MontanaGallery
Posts: 16 +0
My name is Cyndy. I use this computer daily. It is part of a network of computers in our home.
This computer has slowly lost functionality of Internet Explorer. When online, pages do not load with colors and layout as source code is written. Most web pages load without color, only white, on any given site and text boxes with links often appear on top of each other making it impossible to click to a link. It is impossible to fill out forms such as US Postal website for creating labels for shipping.
Then the problem became worse. The monitor began to flicker then began flashing black and to the screen. I replaced the monitor only to have the same issue re-occur. Hooking up an additional monitor to the computer enabled me to work to back up my files recently created, however, I discovered, after shutting down computer and leaving it off for a couple days, then turning it back on to try to back up some files that the original monitor would work again. Sometimes the monitor will randomly respond as if it is burning out, other times it will remain on and the monitor functions normally for a long period of time.
I found some malware that I removed, but have not been able to correct the issues I have described. I am hopeful that it was a malware issue that has shut off the monitor. I have tried to update the driver for the monitor as well as other drivers. I cannot restore to previous time either.
Most programs that I have attempted to download to run malware scans have been blocked from downloading or running. Those that do download, find no issues.
I replaced this computer in the network with my laptop, only to find the monitor black as well. I am leary of installing any new computer on the network until the issue can be identified and resolved. Any help to correct issues would be greatly appreciated.
I have followed the UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and included the results of the scans.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-16 11:44:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHC0 rev.06.01C06
Running: hbkc4b8e.exe; Driver: C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\uxlyapow.sys
---- System - GMER 1.0.15 ----
SSDT 86941E58 ZwAlertResumeThread
SSDT 86BC6A80 ZwAlertThread
SSDT 86A27EA0 ZwAllocateVirtualMemory
SSDT 86A07790 ZwAssignProcessToJobObject
SSDT 86C0FA08 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF62A1980]
SSDT 86BC4AF8 ZwCreateMutant
SSDT 86A289B8 ZwCreateSymbolicLinkObject
SSDT 86A36F28 ZwCreateThread
SSDT 86BA9AD0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF62A1C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF62A1F10]
SSDT 86BBD380 ZwDuplicateObject
SSDT 86A08828 ZwFreeVirtualMemory
SSDT 86BC6920 ZwImpersonateAnonymousToken
SSDT 86BC6958 ZwImpersonateThread
SSDT 86BAF290 ZwLoadDriver
SSDT 86A08728 ZwMapViewOfSection
SSDT 86BC4A18 ZwOpenEvent
SSDT 86BDA3F0 ZwOpenProcess
SSDT 86A27F90 ZwOpenProcessToken
SSDT 86BC3578 ZwOpenSection
SSDT 86BBD450 ZwOpenThread
SSDT 86A076C0 ZwProtectVirtualMemory
SSDT 86BE7CD0 ZwResumeThread
SSDT 86C16BD0 ZwSetContextThread
SSDT 86BC1AF0 ZwSetInformationProcess
SSDT 86BA9BB0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF62A2160]
SSDT 86BC35F0 ZwSuspendProcess
SSDT 86BE7DB0 ZwSuspendThread
SSDT 86BD9970 ZwTerminateProcess
SSDT 86C16AF0 ZwTerminateThread
SSDT 86BC1BE0 ZwUnmapViewOfSection
SSDT 86A0BDA0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF5D53F80]
? C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\uxlyapog.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E354846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3547C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E354753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E354881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E354A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B040AD20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\NCW\ncwfoim.db-journal 0 bytes
---- EOF - GMER 1.0.15 ----
[FONT=Times New Roman].
