I recently had a game account hacked that was confirmed by their tech support to be a "one time login, not brute force attempt" whereby a WoW account was stolen. The support guy was pretty certain by looking at his logfiles that I'm infected with some sort of keylogger, since it was a "one and done" kind of thing. They apparently keep very far-reaching, comprehensive logs, but I digress.
I keep my computer pretty tightly secured and was surprised. I run Prevx 3.0 and Symantec Endpoint Protection and throw in the occasional manual Spybot and MBAM run. I'm now combing through with a fine tooth comb to ensure this (or worse..banking, etc) doesn't happen again. I have a server, and that was rebuilt tonight since it has been failing as you'll note on the last week's Event Viewer log. Thanks in advance for any help!!
Without further ado and per instructions, here are the attached logs:
>>>>>> MBAM SCAN <<<<<<
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6160
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/24/2011 7:09:20 PM
mbam-log-2011-03-24 (19-09-20).txt
Scan type: Full scan (C:\|)
Objects scanned: 368752
Time elapsed: 1 hour(s), 55 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
>>>>>> GMER <<<<<<
(Note: I closed down Prevx and Symantec protection, don't know why it still scanned.)
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-24 20:57:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000077 WDC_WD3200JS-60PDB0 rev.21.00M21
Running: ipyq8f64.exe; Driver: C:\DOCUME~1\Jill\LOCALS~1\Temp\uwlyipob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
>>>>>> DDS.txt <<<<<<
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jill at 21:01:45.71 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1397 [GMT -5:00]
.
AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Jill\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dldfmon.exe] "c:\program files\dell aio printer 948\dldfmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer 948\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\webmail
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197264954742
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jill\applic~1\mozilla\firefox\profiles\q7upgcbm.default\
FF - plugin: c:\documents and settings\jill\application data\move networks\plugins\npqmp071503000010.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\jill\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-1-31 76696]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-1-31 32008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-8 108392]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2008-12-23 6416120]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-12-8 2436536]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2007-10-31 1310720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-9 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110323.035\NAVENG.SYS [2011-3-24 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110323.035\NAVEX15.SYS [2011-3-24 1360760]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-21 26096]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2010-11-6 98952]
S3 BIU;BIU;c:\docume~1\jill\locals~1\temp\biu.exe --> c:\docume~1\jill\locals~1\temp\BIU.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-12-8 23888]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\27e.tmp --> c:\windows\system32\27E.tmp [?]
S3 PORTMON;PORTMON;\??\y:\sysinternals suite\portmsys.sys --> y:\sysinternals suite\PORTMSYS.SYS [?]
S3 WOXHZMINOQJE;WOXHZMINOQJE;c:\docume~1\jill\locals~1\temp\woxhzminoqje.exe --> c:\docume~1\jill\locals~1\temp\WOXHZMINOQJE.exe [?]
.
=============== Created Last 30 ================
.
2011-03-24 21:10:07 -------- d-----w- C:\Misc
2011-03-24 21:09:33 709456 ----a-w- c:\windows\isRS-000.tmp
2011-03-18 01:59:15 1409 ----a-w- c:\windows\QTFont.for
2011-03-09 11:34:58 -------- d-----w- c:\program files\Alarm Clock
2011-03-04 13:58:56 -------- d-----w- C:\Mercedes Recovered Pictures
2011-03-04 12:16:47 -------- d-----w- C:\Nomad Stuff
2011-03-04 12:06:02 -------- d-----w- C:\Linksys Wireless G Stuff
2011-03-04 12:04:01 -------- d-----w- C:\HP Deskjet 810C Stuff
2011-03-04 02:21:14 -------- d-----w- C:\SavedCopyQuickBooks
.
==================== Find3M ====================
.
