lcrall

Members

View Profile See their activity

Posts
5
Joined
April 12, 2011
Last visited
April 27, 2011

Reputation

0 Neutral

Windows Restore Virus

lcrall replied to lcrall's topic in Resolved Malware Removal Logs

Thank you. I did run the uninstall program and combofix did run although it did give me a warning that ca virus scan was running but I ran it anyway at my own risk. Here is the combox fix log ComboFix 11-04-27.01 - Lisa Crall 04/27/2011 18:29:29.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1608 [GMT -4:00] Running from: c:\documents and settings\Lisa Crall\Desktop\ComboFix.exe AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Lisa Crall\Desktop\Setup.exe c:\documents and settings\Lisa Crall\Desktop\Windows Restore.lnk c:\documents and settings\Lisa Crall\DesktopLSPFix.exe c:\documents and settings\Lisa Crall\DesktopSafeMSI.exe c:\documents and settings\Lisa Crall\DesktopWinsockxpFix.exe c:\documents and settings\Lisa Crall\g2mdlhlpx.exe c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore\Windows Restore.lnk . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 ))))))))))))))))))))))))))))))) . . 2011-04-27 22:14 . 2011-04-27 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge 2011-04-25 22:11 . 2011-04-25 22:12 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-04-25 22:04 . 2011-04-25 22:05 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-04-07 00:34 . 2011-04-07 00:34 -------- d-----w- C:\NPE 2011-04-06 23:57 . 2011-04-06 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-04-06 23:57 . 2011-04-07 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE 2011-04-06 23:20 . 2011-04-06 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-04-06 22:50 . 2011-04-06 22:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-04-06 22:50 . 2011-04-06 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-04-06 22:48 . 2011-04-06 22:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-11 22:00 270848 ---ha-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-11 22:00 186880 ---ha-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-11 22:11 2067456 ---ha-w- c:\windows\system32\mstscax.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-24 39816] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-26 2356088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-12 30192] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WDM_DRMKAUD0"="streamci" [X] "WDM_DRMKAUD1"="streamci" [X] "WDM_DRMKAUD2"="streamci" [X] "WDM_SYSAUDIO"="streamci.dll" [2001-08-18 8192] "WDM_KMIXER0"="streamci.dll" [2001-08-18 8192] . c:\documents and settings\Lisa Crall\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-04 03:46 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmc45.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] S0 Winmc45;Winmc45;c:\windows\system32\Drivers\Winmc45.sys --> c:\windows\system32\Drivers\Winmc45.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [4/8/2009 2:53 PM 17920] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/3/2008 11:40 PM 30192] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . Contents of the 'Scheduled Tasks' folder . 2011-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: gotomeeting.com\www1 FF - ProfilePath - c:\documents and settings\Lisa Crall\Application Data\Mozilla\Firefox\Profiles\xy1ua40y.default\ FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe HKLM-Run-cafwc - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\iexplore.exe Notify-PFW - (no file) MSConfigStartUp-lphcrolj0ea5p - c:\windows\system32\lphcrolj0ea5p.exe MSConfigStartUp-SMrhcvolj0ea5p - c:\program files\rhcvolj0ea5p\rhcvolj0ea5p.exe MSConfigStartUp-sysrest32 - c:\windows\system32\sysrest32.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-27 18:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(712) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll . - - - - - - - > 'explorer.exe'(1848) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\progra~1\ArcSoft\PHOTOI~1\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlcxcoms.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-04-27 18:43:22 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-27 22:43 . Pre-Run: 205,981,892,608 bytes free Post-Run: 206,886,191,104 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 27DB3E6B9001580B4641162FBFC912D7 Here is dds.