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Front Desk User at 16:52:20 on 2012-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.395 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.0.28\ips\IPSBHO.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.37/uploader2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343579813000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342196884379
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages =
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301000.01c\SymDS.sys [2012-7-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301000.01c\SymEFA.sys [2012-7-21 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301000.01c\ccSetx86.sys [2012-7-21 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301000.01c\Ironx86.sys [2012-7-21 149624]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-7-21 105832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-7-12 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-12 676936]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.0.28\ccSvcHst.exe [2012-7-21 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120809.001\IDSXpx86.sys [2012-8-9 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-12 22856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120810.001\NAVENG.SYS [2012-8-10 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120810.001\NAVEX15.SYS [2012-8-10 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-1-4 91816]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-10-08 17:07:59 155648 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-08 17:07:59 143360 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-08 17:07:58 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-08 17:07:56 73728 ----a-w- c:\windows\system32\hccutils.dll
2012-10-08 17:07:54 876666 ----a-w- c:\windows\system32\ialmdd5.dll
2012-10-08 17:07:52 194298 ----a-w- c:\windows\system32\ialmdev5.dll
2012-10-08 17:07:51 110203 ----a-w- c:\windows\system32\ialmdnt5.dll
2012-10-08 17:07:50 38014 ----a-w- c:\windows\system32\ialmrnt5.dll
2012-10-08 17:07:49 830684 ----a-w- c:\windows\system32\drivers\ialmnt5.sys
2012-09-26 20:14:24 -------- d-----w- c:\documents and settings\front desk user\application data\FinalMediaPlayer
2012-08-14 15:03:13 114688 ----a-w- c:\windows\system32\SET5A.tmp
2012-08-14 15:03:12 900218 ----a-w- c:\windows\system32\SET26.tmp
2012-08-14 15:03:12 77824 ----a-w- c:\windows\system32\SET54.tmp
2012-08-14 15:03:12 73728 ----a-w- c:\windows\system32\SET35.tmp
2012-08-14 15:03:12 57344 ----a-w- c:\windows\system32\SET38.tmp
2012-08-14 15:03:12 36990 ----a-w- c:\windows\system32\SET1D.tmp
2012-08-14 15:03:12 213274 ----a-w- c:\windows\system32\SET23.tmp
2012-08-14 15:03:12 1503232 ----a-w- c:\windows\system32\SET57.tmp
2012-08-14 15:03:12 147456 ----a-w- c:\windows\system32\SET3E.tmp
2012-08-14 15:03:12 118395 ----a-w- c:\windows\system32\SET20.tmp
2012-08-14 14:34:19 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-03 18:35:27 -------- d-----w- c:\program files\Free Window Registry Repair
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-21 23:31:21 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-07-21 23:31:21 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-21 23:31:20 -------- d-----w- c:\program files\Symantec
2012-07-21 23:29:28 -------- d-----w- c:\program files\NortonInstaller
2012-07-21 23:13:00 -------- d-----w- c:\program files\HitmanPro
2012-07-21 23:12:02 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-07-21 22:10:05 -------- d-----w- c:\documents and settings\front desk user\application data\Malwarebytes
2012-07-21 22:09:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-21 19:55:31 -------- d-----w- c:\documents and settings\all users\application data\6F63A59FF10D56B7157AAD037B07D329
2012-07-21 19:54:46 -------- d-----w- c:\documents and settings\front desk user\application data\Kaix
2012-07-21 19:54:46 -------- d-----w- c:\documents and settings\front desk user\application data\Fydu
2012-07-15 17:59:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-13 17:43:52 -------- d-----w- c:\documents and settings\front desk user\local settings\application data\Avg2013
2012-07-13 17:43:50 -------- d-----w- c:\documents and settings\front desk user\local settings\application data\MFAData
2012-07-12 17:32:50 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-12 17:07:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 17:07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-11 23:14:27 -------- d-----w- c:\program files\Trend Micro
2012-07-11 22:57:58 -------- d-----w- c:\windows\system32\CatRoot2
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-07-11 22:10:40 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-07-11 22:10:40 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-07-11 22:10:40 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-07-11 22:10:40 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-07-11 22:00:51 -------- d-----w- c:\program files\CheckPoint
2012-07-11 22:00:49 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-07-11 21:53:48 429928 ----a-r- c:\windows\system32\hpinkstsa011.dll
2012-07-11 21:53:48 270696 ----a-r- c:\windows\system32\hpinkstsa011LM.dll
2012-07-11 21:53:48 216424 ----a-r- c:\windows\system32\hpinkcoia011.dll
2012-07-11 21:45:14 1929576 ----a-r- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-07-11 21:45:13 488296 ----a-r- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2012-07-11 19:59:06 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-07-11 19:44:03 -------- d-----w- c:\windows\system32\vmm32
.
==================== Find3M ====================
.
2012-09-19 16:59:24 2241 ----a-w- c:\windows\panose.bin
2012-08-16 20:32:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 20:32:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-04 23:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 15:55:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll
.