2011-03-25 01:30:29 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:02:31.96 ===============
>>>>>> Attach.text <<<<<<
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2007 10:35:22 PM
System Uptime: 3/24/2011 8:38:29 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-E SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2613/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 231.131 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP258: 12/25/2010 12:47:48 PM - System Checkpoint
RP259: 12/26/2010 1:47:49 PM - System Checkpoint
RP260: 12/27/2010 2:46:45 PM - System Checkpoint
RP261: 12/28/2010 3:46:45 PM - System Checkpoint
RP262: 12/29/2010 4:46:48 PM - System Checkpoint
RP263: 12/30/2010 4:47:49 PM - System Checkpoint
RP264: 12/31/2010 5:46:44 PM - System Checkpoint
RP265: 1/1/2011 6:46:26 PM - System Checkpoint
RP266: 1/2/2011 6:46:43 PM - System Checkpoint
RP267: 1/3/2011 7:46:45 PM - System Checkpoint
RP268: 1/4/2011 8:46:49 PM - System Checkpoint
RP269: 1/5/2011 9:46:44 PM - System Checkpoint
RP270: 1/6/2011 5:00:23 AM - Software Distribution Service 3.0
RP271: 1/7/2011 5:00:13 AM - Software Distribution Service 3.0
RP272: 1/8/2011 5:46:44 AM - System Checkpoint
RP273: 1/9/2011 6:46:44 AM - System Checkpoint
RP274: 1/10/2011 7:46:46 AM - System Checkpoint
RP275: 1/11/2011 10:19:04 AM - System Checkpoint
RP276: 1/12/2011 5:00:21 AM - Software Distribution Service 3.0
RP277: 1/13/2011 5:24:47 AM - System Checkpoint
RP278: 1/14/2011 6:24:46 AM - System Checkpoint
RP279: 1/15/2011 7:24:48 AM - System Checkpoint
RP280: 1/16/2011 8:25:51 AM - System Checkpoint
RP281: 1/17/2011 9:24:47 AM - System Checkpoint
RP282: 1/18/2011 1:02:46 PM - System Checkpoint
RP283: 1/19/2011 1:24:46 PM - System Checkpoint
RP284: 1/20/2011 2:24:46 PM - System Checkpoint
RP285: 1/21/2011 3:24:48 PM - System Checkpoint
RP286: 1/22/2011 4:24:46 PM - System Checkpoint
RP287: 1/23/2011 5:24:46 PM - System Checkpoint
RP288: 1/24/2011 6:22:50 PM - System Checkpoint
RP289: 1/25/2011 6:24:46 PM - System Checkpoint
RP290: 1/26/2011 4:49:17 AM - Installed Java(TM) 6 Update 23
RP291: 1/27/2011 5:25:51 AM - System Checkpoint
RP292: 1/28/2011 5:41:26 AM - System Checkpoint
RP293: 1/29/2011 6:24:46 AM - System Checkpoint
RP294: 1/30/2011 7:24:46 AM - System Checkpoint
RP295: 1/31/2011 7:54:25 AM - System Checkpoint
RP296: 2/1/2011 8:54:25 AM - System Checkpoint
RP297: 2/2/2011 9:54:25 AM - System Checkpoint
RP298: 2/3/2011 10:54:28 AM - System Checkpoint
RP299: 2/4/2011 11:54:25 AM - System Checkpoint
RP300: 2/5/2011 12:53:54 PM - System Checkpoint
RP301: 2/6/2011 12:54:24 PM - System Checkpoint
RP302: 2/7/2011 1:54:27 PM - System Checkpoint
RP303: 2/8/2011 2:54:25 PM - System Checkpoint
RP304: 2/9/2011 5:00:23 AM - Software Distribution Service 3.0
RP305: 2/10/2011 5:00:23 AM - Software Distribution Service 3.0
RP306: 2/11/2011 5:38:26 AM - System Checkpoint
RP307: 2/12/2011 6:38:26 AM - System Checkpoint
RP308: 2/13/2011 7:38:27 AM - System Checkpoint
RP309: 2/14/2011 7:39:31 AM - System Checkpoint
RP310: 2/15/2011 8:00:59 AM - System Checkpoint
RP311: 2/16/2011 8:59:50 AM - System Checkpoint
RP312: 2/17/2011 9:11:50 AM - System Checkpoint
RP313: 2/18/2011 9:59:58 AM - System Checkpoint
RP314: 2/19/2011 10:59:50 AM - System Checkpoint
RP315: 2/20/2011 11:58:21 AM - System Checkpoint
RP316: 2/21/2011 12:58:26 PM - System Checkpoint
RP317: 2/22/2011 1:58:20 PM - System Checkpoint
RP318: 2/23/2011 2:58:24 PM - System Checkpoint
RP319: 2/24/2011 3:58:21 PM - System Checkpoint
RP320: 2/25/2011 4:58:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 8 Professional
Adobe Acrobat 8.2.6 - CPSID_83708
Adobe Acrobat 8.2.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Alarm Clock v1.0
Apple Software Update
ASUSUpdate
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C-Media 6501 Sound
Compatibility Pack for the 2007 Office system
Cool & Quiet
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell AIO Printer 948
Destinations
DocProc
EverQuest Titanium
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 8.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InstantShareDevicesMFC
IP Tool
Java(TM) 6 Update 14
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LightScribe 1.4.136.1
LiveUpdate 3.3 (Symantec Corporation)
Magelo Sync (uninstall only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Move Media Player
Mozilla Firefox (3.6.3)
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
Notepad++
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PanoStandAlone
PC Probe II
Prevx
QFolder
QuickBooks Pro 2009
QuickTime
RealPlayer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Sid Meier's Civilization 4 Gold
SolutionCenter
Sophos Anti-Rootkit 1.5.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
SupportSoft Assisted Service
Symantec Endpoint Protection
System Requirements Lab
TaxACT 2007
TaxACT 2008
TaxACT 2008 Wisconsin
TaxACT 2009
TaxACT 2009 Wisconsin
TaxACT Wisconsin 2007
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The dldf_device service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 2 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/24/2011 8:29:45 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/23/2011 4:32:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
3/23/2011 4:32:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldfCATSCustConnectService service to connect.
