustotal

• Click the Browse... button
  
• Navigate to the file C:\WINDOWS\System32\NVMCTRAY.DLL or just copy/paste it in.
  
• Click the Scan it tab
  
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.

[Marco]

Is this correct?

SHA256:    5dba15507b25bf75920390100229914314e97ff40d8e823a97650f1398b9c5ea
File name:    NVMCTRAY.DLL
Detection ratio:    0 / 43
Analysis date:    2012-12-12 01:08:30 UTC ( 29 minutes ago )
0
0
More details

    Analysis
    Comments
    Votes
    Additional information

Antivirus    Result    Update
Agnitum    -    20121211
AhnLab-V3    -    20121211
AntiVir    -    20121211
Antiy-AVL    -    20121211
Avast    -    20121212
AVG    -    20121211
BitDefender    -    20121212
ByteHero    -    20121130
CAT-QuickHeal    -    20121211
ClamAV    -    20121212
Commtouch    -    20121211
Comodo    -    20121211
DrWeb    -    20121212
Emsisoft    -    20121212
eSafe    -    20121210
ESET-NOD32    -    20121211
F-Prot    -    20121212
F-Secure    -    20121212
Fortinet    -    20121211
GData    -    20121212
Ikarus    -    20121211
Jiangmin    -    20121211
K7AntiVirus    -    20121211
Kaspersky    -    20121212
Kingsoft    -    20121210
Malwarebytes    -    20121211
Microsoft    -    20121212
MicroWorld-eScan    -    20121211
NANO-Antivirus    -    20121211
Norman    -    20121211
nProtect    -    20121211
Panda    -    20121211
Rising    -    20121211
Sophos    -    20121212
SUPERAntiSpyware    -    20121212
Symantec    -    20121212
TheHacker    -    20121211
TotalDefense    -    20121211
TrendMicro    -    20121212
TrendMicro-HouseCall    -    20121212
VBA32    -    20121211
VIPRE    -    20121212
ViRobot    -    20121211