============= FINISH: 16:54:24.37 ===============
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org[/FONT]
[FONT=Times New Roman]Database version: v2012.09.07.13[/FONT]
[FONT=Times New Roman]Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Front Desk User :: D8T63P91 [administrator][/FONT]
[FONT=Times New Roman]9/26/2012 3:22:12 PM
mbam-log-2012-09-26 (15-22-12).txt[/FONT]
[FONT=Times New Roman]Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281718
Time elapsed: 1 hour(s), 27 minute(s), 21 second(s)[/FONT]
[FONT=Times New Roman]Memory Processes Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Memory Modules Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Keys Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Values Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Data Items Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Folders Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Files Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman](end)[/FONT]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/13/2006 4:26:41 PM
System Uptime: 7/13/2012 11:48:35 AM (5 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 30.696 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2258: 9/12/2012 11:07:51 AM - System Checkpoint
RP2259: 9/13/2012 11:58:39 AM - System Checkpoint
RP2260: 9/14/2012 12:58:40 PM - System Checkpoint
RP2261: 9/15/2012 1:58:40 PM - System Checkpoint
RP2262: 9/16/2012 2:58:40 PM - System Checkpoint
RP2263: 9/17/2012 2:59:45 PM - System Checkpoint
RP2264: 9/18/2012 3:58:41 PM - System Checkpoint
RP2265: 9/19/2012 4:59:47 PM - System Checkpoint
RP2266: 9/20/2012 5:59:47 PM - System Checkpoint
RP2267: 9/21/2012 6:58:42 PM - System Checkpoint
RP2268: 9/22/2012 7:58:41 PM - System Checkpoint
RP2269: 9/23/2012 8:58:42 PM - System Checkpoint
RP2270: 9/24/2012 9:36:58 PM - System Checkpoint
RP2271: 9/25/2012 10:36:59 PM - System Checkpoint
RP2272: 9/26/2012 12:17:05 PM - Removed Google Drive
RP2273: 9/27/2012 1:08:31 PM - System Checkpoint
RP2274: 10/4/2012 9:05:22 AM - System Checkpoint
RP2275: 10/5/2012 9:51:37 AM - System Checkpoint
RP2276: 10/6/2012 10:40:13 AM - System Checkpoint
RP2277: 10/7/2012 11:40:14 AM - System Checkpoint
RP2278: 10/8/2012 10:38:05 AM - Restore Operation
RP2279: 7/8/2012 12:05:35 PM - System Checkpoint
RP2280: 7/9/2012 12:52:38 PM - System Checkpoint
RP2281: 7/10/2012 1:45:54 PM - System Checkpoint
RP2282: 7/11/2012 1:44:00 PM - Installed Dell Resource CD
RP2283: 7/11/2012 1:59:53 PM - Installed Dell System Software
RP2284: 7/11/2012 2:00:07 PM - Installed Desktop System Software
RP2285: 7/11/2012 4:57:18 PM - Installed Microsoft Fix it 50528
RP2286: 7/12/2012 5:23:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Illustrator CS
Adobe PageMaker 6.5
Adobe Photoshop 7.0
Adobe Reader X (10.1.4)
Adobe SVG Viewer 3.0
AIO_Scan
AOLIcon
Apple Application Support
Apple Software Update
ArtRage 2
Banctec Service Agreement
BufferChm
CCleaner
ClamWin Free Antivirus 0.97
Conexant D850 PCI V.92 Modem
Copy
Corel Paint Shop Pro X
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Network Assistant
Dell Resource CD
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
EarthLink setup files
EducateU
ELIcon
eSupportQFolder
F2100
F2100_Help
FOX News Live Stream
Free File Opener v2011.6.0.4
Free Window Registry Repair
Google Update Helper
HijackThis 2.0.2
HitmanPro 3.6
Hotfix for Windows XP (KB2633952)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Info Center 1.0.0.7
InstallIQ Updater
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InVision 3.0
Java Auto Updater
Java(TM) 6 Update 29
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.65.0.1400
MapSource
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero Suite
NetWaiting
Norton Internet Security
OverDrive Media Console
PC Matic 1.1.0.44
QuickBooks Premier: Retail Edition 2004
QuickTime
QuickTime for Windows (32-bit)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Update Manager
Status
System Requirements Lab for Intel
Terragen
Terragen 2 Technology Preview
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - Conexant (winachsf) Modem (07/03/2007 7.67.00.50)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Xerox Phaser 860
ZoneAlarm Free Antivirus + Firewall
.
==== Event Viewer Messages From Past Week ========
.
9/26/2012 12:17:20 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/12/2012 5:30:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
7/12/2012 11:12:23 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/12/2012 11:11:50 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/11/2012 2:04:45 PM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.