3/23/2011 4:32:10 AM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2011 4:32:10 AM, error: Service Control Manager [7000] - The dldfCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2011 4:31:23 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
3/23/2011 3:08:17 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MINDTRAP due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/23/2011 11:50:28 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
3/22/2011 6:32:56 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The handle is invalid.
3/22/2011 6:32:56 PM, error: DCOM [10005] - DCOM got error "%6" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
3/22/2011 12:54:46 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer S-MINDTRAP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CCD3816-F577-4F1. The master browser is stopping or an election is being forced.
3/20/2011 1:08:31 AM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\S-MINDTRAP for the domain MINDTRAP failed because the Domain Controller does not have an account for the computer JILLPC001.
3/19/2011 6:38:32 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\s-mindtrap.mindtrap.local for the domain MINDTRAP failed because the Domain Controller does not have an account for the computer JILLPC001.
3/19/2011 6:02:29 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%6" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
3/18/2011 8:34:18 PM, error: DCOM [10000] - Unable to start a DCOM Server: {9E14B23B-5D8A-447F-B962-6D6D6897861E}. The error: "%6" Happened while starting this command: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe" -Embedding
3/17/2011 10:05:43 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MINDTRAP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
I keep my computer pretty tightly secured and was surprised. I run Prevx 3.0 and Symantec Endpoint Protection and throw in the occasional manual Spybot and MBAM run. I'm now combing through with a fine tooth comb to ensure this (or worse..banking, etc) doesn't happen again. I have a server, and that was rebuilt tonight since it has been failing as you'll note on the last week's Event Viewer log. Thanks in advance for any help!!
Without further ado and per instructions, here are the attached logs:
>>>>>> MBAM SCAN <<<<<<
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6160
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/24/2011 7:09:20 PM
mbam-log-2011-03-24 (19-09-20).txt
Scan type: Full scan (C:\|)
Objects scanned: 368752
Time elapsed: 1 hour(s), 55 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
>>>>>> GMER <<<<<<
(Note: I closed down Prevx and Symantec protection, don't know why it still scanned.)
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-24 20:57:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000077 WDC_WD3200JS-60PDB0 rev.21.00M21
Running: ipyq8f64.exe; Driver: C:\DOCUME~1\Jill\LOCALS~1\Temp\uwlyipob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
>>>>>> DDS.txt <<<<<<
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by jill at 21:01:45.71 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1397 [GMT -5:00]
.
AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Jill\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dldfmon.exe] "c:\program files\dell aio printer 948\dldfmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer 948\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\webmail
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197264954742
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jill\applic~1\mozilla\firefox\profiles\q7upgcbm.default\
FF - plugin: c:\documents and settings\jill\application data\move networks\plugins\npqmp071503000010.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\jill\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-1-31 76696]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-1-31 32008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-8 108392]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2008-12-23 6416120]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-12-8 2436536]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2007-10-31 1310720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-9 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110323.035\NAVENG.SYS [2011-3-24 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110323.035\NAVEX15.SYS [2011-3-24 1360760]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-21 26096]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2010-11-6 98952]
S3 BIU;BIU;c:\docume~1\jill\locals~1\temp\biu.exe --> c:\docume~1\jill\locals~1\temp\BIU.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-12-8 23888]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\27e.tmp --> c:\windows\system32\27E.tmp [?]