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by Lisa Crall at 18:51:36.09 on Wed 04/27/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1453 [GMT -4:00] . AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Lisa Crall\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon" uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe" mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16 mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [WDM_SYSAUDIO] rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},c:\windows\inf\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install mRunOnce: [WDM_DRMKAUD0] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install mRunOnce: [WDM_DRMKAUD1] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install mRunOnce: [WDM_DRMKAUD2] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install mRunOnce: [WDM_KMIXER0] rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},c:\windows\inf\WDMAUDIO.inf,WDM_KMIXER.Interface.Install StartupFolder: c:\docume~1\lisacr~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: gotomeeting.com\www1 DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://webmail.nyatep.org/Remote/msrdp.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\lisacr~1\applic~1\mozilla\firefox\profiles\xy1ua40y.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] S0 Winmc45;Winmc45;c:\windows\system32\drivers\winmc45.sys --> c:\windows\system32\drivers\Winmc45.sys [?] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-4-8 17920] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-3 30192] . =============== Created Last 30 ================ . 2011-04-27 22:28:37 -------- d-sha-r- C:\cmdcons 2011-04-27 22:25:01 98816 ----a-w- c:\windows\sed.exe 2011-04-27 22:25:01 89088 ----a-w- c:\windows\MBR.exe 2011-04-27 22:25:01 256512 ----a-w- c:\windows\PEV.exe 2011-04-27 22:25:01 161792 ----a-w- c:\windows\SWREG.exe 2011-04-27 22:14:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge 2011-04-25 22:11:02 -------- d-----w- C:\32788R22FWJFW.2.tmp 2011-04-25 22:04:54 -------- d-----w- C:\32788R22FWJFW.1.tmp 2011-04-07 00:34:20 -------- d-----w- C:\NPE 2011-04-06 23:57:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton . ==================== Find3M ==================== . 2011-04-27 20:28:57 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-04-27 20:28:57 104 --sh--r- c:\windows\system32\EC2A81B165.sys 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 18:51:48.04 =============== and here is attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/13/2008 11:01:08 AM System Uptime: 4/27/2011 6:34:32 PM (0 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 192.696 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP776: 1/27/2011 11:26:59 PM - System Checkpoint RP777: 1/28/2011 11:48:58 PM - System Checkpoint RP778: 1/30/2011 1:34:14 AM - System Checkpoint RP779: 1/31/2011 3:21:44 AM - System Checkpoint RP780: 2/1/2011 5:33:44 AM - System Checkpoint RP781: 2/2/2011 7:46:45 AM - System Checkpoint RP782: 2/3/2011 9:21:45 AM - System Checkpoint RP783: 2/4/2011 11:33:46 AM - System Checkpoint RP784: 2/5/2011 1:33:56 PM - System Checkpoint RP785: 2/6/2011 1:49:29 PM - System Checkpoint RP786: 2/7/2011 3:22:00 PM - System Checkpoint RP787: 2/8/2011 6:03:18 PM - System Checkpoint RP788: 2/9/2011 3:00:15 AM - Software Distribution Service 3.0 RP789: 2/10/2011 3:27:26 AM - System Checkpoint RP790: 2/11/2011 5:27:26 AM - System Checkpoint RP791: 2/12/2011 7:27:26 AM - System Checkpoint RP792: 2/13/2011 9:27:28 AM - System Checkpoint RP793: 2/14/2011 12:36:16 PM - System Checkpoint RP794: 2/15/2011 1:27:28 PM - System Checkpoint RP795: 2/16/2011 1:28:33 PM - System Checkpoint RP796: 2/17/2011 3:27:28 PM - System Checkpoint RP797: 2/18/2011 3:28:34 PM - System Checkpoint RP798: 2/19/2011 3:47:16 PM - System Checkpoint RP799: 2/20/2011 5:39:00 PM - System Checkpoint RP800: 2/21/2011 7:27:44 PM - System Checkpoint RP801: 2/22/2011 7:28:49 PM - System Checkpoint RP802: 2/23/2011 7:39:45 PM - System Checkpoint RP803: 2/24/2011 8:09:18 PM - System Checkpoint RP804: 2/25/2011 9:37:09 PM - System Checkpoint RP805: 2/26/2011 10:39:04 PM - System Checkpoint RP806: 2/27/2011 11:39:44 PM - System Checkpoint RP807: 3/1/2011 1:39:45 AM - System Checkpoint RP808: 3/2/2011 3:27:44 AM - System Checkpoint RP809: 3/3/2011 5:27:44 AM - System Checkpoint RP810: 3/4/2011 7:43:18 AM - System Checkpoint RP811: 3/5/2011 9:27:57 AM - System Checkpoint RP812: 3/6/2011 9:40:10 AM - System Checkpoint RP813: 3/7/2011 11:28:11 AM - System Checkpoint RP814: 3/8/2011 1:29:15 PM - System Checkpoint RP815: 3/9/2011 3:00:20 AM - Software Distribution Service 3.0 RP816: 3/10/2011 3:28:11 AM - System