10/8/2012 11:10:03 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/8/2012 10:22:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/8/2012 10:13:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
10/8/2012 10:12:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2012 8:37:51 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================
This computer has slowly lost functionality of Internet Explorer. When online, pages do not load with colors and layout as source code is written. Most web pages load without color, only white, on any given site and text boxes with links often appear on top of each other making it impossible to click to a link. It is impossible to fill out forms such as US Postal website for creating labels for shipping.
Then the problem became worse. The monitor began to flicker then began flashing black and to the screen. I replaced the monitor only to have the same issue re-occur. Hooking up an additional monitor to the computer enabled me to work to back up my files recently created, however, I discovered, after shutting down computer and leaving it off for a couple days, then turning it back on to try to back up some files that the original monitor would work again. Sometimes the monitor will randomly respond as if it is burning out, other times it will remain on and the monitor functions normally for a long period of time.
I found some malware that I removed, but have not been able to correct the issues I have described. I am hopeful that it was a malware issue that has shut off the monitor. I have tried to update the driver for the monitor as well as other drivers. I cannot restore to previous time either.
Most programs that I have attempted to download to run malware scans have been blocked from downloading or running. Those that do download, find no issues.
I replaced this computer in the network with my laptop, only to find the monitor black as well. I am leary of installing any new computer on the network until the issue can be identified and resolved. Any help to correct issues would be greatly appreciated.
I have followed the UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and included the results of the scans.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-16 11:44:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHC0 rev.06.01C06
Running: hbkc4b8e.exe; Driver: C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\uxlyapow.sys
---- System - GMER 1.0.15 ----
SSDT 86941E58 ZwAlertResumeThread
SSDT 86BC6A80 ZwAlertThread
SSDT 86A27EA0 ZwAllocateVirtualMemory
SSDT 86A07790 ZwAssignProcessToJobObject
SSDT 86C0FA08 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF62A1980]
SSDT 86BC4AF8 ZwCreateMutant
SSDT 86A289B8 ZwCreateSymbolicLinkObject
SSDT 86A36F28 ZwCreateThread
SSDT 86BA9AD0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF62A1C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF62A1F10]
SSDT 86BBD380 ZwDuplicateObject
SSDT 86A08828 ZwFreeVirtualMemory
SSDT 86BC6920 ZwImpersonateAnonymousToken
SSDT 86BC6958 ZwImpersonateThread
SSDT 86BAF290 ZwLoadDriver
SSDT 86A08728 ZwMapViewOfSection
SSDT 86BC4A18 ZwOpenEvent
SSDT 86BDA3F0 ZwOpenProcess
SSDT 86A27F90 ZwOpenProcessToken
SSDT 86BC3578 ZwOpenSection
SSDT 86BBD450 ZwOpenThread
SSDT 86A076C0 ZwProtectVirtualMemory
SSDT 86BE7CD0 ZwResumeThread
SSDT 86C16BD0 ZwSetContextThread
SSDT 86BC1AF0 ZwSetInformationProcess
SSDT 86BA9BB0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF62A2160]
SSDT 86BC35F0 ZwSuspendProcess
SSDT 86BE7DB0 ZwSuspendThread
SSDT 86BD9970 ZwTerminateProcess
SSDT 86C16AF0 ZwTerminateThread
SSDT 86BC1BE0 ZwUnmapViewOfSection
SSDT 86A0BDA0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF5D53F80]
? C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\uxlyapog.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E354846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3547C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E354753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E354881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3852] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E354A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B040AD20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\NCW\ncwfoim.db-journal 0 bytes
---- EOF - GMER 1.0.15 ----
[FONT=Times New Roman].