S3 PORTMON;PORTMON;\??\y:\sysinternals suite\portmsys.sys --> y:\sysinternals suite\PORTMSYS.SYS [?]
S3 WOXHZMINOQJE;WOXHZMINOQJE;c:\docume~1\jill\locals~1\temp\woxhzminoqje.exe --> c:\docume~1\jill\locals~1\temp\WOXHZMINOQJE.exe [?]
.
=============== Created Last 30 ================
.
2011-03-24 21:10:07 -------- d-----w- C:\Misc
2011-03-24 21:09:33 709456 ----a-w- c:\windows\isRS-000.tmp
2011-03-18 01:59:15 1409 ----a-w- c:\windows\QTFont.for
2011-03-09 11:34:58 -------- d-----w- c:\program files\Alarm Clock
2011-03-04 13:58:56 -------- d-----w- C:\Mercedes Recovered Pictures
2011-03-04 12:16:47 -------- d-----w- C:\Nomad Stuff
2011-03-04 12:06:02 -------- d-----w- C:\Linksys Wireless G Stuff
2011-03-04 12:04:01 -------- d-----w- C:\HP Deskjet 810C Stuff
2011-03-04 02:21:14 -------- d-----w- C:\SavedCopyQuickBooks
.
==================== Find3M ====================
.
2011-03-25 01:30:29 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:02:31.96 ===============
>>>>>> Attach.text <<<<<<
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2007 10:35:22 PM
System Uptime: 3/24/2011 8:38:29 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-E SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2613/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 231.131 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP258: 12/25/2010 12:47:48 PM - System Checkpoint
RP259: 12/26/2010 1:47:49 PM - System Checkpoint
RP260: 12/27/2010 2:46:45 PM - System Checkpoint
RP261: 12/28/2010 3:46:45 PM - System Checkpoint
RP262: 12/29/2010 4:46:48 PM - System Checkpoint
RP263: 12/30/2010 4:47:49 PM - System Checkpoint
RP264: 12/31/2010 5:46:44 PM - System Checkpoint
RP265: 1/1/2011 6:46:26 PM - System Checkpoint
RP266: 1/2/2011 6:46:43 PM - System Checkpoint
RP267: 1/3/2011 7:46:45 PM - System Checkpoint
RP268: 1/4/2011 8:46:49 PM - System Checkpoint
RP269: 1/5/2011 9:46:44 PM - System Checkpoint
RP270: 1/6/2011 5:00:23 AM - Software Distribution Service 3.0
RP271: 1/7/2011 5:00:13 AM - Software Distribution Service 3.0
RP272: 1/8/2011 5:46:44 AM - System Checkpoint
RP273: 1/9/2011 6:46:44 AM - System Checkpoint
RP274: 1/10/2011 7:46:46 AM - System Checkpoint
RP275: 1/11/2011 10:19:04 AM - System Checkpoint
RP276: 1/12/2011 5:00:21 AM - Software Distribution Service 3.0
RP277: 1/13/2011 5:24:47 AM - System Checkpoint
RP278: 1/14/2011 6:24:46 AM - System Checkpoint
RP279: 1/15/2011 7:24:48 AM - System Checkpoint
RP280: 1/16/2011 8:25:51 AM - System Checkpoint
RP281: 1/17/2011 9:24:47 AM - System Checkpoint
RP282: 1/18/2011 1:02:46 PM - System Checkpoint
RP283: 1/19/2011 1:24:46 PM - System Checkpoint
RP284: 1/20/2011 2:24:46 PM - System Checkpoint
RP285: 1/21/2011 3:24:48 PM - System Checkpoint
RP286: 1/22/2011 4:24:46 PM - System Checkpoint
RP287: 1/23/2011 5:24:46 PM - System Checkpoint
RP288: 1/24/2011 6:22:50 PM - System Checkpoint
RP289: 1/25/2011 6:24:46 PM - System Checkpoint
RP290: 1/26/2011 4:49:17 AM - Installed Java(TM) 6 Update 23
RP291: 1/27/2011 5:25:51 AM - System Checkpoint
RP292: 1/28/2011 5:41:26 AM - System Checkpoint
RP293: 1/29/2011 6:24:46 AM - System Checkpoint
RP294: 1/30/2011 7:24:46 AM - System Checkpoint
RP295: 1/31/2011 7:54:25 AM - System Checkpoint
RP296: 2/1/2011 8:54:25 AM - System Checkpoint
RP297: 2/2/2011 9:54:25 AM - System Checkpoint
RP298: 2/3/2011 10:54:28 AM - System Checkpoint
RP299: 2/4/2011 11:54:25 AM - System Checkpoint
RP300: 2/5/2011 12:53:54 PM - System Checkpoint
RP301: 2/6/2011 12:54:24 PM - System Checkpoint
RP302: 2/7/2011 1:54:27 PM - System Checkpoint
RP303: 2/8/2011 2:54:25 PM - System Checkpoint
RP304: 2/9/2011 5:00:23 AM - Software Distribution Service 3.0
RP305: 2/10/2011 5:00:23 AM - Software Distribution Service 3.0
RP306: 2/11/2011 5:38:26 AM - System Checkpoint
RP307: 2/12/2011 6:38:26 AM - System Checkpoint
RP308: 2/13/2011 7:38:27 AM - System Checkpoint
RP309: 2/14/2011 7:39:31 AM - System Checkpoint
RP310: 2/15/2011 8:00:59 AM - System Checkpoint
RP311: 2/16/2011 8:59:50 AM - System Checkpoint
RP312: 2/17/2011 9:11:50 AM - System Checkpoint
RP313: 2/18/2011 9:59:58 AM - System Checkpoint