Checkpoint RP817: 3/11/2011 3:29:15 AM - System Checkpoint RP818: 3/12/2011 3:40:10 AM - System Checkpoint RP819: 3/13/2011 6:28:11 AM - System Checkpoint RP820: 3/14/2011 7:40:10 AM - System Checkpoint RP821: 3/15/2011 9:36:28 AM - System Checkpoint RP822: 3/16/2011 3:00:19 AM - Software Distribution Service 3.0 RP823: 3/17/2011 3:33:40 AM - System Checkpoint RP824: 3/18/2011 5:46:08 AM - System Checkpoint RP825: 3/19/2011 7:33:36 AM - System Checkpoint RP826: 3/20/2011 9:25:08 AM - System Checkpoint RP827: 3/21/2011 11:22:50 AM - System Checkpoint RP828: 3/22/2011 11:32:55 AM - System Checkpoint RP829: 3/23/2011 11:58:20 AM - System Checkpoint RP830: 3/24/2011 2:43:36 PM - System Checkpoint RP831: 3/25/2011 3:00:18 AM - Software Distribution Service 3.0 RP832: 3/26/2011 3:11:41 AM - System Checkpoint RP833: 3/27/2011 3:33:46 AM - System Checkpoint RP834: 3/28/2011 5:34:01 AM - System Checkpoint RP835: 3/29/2011 6:39:47 AM - System Checkpoint RP836: 3/30/2011 10:21:28 AM - System Checkpoint RP837: 3/31/2011 10:40:52 AM - System Checkpoint RP838: 4/1/2011 1:56:40 PM - System Checkpoint RP839: 4/2/2011 3:18:19 PM - System Checkpoint RP840: 4/3/2011 3:20:49 PM - System Checkpoint RP841: 4/4/2011 5:35:36 PM - System Checkpoint RP842: 4/5/2011 5:59:43 PM - System Checkpoint RP843: 4/6/2011 9:55:00 PM - System Checkpoint RP844: 4/7/2011 11:26:17 PM - System Checkpoint RP845: 4/8/2011 11:38:17 PM - System Checkpoint RP846: 4/10/2011 1:38:17 AM - System Checkpoint RP847: 4/11/2011 8:13:54 AM - System Checkpoint RP848: 4/12/2011 8:30:53 AM - System Checkpoint RP849: 4/13/2011 10:21:57 AM - System Checkpoint RP850: 4/14/2011 11:08:59 AM - System Checkpoint RP851: 4/15/2011 12:09:57 PM - System Checkpoint RP852: 4/16/2011 12:19:39 PM - System Checkpoint RP853: 4/17/2011 2:11:02 PM - System Checkpoint RP854: 4/18/2011 4:09:57 PM - System Checkpoint RP855: 4/19/2011 4:23:41 PM - System Checkpoint RP856: 4/22/2011 3:50:30 PM - System Checkpoint RP857: 4/23/2011 4:15:38 PM - System Checkpoint RP858: 4/24/2011 6:15:37 PM - System Checkpoint RP859: 4/25/2011 6:29:32 PM - System Checkpoint RP860: 4/26/2011 7:52:30 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaConverter 2 ArcSoft PhotoImpression 5 ArcSoft ShowBiz DVD 2 Audacity 1.2.6 Audacity 1.3.5 (Unicode) AVS Audio Converter version 5.1 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.3 Bonjour Citrix Presentation Server Client - Web Only Content Transfer Corel Paint Shop Pro X Corel Photo Album 6 Dell DataSafe Online Dell Driver Reset Tool Dell PC Fax Dell Photo AIO Printer 926 Dell Support Center Dell System Restore Digital Video DigiTech RP250 Drivers DigiTech X-Edit 2.4.1 DIY Deck Designer 6.5.4 - The Home Depot Documentation & Support Launcher Games, Music, & Photos Launcher Google Desktop GoToAssist 8.0.0.514 GoToMeeting 4.5.0.457 Guitar Pro 5.2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Internet Service Offers Launcher iTunes J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 22 LeapFrog Connect LeapFrog Tag Plugin Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MobileMe Control Panel Mozilla Firefox (3.6.13) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) Musicmatch for Windows Media Player NWZ-E350 WALKMAN Guide PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari SearchAssist Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Spybot - Search & Destroy TWC Customer Controls Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) WebFldrs XP Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows XP Service Pack 3 XVID Codec Installation . ==== Event Viewer Messages From Past Week ======== . 4/25/2011 5:46:30 PM, error: Service Control Manager [7023] - The HIPS Policy Manager service terminated with the following error: Unspecified error 4/25/2011 5:41:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/25/2011 5:41:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC} 4/25/2011 5:38:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A} 4/22/2011 2:09:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/21/2011 8:52:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF} 4/20/2011 7:23:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT 4/20/2011 7:21:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 4/20/2011 6:48:49 PM, error: Service Control Manager [7034] - The VET Message Service service terminated unexpectedly. It has done this 1 time(s). 4/20/2011 6:41:52 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
- April 27, 2011
- 8 replies
Windows Restore Virus

