Thank you so much for responding. Here are the scans you requested.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2010 3:21:14 PM
System Uptime: 7/19/2010 9:51:12 AM (1 hours ago)
Motherboard: Dell Inc. | | 0M3918
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 67.246 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Service: ati2mtag
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Manufacturer: Analog Devices, Inc.
Name: SoundMAX Integrated Digital Audio
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Service: smwdm
==== System Restore Points ===================
RP139: 7/16/2010 3:13:41 PM - System Checkpoint
RP140: 7/17/2010 3:19:10 PM - System Checkpoint
RP141: 7/18/2010 4:19:10 PM - System Checkpoint
==== Installed Programs ======================
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
Belarc Advisor 8.1
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Media Experience
Dell Photo AIO Printer 942
Dell ResourceCD
Digital Line Detect
Driver Detective
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft Silverlight
Mozilla Firefox (3.6.6)
MSN Toolbar
MSN Toolbar Platform
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
Norton Internet Security
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
7/15/2010 1:31:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/12/2010 9:16:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00132038EFB6. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/12/2010 6:05:08 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\usbui.dll could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
7/12/2010 6:05:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbuhci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mary Holman at 10:03:59.82 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.73 [GMT -4:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Holman\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [Google Update] "c:\documents and settings\mary holman\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/aut ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\maryho~1\applic~1\mozilla\firefox\profiles\csdu36fb.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\mary holman\application data\mozilla\firefox\profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mary holman\application data\mozilla\firefox\profiles\csdu36fb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\mary holman\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-6-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-6-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-6-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-6-26 116784]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100716.001\IDSXpx86.sys [2010-7-16 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100718.003\NAVENG.SYS [2010-7-18 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100718.003\NAVEX15.SYS [2010-7-18 1362608]
S3 cpuz132;cpuz132;\??\c:\docume~1\maryho~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\maryho~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
=============== Created Last 30 ================
2010-07-17 17:40:26 0 d-----w- c:\docume~1\maryho~1\applic~1\Aventail
2010-07-17 11:07:34 0 d-----w- c:\windows\pss
2010-07-15 18:58:56 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-07-15 18:58:55 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-07-15 18:58:55 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2010-07-15 18:58:55 23040 ----a-w- c:\windows\system32\PostProc.dll
2010-07-15 16:57:05 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 16:57:05 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 16:40:10 119798 ----a-w- c:\windows\system32\drivers\SPCA561.SYS
2010-07-15 16:21:50 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 16:21:50 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 16:21:47 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-07-15 16:21:47 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-07-15 16:21:47 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-07-15 16:21:47 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-07-15 16:21:47 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-07-15 16:21:47 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-07-15 14:06:18 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2010-07-15 03:35:32 0 d-----w- c:\docume~1\maryho~1\applic~1\Tific