RP314: 2/19/2011 10:59:50 AM - System Checkpoint
RP315: 2/20/2011 11:58:21 AM - System Checkpoint
RP316: 2/21/2011 12:58:26 PM - System Checkpoint
RP317: 2/22/2011 1:58:20 PM - System Checkpoint
RP318: 2/23/2011 2:58:24 PM - System Checkpoint
RP319: 2/24/2011 3:58:21 PM - System Checkpoint
RP320: 2/25/2011 4:58:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 8 Professional
Adobe Acrobat 8.2.6 - CPSID_83708
Adobe Acrobat 8.2.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Alarm Clock v1.0
Apple Software Update
ASUSUpdate
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C-Media 6501 Sound
Compatibility Pack for the 2007 Office system
Cool & Quiet
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell AIO Printer 948
Destinations
DocProc
EverQuest Titanium
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Solution Center 8.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InstantShareDevicesMFC
IP Tool
Java(TM) 6 Update 14
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LightScribe 1.4.136.1
LiveUpdate 3.3 (Symantec Corporation)
Magelo Sync (uninstall only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Move Media Player
Mozilla Firefox (3.6.3)
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
Notepad++
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PanoStandAlone
PC Probe II
Prevx
QFolder
QuickBooks Pro 2009
QuickTime
RealPlayer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Sid Meier's Civilization 4 Gold
SolutionCenter
Sophos Anti-Rootkit 1.5.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
SupportSoft Assisted Service
Symantec Endpoint Protection
System Requirements Lab
TaxACT 2007
TaxACT 2008
TaxACT 2008 Wisconsin
TaxACT 2009
TaxACT 2009 Wisconsin
TaxACT Wisconsin 2007
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The dldf_device service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 2 time(s).
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
3/24/2011 8:29:56 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/24/2011 8:29:45 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/23/2011 4:32:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
3/23/2011 4:32:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldfCATSCustConnectService service to connect.
3/23/2011 4:32:10 AM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2011 4:32:10 AM, error: Service Control Manager [7000] - The dldfCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2011 4:31:23 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
3/23/2011 3:08:17 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MINDTRAP due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/23/2011 11:50:28 PM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
3/22/2011 6:32:56 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The handle is invalid.
3/22/2011 6:32:56 PM, error: DCOM [10005] - DCOM got error "%6" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
3/22/2011 12:54:46 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer S-MINDTRAP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4CCD3816-F577-4F1. The master browser is stopping or an election is being forced.
3/20/2011 1:08:31 AM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\S-MINDTRAP for the domain MINDTRAP failed because the Domain Controller does not have an account for the computer JILLPC001.
3/19/2011 6:38:32 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\s-mindtrap.mindtrap.local for the domain MINDTRAP failed because the Domain Controller does not have an account for the computer JILLPC001.
3/19/2011 6:02:29 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%6" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
3/18/2011 8:34:18 PM, error: DCOM [10000] - Unable to start a DCOM Server: {9E14B23B-5D8A-447F-B962-6D6D6897861E}. The error: "%6" Happened while starting this command: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe" -Embedding
3/17/2011 10:05:43 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MINDTRAP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