lcrall replied to lcrall's topic in Resolved Malware Removal Logs

Hello, The combofix will not run, it gives me a message that it can not run with CA Anti-virus installed and to uninstall it. I have uninstalled all of the components except the firewall which gives me an error when uninstalling that it did not uninstall and the combofix will still not run. Thank you. Lisa
- April 25, 2011
- 8 replies
Windows Restore Virus

lcrall replied to lcrall's topic in Resolved Malware Removal Logs

Sorry finally just got a chance to work on this. I was able to get a scan to run but it found nothing. Here is the text from the scan that you had me run. attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/13/2008 11:01:08 AM System Uptime: 4/20/2011 5:25:10 PM (0 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 194.283 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP770: 1/21/2011 3:36:16 PM - System Checkpoint RP771: 1/22/2011 5:24:15 PM - System Checkpoint RP772: 1/23/2011 5:51:56 PM - System Checkpoint RP773: 1/24/2011 9:23:14 PM - System Checkpoint RP774: 1/25/2011 9:37:55 PM - System Checkpoint RP775: 1/26/2011 11:25:54 PM - System Checkpoint RP776: 1/27/2011 11:26:59 PM - System Checkpoint RP777: 1/28/2011 11:48:58 PM - System Checkpoint RP778: 1/30/2011 1:34:14 AM - System Checkpoint RP779: 1/31/2011 3:21:44 AM - System Checkpoint RP780: 2/1/2011 5:33:44 AM - System Checkpoint RP781: 2/2/2011 7:46:45 AM - System Checkpoint RP782: 2/3/2011 9:21:45 AM - System Checkpoint RP783: 2/4/2011 11:33:46 AM - System Checkpoint RP784: 2/5/2011 1:33:56 PM - System Checkpoint RP785: 2/6/2011 1:49:29 PM - System Checkpoint RP786: 2/7/2011 3:22:00 PM - System Checkpoint RP787: 2/8/2011 6:03:18 PM - System Checkpoint RP788: 2/9/2011 3:00:15 AM - Software Distribution Service 3.0 RP789: 2/10/2011 3:27:26 AM - System Checkpoint RP790: 2/11/2011 5:27:26 AM - System Checkpoint RP791: 2/12/2011 7:27:26 AM - System Checkpoint RP792: 2/13/2011 9:27:28 AM - System Checkpoint RP793: 2/14/2011 12:36:16 PM - System Checkpoint RP794: 2/15/2011 1:27:28 PM - System Checkpoint RP795: 2/16/2011 1:28:33 PM - System Checkpoint RP796: 2/17/2011 3:27:28 PM - System Checkpoint RP797: 2/18/2011 3:28:34 PM - System Checkpoint RP798: 2/19/2011 3:47:16 PM - System Checkpoint RP799: 2/20/2011 5:39:00 PM - System Checkpoint RP800: 2/21/2011 7:27:44 PM - System Checkpoint RP801: 2/22/2011 7:28:49 PM - System Checkpoint RP802: 2/23/2011 7:39:45 PM - System Checkpoint RP803: 2/24/2011 8:09:18 PM - System Checkpoint RP804: 2/25/2011 9:37:09 PM - System Checkpoint RP805: 2/26/2011 10:39:04 PM - System Checkpoint RP806: 2/27/2011 11:39:44 PM - System Checkpoint RP807: 3/1/2011 1:39:45 AM - System Checkpoint RP808: 3/2/2011 3:27:44 AM - System Checkpoint RP809: 3/3/2011 5:27:44 AM - System Checkpoint RP810: 3/4/2011 7:43:18 AM - System Checkpoint RP811: 3/5/2011 9:27:57 AM - System Checkpoint RP812: 3/6/2011 9:40:10 AM - System Checkpoint RP813: 3/7/2011 11:28:11 AM - System Checkpoint RP814: 3/8/2011 1:29:15 PM - System Checkpoint RP815: 3/9/2011 3:00:20 AM - Software Distribution Service 3.0 RP816: 3/10/2011 3:28:11 AM - System Checkpoint RP817: 3/11/2011 3:29:15 AM - System Checkpoint RP818: 3/12/2011 3:40:10 AM - System Checkpoint RP819: 3/13/2011 6:28:11 AM - System Checkpoint RP820: 3/14/2011 7:40:10 AM - System Checkpoint RP821: 3/15/2011 9:36:28 AM - System Checkpoint RP822: 3/16/2011 3:00:19 AM - Software Distribution Service 3.0 RP823: 3/17/2011 3:33:40 AM - System Checkpoint RP824: 3/18/2011 5:46:08 AM - System Checkpoint RP825: 3/19/2011 7:33:36 AM - System Checkpoint RP826: 3/20/2011 9:25:08 AM - System Checkpoint RP827: 3/21/2011 11:22:50 AM - System Checkpoint RP828: 3/22/2011 