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Front Desk User at 16:52:20 on 2012-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.395 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.0.28\ips\IPSBHO.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.37/uploader2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343579813000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342196884379
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages =
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301000.01c\SymDS.sys [2012-7-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301000.01c\SymEFA.sys [2012-7-21 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301000.01c\ccSetx86.sys [2012-7-21 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301000.01c\Ironx86.sys [2012-7-21 149624]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-7-21 105832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-7-12 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-12 676936]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.0.28\ccSvcHst.exe [2012-7-21 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120809.001\IDSXpx86.sys [2012-8-9 369632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-12 22856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120810.001\NAVENG.SYS [2012-8-10 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120810.001\NAVEX15.SYS [2012-8-10 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-1-4 91816]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-10-08 17:07:59 155648 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-08 17:07:59 143360 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-08 17:07:58 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-08 17:07:56 73728 ----a-w- c:\windows\system32\hccutils.dll
2012-10-08 17:07:54 876666 ----a-w- c:\windows\system32\ialmdd5.dll
2012-10-08 17:07:52 194298 ----a-w- c:\windows\system32\ialmdev5.dll
2012-10-08 17:07:51 110203 ----a-w- c:\windows\system32\ialmdnt5.dll
2012-10-08 17:07:50 38014 ----a-w- c:\windows\system32\ialmrnt5.dll
2012-10-08 17:07:49 830684 ----a-w- c:\windows\system32\drivers\ialmnt5.sys
2012-09-26 20:14:24 -------- d-----w- c:\documents and settings\front desk user\application data\FinalMediaPlayer
2012-08-14 15:03:13 114688 ----a-w- c:\windows\system32\SET5A.tmp
2012-08-14 15:03:12 900218 ----a-w- c:\windows\system32\SET26.tmp
2012-08-14 15:03:12 77824 ----a-w- c:\windows\system32\SET54.tmp
2012-08-14 15:03:12 73728 ----a-w- c:\windows\system32\SET35.tmp
2012-08-14 15:03:12 57344 ----a-w- c:\windows\system32\SET38.tmp
2012-08-14 15:03:12 36990 ----a-w- c:\windows\system32\SET1D.tmp
2012-08-14 15:03:12 213274 ----a-w- c:\windows\system32\SET23.tmp
2012-08-14 15:03:12 1503232 ----a-w- c:\windows\system32\SET57.tmp
2012-08-14 15:03:12 147456 ----a-w- c:\windows\system32\SET3E.tmp
2012-08-14 15:03:12 118395 ----a-w- c:\windows\system32\SET20.tmp
2012-08-14 14:34:19 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-03 18:35:27 -------- d-----w- c:\program files\Free Window Registry Repair
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-21 23:31:21 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-07-21 23:31:21 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-21 23:31:20 -------- d-----w- c:\program files\Symantec
2012-07-21 23:29:28 -------- d-----w- c:\program files\NortonInstaller
2012-07-21 23:13:00 -------- d-----w- c:\program files\HitmanPro
2012-07-21 23:12:02 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-07-21 22:10:05 -------- d-----w- c:\documents and settings\front desk user\application data\Malwarebytes
2012-07-21 22:09:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-21 19:55:31 -------- d-----w- c:\documents and settings\all users\application data\6F63A59FF10D56B7157AAD037B07D329
2012-07-21 19:54:46 -------- d-----w- c:\documents and settings\front desk user\application data\Kaix
2012-07-21 19:54:46 -------- d-----w- c:\documents and settings\front desk user\application data\Fydu
2012-07-15 17:59:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-13 17:43:52 -------- d-----w- c:\documents and settings\front desk user\local settings\application data\Avg2013
2012-07-13 17:43:50 -------- d-----w- c:\documents and settings\front desk user\local settings\application data\MFAData
2012-07-12 17:32:50 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-12 17:07:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 17:07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-11 23:14:27 -------- d-----w- c:\program files\Trend Micro
2012-07-11 22:57:58 -------- d-----w- c:\windows\system32\CatRoot2
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-07-11 22:10:40 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-07-11 22:10:40 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-07-11 22:10:40 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-07-11 22:10:40 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-07-11 22:10:40 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-07-11 22:00:51 -------- d-----w- c:\program files\CheckPoint
2012-07-11 22:00:49 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-07-11 21:53:48 429928 ----a-r- c:\windows\system32\hpinkstsa011.dll
2012-07-11 21:53:48 270696 ----a-r- c:\windows\system32\hpinkstsa011LM.dll
2012-07-11 21:53:48 216424 ----a-r- c:\windows\system32\hpinkcoia011.dll
2012-07-11 21:45:14 1929576 ----a-r- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-07-11 21:45:13 488296 ----a-r- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2012-07-11 19:59:06 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-07-11 19:44:03 -------- d-----w- c:\windows\system32\vmm32
.
==================== Find3M ====================
.
2012-09-19 16:59:24 2241 ----a-w- c:\windows\panose.bin
2012-08-16 20:32:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 20:32:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-04 23:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 15:55:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll
.