2010-07-14 16:56:31 0 d-----w- c:\program files\Trend Micro
2010-07-14 10:03:30 0 d-----w- c:\docume~1\maryho~1\applic~1\Malwarebytes
2010-07-14 10:03:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 10:03:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 10:03:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 10:03:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 00:20:57 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:47:32 1071 ----a-w- c:\windows\AWMODEM.INF
2010-07-12 12:35:29 22 ----a-w- c:\windows\system32\ati64hlp.stb
2010-07-12 12:32:03 22 ----a-w- c:\windows\system32\ati64hl2.stb
2010-07-12 09:58:53 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK
2010-07-12 09:58:53 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK
2010-07-12 09:34:40 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-07-12 09:34:38 0 d-----w- c:\program files\Belarc
2010-07-05 16:09:28 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-07-05 16:09:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-07-05 16:08:31 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-07-05 15:45:17 40 ----a-w- c:\windows\WinInit.Ini
2010-07-05 15:36:07 0 d-----w- c:\program files\Microsoft
2010-07-05 15:36:03 0 d-----w- c:\program files\MSN Toolbar
2010-07-05 15:35:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Inspector
2010-07-05 15:35:10 0 d-----w- c:\program files\MSN Toolbar Installer
2010-07-02 12:59:13 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-02 11:48:17 0 d-----w- c:\docume~1\maryho~1\applic~1\ElevatedDiagnostics
2010-07-02 00:30:12 0 d-----w- C:\5.12.01.5280
2010-06-28 14:48:27 0 d-----w- c:\program files\Analog Devices
2010-06-28 13:50:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-28 13:50:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 15:59:36 0 d-----w- c:\program files\Jasc Software Inc
2010-06-27 15:59:36 0 d-----w- c:\program files\Dell Computer
2010-06-27 15:57:55 0 d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-06-27 15:57:43 585 ----a-w- c:\windows\dellstat.ini
2010-06-27 15:57:24 143360 ----a-r- c:\windows\system32\dlbucoin.dll
2010-06-27 15:57:24 131072 ----a-r- c:\windows\system32\dlbusnls.dll
2010-06-27 15:57:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-27 15:57:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-27 15:57:10 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-27 15:57:10 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-27 15:55:33 0 d-----w- c:\program files\Dell Photo AIO Printer 942
2010-06-27 15:55:08 0 d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-06-27 15:52:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Easy Driver Pro
2010-06-27 15:19:54 44 ----a-w- c:\windows\system32\msssc.dll
2010-06-27 15:01:16 0 d-----w- c:\windows\VirtualEar
2010-06-27 15:01:15 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-06-27 15:01:15 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-06-27 14:28:43 456 ------w- c:\windows\system32\pthsp.dat
2010-06-27 14:28:43 0 d-----w- c:\windows\PCTEL
2010-06-27 14:27:03 64512 ------w- c:\windows\system32\agrsmdel.exe
2010-06-27 13:59:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-27 13:59:43 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-27 13:59:43 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-06-27 12:21:46 0 d-----w- c:\windows\SxsCaPendDel
2010-06-27 12:15:07 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb15f261924b3c.mof
2010-06-27 11:35:47 0 d-----w- c:\docume~1\maryho~1\applic~1\SoftGrid Client
2010-06-27 11:31:11 0 d-----w- c:\docume~1\maryho~1\applic~1\TP
2010-06-27 11:18:27 0 d-----w- c:\program files\MSECache
2010-06-26 23:14:29 0 d-----w- c:\program files\Yahoo!
2010-06-26 22:59:11 520192 ------w- c:\windows\system32\ati2sgag.exe
2010-06-26 22:58:47 0 d-----w- c:\program files\ATI Technologies
2010-06-26 22:48:19 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys
2010-06-26 20:23:02 1902 ------w- c:\windows\system32\SetupBD.din
2010-06-26 20:22:38 5110 ----a-w- c:\windows\system32\e100b325.din
2010-06-26 20:22:38 24064 ----a-w- c:\windows\system32\IntelNic.dll
2010-06-26 20:22:38 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-06-26 20:22:38 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-06-26 20:22:38 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2010-06-26 20:22:38 118784 ----a-w- c:\windows\system32\Prounstl.exe
2010-06-26 20:22:38 0 d-----w- C:\drvrtmp