11:32:55 AM - System Checkpoint RP829: 3/23/2011 11:58:20 AM - System Checkpoint RP830: 3/24/2011 2:43:36 PM - System Checkpoint RP831: 3/25/2011 3:00:18 AM - Software Distribution Service 3.0 RP832: 3/26/2011 3:11:41 AM - System Checkpoint RP833: 3/27/2011 3:33:46 AM - System Checkpoint RP834: 3/28/2011 5:34:01 AM - System Checkpoint RP835: 3/29/2011 6:39:47 AM - System Checkpoint RP836: 3/30/2011 10:21:28 AM - System Checkpoint RP837: 3/31/2011 10:40:52 AM - System Checkpoint RP838: 4/1/2011 1:56:40 PM - System Checkpoint RP839: 4/2/2011 3:18:19 PM - System Checkpoint RP840: 4/3/2011 3:20:49 PM - System Checkpoint RP841: 4/4/2011 5:35:36 PM - System Checkpoint RP842: 4/5/2011 5:59:43 PM - System Checkpoint RP843: 4/6/2011 9:55:00 PM - System Checkpoint RP844: 4/7/2011 11:26:17 PM - System Checkpoint RP845: 4/8/2011 11:38:17 PM - System Checkpoint RP846: 4/10/2011 1:38:17 AM - System Checkpoint RP847: 4/11/2011 8:13:54 AM - System Checkpoint RP848: 4/12/2011 8:30:53 AM - System Checkpoint RP849: 4/13/2011 10:21:57 AM - System Checkpoint RP850: 4/14/2011 11:08:59 AM - System Checkpoint RP851: 4/15/2011 12:09:57 PM - System Checkpoint RP852: 4/16/2011 12:19:39 PM - System Checkpoint RP853: 4/17/2011 2:11:02 PM - System Checkpoint RP854: 4/18/2011 4:09:57 PM - System Checkpoint RP855: 4/19/2011 4:23:41 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaConverter 2 ArcSoft PhotoImpression 5 ArcSoft ShowBiz DVD 2 Audacity 1.2.6 Audacity 1.3.5 (Unicode) AVS Audio Converter version 5.1 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.3 Bonjour CA Anti-Spam CA Anti-Spyware CA Anti-Virus CA Internet Security Suite CA Personal Firewall Citrix Presentation Server Client - Web Only Content Transfer Corel Paint Shop Pro X Corel Photo Album 6 Dell DataSafe Online Dell Driver Reset Tool Dell PC Fax Dell Photo AIO Printer 926 Dell Support Center Dell System Restore Digital Video DigiTech RP250 Drivers DigiTech X-Edit 2.4.1 DIY Deck Designer 6.5.4 - The Home Depot Documentation & Support Launcher Games, Music, & Photos Launcher Google Desktop GoToAssist 8.0.0.514 Guitar Pro 5.2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Internet Service Offers Launcher iTunes J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 22 LeapFrog Connect LeapFrog Tag Plugin Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MobileMe Control Panel Mozilla Firefox (3.6.13) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) Musicmatch for Windows Media Player NWZ-E350 WALKMAN Guide PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari SearchAssist Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Spybot - Search & Destroy TWC Customer Controls Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) WebFldrs XP Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows XP Service Pack 3 XVID Codec Installation . ==== Event Viewer Messages From Past Week ======== . 4/20/2011 5:27:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT 4/20/2011 5:26:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 4/20/2011 5:26:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/20/2011 5:25:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A} . ==== End Of File =========================== dds.txt . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Administrator at 17:44:31.46 on Wed 04/20/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1497 [GMT -4:00] . AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080604 uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080604 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe" mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16 mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://webmail.nyatep.org/Remote/msrdp.