============= FINISH: 16:54:24.37 ===============
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org[/FONT]
[FONT=Times New Roman]Database version: v2012.09.07.13[/FONT]
[FONT=Times New Roman]Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Front Desk User :: D8T63P91 [administrator][/FONT]
[FONT=Times New Roman]9/26/2012 3:22:12 PM
mbam-log-2012-09-26 (15-22-12).txt[/FONT]
[FONT=Times New Roman]Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281718
Time elapsed: 1 hour(s), 27 minute(s), 21 second(s)[/FONT]
[FONT=Times New Roman]Memory Processes Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Memory Modules Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Keys Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Values Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Registry Data Items Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Folders Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman]Files Detected: 0
(No malicious items detected)[/FONT]
[FONT=Times New Roman](end)[/FONT]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/13/2006 4:26:41 PM
System Uptime: 7/13/2012 11:48:35 AM (5 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 30.696 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2258: 9/12/2012 11:07:51 AM - System Checkpoint
RP2259: 9/13/2012 11:58:39 AM - System Checkpoint
RP2260: 9/14/2012 12:58:40 PM - System Checkpoint
RP2261: 9/15/2012 1:58:40 PM - System Checkpoint
RP2262: 9/16/2012 2:58:40 PM - System Checkpoint
RP2263: 9/17/2012 2:59:45 PM - System Checkpoint
RP2264: 9/18/2012 3:58:41 PM - System Checkpoint
RP2265: 9/19/2012 4:59:47 PM - System Checkpoint
RP2266: 9/20/2012 5:59:47 PM - System Checkpoint
RP2267: 9/21/2012 6:58:42 PM - System Checkpoint
RP2268: 9/22/2012 7:58:41 PM - System Checkpoint
RP2269: 9/23/2012 8:58:42 PM - System Checkpoint
RP2270: 9/24/2012 9:36:58 PM - System Checkpoint
RP2271: 9/25/2012 10:36:59 PM - System Checkpoint
RP2272: 9/26/2012 12:17:05 PM - Removed Google Drive
RP2273: 9/27/2012 1:08:31 PM - System Checkpoint
RP2274: 10/4/2012 9:05:22 AM - System Checkpoint
RP2275: 10/5/2012 9:51:37 AM - System Checkpoint
RP2276: 10/6/2012 10:40:13 AM - System Checkpoint
RP2277: 10/7/2012 11:40:14 AM - System Checkpoint
RP2278: 10/8/2012 10:38:05 AM - Restore Operation
RP2279: 7/8/2012 12:05:35 PM - System Checkpoint
RP2280: 7/9/2012 12:52:38 PM - System Checkpoint
RP2281: 7/10/2012 1:45:54 PM - System Checkpoint
RP2282: 7/11/2012 1:44:00 PM - Installed Dell Resource CD
RP2283: 7/11/2012 1:59:53 PM - Installed Dell System Software
RP2284: 7/11/2012 2:00:07 PM - Installed Desktop System Software
RP2285: 7/11/2012 4:57:18 PM - Installed Microsoft Fix it 50528
RP2286: 7/12/2012 5:23:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Illustrator CS
Adobe PageMaker 6.5
Adobe Photoshop 7.0
Adobe Reader X (10.1.4)
Adobe SVG Viewer 3.0
AIO_Scan
AOLIcon
Apple Application Support
Apple Software Update
ArtRage 2
Banctec Service Agreement
BufferChm
CCleaner
ClamWin Free Antivirus 0.97
Conexant D850 PCI V.92 Modem
Copy
Corel Paint Shop Pro X
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Network Assistant
Dell Resource CD
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
EarthLink setup files
EducateU
ELIcon
eSupportQFolder
F2100
F2100_Help
FOX News Live Stream
Free File Opener v2011.6.0.4
Free Window Registry Repair
Google Update Helper
HijackThis 2.0.2
HitmanPro 3.6
Hotfix for Windows XP (KB2633952)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Info Center 1.0.0.7
InstallIQ Updater
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InVision 3.0
Java Auto Updater
Java(TM) 6 Update 29
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.65.0.1400
MapSource
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero Suite
NetWaiting
Norton Internet Security
OverDrive Media Console
PC Matic 1.1.0.44
QuickBooks Premier: Retail Edition 2004
QuickTime
QuickTime for Windows (32-bit)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Update Manager
Status
System Requirements Lab for Intel
Terragen
Terragen 2 Technology Preview
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - Conexant (winachsf) Modem (07/03/2007 7.67.00.50)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Xerox Phaser 860
ZoneAlarm Free Antivirus + Firewall
.
==== Event Viewer Messages From Past Week ========
.
9/26/2012 12:17:20 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/12/2012 5:30:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
7/12/2012 11:12:23 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/12/2012 11:11:50 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/11/2012 2:04:45 PM, error: NtServicePack [4375] - Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.
10/8/2012 11:10:03 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/8/2012 10:22:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/8/2012 10:13:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
10/8/2012 10:12:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2012 8:37:51 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================