2010-06-26 20:22:14 0 d-----w- c:\windows\RegisteredPackages
2010-06-26 20:21:59 28352 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2010-06-26 20:21:52 149504 ----a-w- c:\windows\UNWISE.EXE
2010-06-26 20:21:42 0 d-----w- c:\program files\MUSICMATCH
2010-06-26 20:21:00 49152 ----a-w- c:\windows\system32\mhwt.dll
2010-06-26 20:21:00 47360 ----a-w- c:\windows\system32\drivers\IntelC53.sys
2010-06-26 20:21:00 36880 ----a-w- c:\windows\system32\drivers\mohfilt.sys
2010-06-26 20:21:00 172032 ----a-w- c:\windows\system32\intelmoh.dll
2010-06-26 20:21:00 1339776 ----a-w- c:\windows\system32\drivers\IntelC51.sys
2010-06-26 20:14:55 53248 ------w- c:\windows\system32\ltremove.exe
2010-06-26 20:14:55 0 d-----w- c:\windows\Options
2010-06-26 20:14:15 24576 ----a-r- c:\windows\system32\cpl_moh.cpl
2010-06-26 20:08:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-06-26 20:08:35 300032 ----a-w- c:\windows\unin040b.exe
2010-06-26 20:07:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-06-26 20:04:54 90112 ----a-w- c:\windows\system32\SET5A.tmp
2010-06-26 19:58:20 0 d-----w- c:\program files\UIU
2010-06-26 19:54:42 0 d-----w- c:\program files\Digital Line Detect
2010-06-26 19:36:49 0 d-----w- c:\program files\Dell
2010-06-26 19:30:03 0 d-----w- c:\program files\CONEXANT
2010-06-26 19:18:13 0 d-sh--w- c:\documents and settings\all users\DRM
2010-06-26 19:17:52 0 d--h--w- c:\program files\WindowsUpdate
2010-06-26 19:17:05 0 d-----w- c:\program files\common files\MSSoap
2010-06-26 19:15:53 0 d-----w- c:\program files\Online Services
2010-06-26 19:15:48 0 d-----w- c:\program files\Messenger
2010-06-26 19:15:45 0 d-----w- c:\program files\MSN Gaming Zone
2010-06-26 19:15:14 0 d-----w- c:\program files\Windows NT
2010-06-26 12:05:14 0 d-----w- c:\program files\common files\ODBC
2010-06-26 12:05:11 0 d-----w- c:\program files\common files\SpeechEngines
2010-06-26 12:04:45 0 d-----r- c:\documents and settings\all users\Documents
2010-06-26 10:07:50 0 d-----w- c:\program files\Symantec
2010-06-26 10:07:50 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-26 10:06:57 0 d-----w- c:\program files\Norton Internet Security
2010-06-26 10:06:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-26 10:06:45 0 d-----w- c:\program files\NortonInstaller
2010-06-26 10:06:45 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-26 09:40:46 0 d-----w- c:\program files\MSXML 6.0
==================== Find3M ====================
2010-06-26 19:16:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-26 10:07:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 10:07:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 10:07:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 10:07:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-19 10:13:27
Windows 5.1.2600 Service Pack 3
Running: dhuttrwp.exe; Driver: C:\DOCUME~1\MARYHO~1\LOCALS~1\Temp\kxxiaaow.sys
---- System - GMER 1.0.15 ----
SSDT 8247E9A8 ZwAlertResumeThread
SSDT 8247EA68 ZwAlertThread
SSDT 82231EA0 ZwAllocateVirtualMemory
SSDT 82214F70 ZwAssignProcessToJobObject
SSDT 82376250 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEF8EB210]
SSDT 822D2B18 ZwCreateMutant
SSDT 821E86D8 ZwCreateSymbolicLinkObject
SSDT 822402C0 ZwCreateThread
SSDT 821D0588 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEF8EB490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEF8EB9F0]
SSDT 822E8490 ZwDuplicateObject
SSDT 8236F778 ZwFreeVirtualMemory
SSDT 823799B8 ZwImpersonateAnonymousToken
SSDT 82379A98 ZwImpersonateThread
SSDT 822D06C8 ZwLoadDriver
SSDT 821EC2C0 ZwMapViewOfSection
SSDT 822D2A38 ZwOpenEvent
SSDT 821DF520 ZwOpenProcess
SSDT 82231F90 ZwOpenProcessToken
SSDT 822E2B70 ZwOpenSection
SSDT 822E8580 ZwOpenThread
SSDT 82214E80 ZwProtectVirtualMemory
SSDT 822D2F28 ZwResumeThread
SSDT 821DE790 ZwSetContextThread
SSDT 821DE870 ZwSetInformationProcess
SSDT 821D0668 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEF8EBC40]
SSDT 822E2C50 ZwSuspendProcess
SSDT 823ECAF0 ZwSuspendThread
SSDT 821D7A98 ZwTerminateProcess
SSDT 823ECBD0 ZwTerminateThread
SSDT 82362EA0 ZwUnmapViewOfSection
SSDT 8236F868 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 239C 80501BD4 8 Bytes JMP 6AB89E20
.text ntkrnlpa.exe!ZwCallbackReturn + 26FC 80501F34 4 Bytes CALL 9DE4A156
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Mary Holman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
============= FINISH: 10:04:44.50 ===============
Thank you again