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll Notify: PFW - UmxWnp.Dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\07dpdslu.default\ FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-10-12 21488] S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712] S0 Winmc45;Winmc45;c:\windows\system32\drivers\winmc45.sys --> c:\windows\system32\drivers\Winmc45.sys [?] S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504] S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584] S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216] S1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-10-12 26352] S1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-10-12 21104] S1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-6-3 746216] S1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-10-12 32240] S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-10-12 144960] S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648] S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576] S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296] S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104] S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-10-12 238928] S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-4-8 17920] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-3 30192] S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816] S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704] S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-6-3 130280] . =============== Created Last 30 ================ . 2011-04-07 00:34:20 -------- d-----w- C:\NPE 2011-04-06 23:57:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2011-04-06 23:57:21 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\NPE 2011-04-06 23:20:23 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-04-06 22:50:49 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE 2011-04-06 22:50:32 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla 2011-04-06 22:48:09 -------- d-sh--w- c:\documents and settings\administrator\IETldCache . ==================== Find3M ==================== . 2011-04-16 13:38:29 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-04-16 13:38:27 104 --sh--r- c:\windows\system32\EC2A81B165.sys 2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 17:44:58.01 ===============
- April 20, 2011
- 8 replies
Windows Restore Virus

lcrall replied to lcrall's topic in Resolved Malware Removal Logs

Thank you so much for getting back to me. I won't be able to work on this until tomorrow but I will reply with the information you requested. Lisa
- April 15, 2011
- 8 replies
Windows Restore Virus

lcrall posted a topic in Resolved Malware Removal Logs

Hello, My home computer is infected with the Windows Restore Virus. The virus hid my files and programs which I was able to restore. I used a product from Symantec called Power eraser in safe mode, which did clean a lot of the virus files and restored my desktop BUT I can not run any programs, when I double click on a program it brings up the file association tool from Windows. The computer is still infected as it keeps bringing up script errors and redirects when using IE, and it won't let me run Firefox. It has also disabled my malware and virus programs, meaning they do not load into the taskbar on start-up. Any help you can give to help remove this from my computer would be greatly appreciated! Lisa
- April 12, 2011
- 8 replies

Sign In

lcrall

Posts

Joined

Last visited

Reputation

Windows Restore Virus

Windows Restore Virus

Windows Restore Virus

Windows Restore Virus

Windows Restore Virus

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information