Hello,
Two days ago, after storms and a power outage, I restarted my work computer. Since that time, no web browsers (IE, Firefox, Chrome) will make a connection. I cannot update any software programs. I also cannot use our membership database program, which runs via TCP/IP. I can ping internal and external IP's with no problem, and I can access everything on our network. I can even use LogMeIn from home to access my work computer. Our offsite tech person said it might be a virus.
I followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions, and logs are included. One exception is MBAM. I saved the log file, but it would not completion of deleting the two infected entries it found. The program hung, and I had to quit and start it over. It keeps finding the same two entries.
Thanks for any help you can give!
Tim
--------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4049
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
4/14/2011 1:33:23 PM
mbam-log-2011-04-14 (13-33-23).txt
Scan type: Quick scan
Objects scanned: 216915
Time elapsed: 7 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------------------------------------------
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-14 13:07:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 ST3160815AS rev.3.ADA
Running: gmer.exe; Driver: C:\DOCUME~1\tdavis\LOCALS~1\Temp\pxtdipob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip 8A187218
Device \Driver\Tcpip \Device\Ip 8A278190
Device \Driver\Tcpip \Device\Ip 8A40C198
Device \Driver\Tcpip \Device\Tcp 8A187218
Device \Driver\Tcpip \Device\Tcp 8A278190
Device \Driver\Tcpip \Device\Tcp 8A40C198
Device \Driver\Tcpip \Device\Udp 8A187218
Device \Driver\Tcpip \Device\Udp 8A278190
Device \Driver\Tcpip \Device\Udp 8A40C198
Device \Driver\Tcpip \Device\RawIp 8A187218
Device \Driver\Tcpip \Device\RawIp 8A278190
Device \Driver\Tcpip \Device\RawIp 8A40C198
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by tdavis at 13:11:51.09 on Thu 04/14/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1309 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\authServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\OpenBase\bin\openexec.exe
C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Webroot\Client\SpySweeperUI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
C:\OpenBase\bin\openinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
\\faclex2\users\tdavis\Desktop\virus\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Google Update] "c:\documents and settings\tdavis\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [Synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [WebrootClientUI] "c:\program files\webroot\client\SpySweeperUI.EXE" /StartInTray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KASHMSSLNK22553580818899] "c:\program files\kaseya\msslnk22553580818899\KaUsrTsk.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
LSP: CESpy.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209155705967
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://192.168.1.113/program/SonySncRz25View.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://managed.missinglinklex.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tdavis\applic~1\mozilla\firefox\profiles\qv46ad0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tdavis\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\tdavis\application data\mozilla\firefox\profiles\qv46ad0s.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\tdavis\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-25 30136]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-3-21 246272]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\kaseya\msslnk22553580818899\AgentMon.exe [2011-4-13 737280]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-6 47640]
R2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [2009-7-1 731853]
R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\acink corp\parent pager\PPUM.2323.exe [2010-5-5 446464]
R2 WebrootCommAgentService;Webroot CommAgent Service;c:\program files\webroot\client\CommAgent.exe [2009-8-25 715176]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2011-4-13 13824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\client\SPYSWEEPER.EXE [2009-8-25 4110352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-13 42112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-13 18:26:38 -------- d-----w- C:\CCleaner
2011-04-13 18:26:33 855464 ----a-w- c:\temp\ccsetup208.exe
2011-04-13 18:10:37 -------- d-----w- c:\docume~1\tdavis\applic~1\Malwarebytes
2011-04-13 18:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 18:09:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2011-04-13 18:08:38 -------- d-----w- C:\apps
2011-04-13 17:45:02 -------- d-----w- c:\program files\RealVNC
2011-04-13 17:14:39 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
2011-04-13 17:14:39 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
2011-04-13 17:14:37 -------- d-----w- c:\program files\Kaseya
2011-04-11 18:57:52 -------- d-----w- c:\program files\Emicsoft Studio
2011-03-21 13:08:03 246272 ----a-w- c:\windows\system32\authServer.exe
2011-03-16 20:58:38 -------- d-----w- c:\program files\OW2010
.
==================== Find3M ====================
.
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 19:38:38 241912 ----a-w- c:\windows\system32\nmNsp.dll
2011-01-20 19:38:14 193272 ----a-w- c:\windows\system32\CESpy.dll
.
============= FINISH: 13:12:01.87 ===============
----------------------------------------------------------------------------------------
Attach log file from DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/21/2008 2:55:34 PM
System Uptime: 4/14/2011 12:45:07 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0TT708
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2605/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 87.919 GiB free.
D: is CDROM ()
E: is Removable
P: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
S: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Y: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Z: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player
Advanced IP Scanner v1.5
Advanced Security for Outlook
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audacity 1.2.6
Audacity 1.3.12
Avidemux 2.5
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CDM+ 9.0
Compatibility Pack for the 2007 Office system
Countdown Creator 2.0
Covenant Eyes
Dell ETS Factory Installation
DivX Setup
Dropbox
DVDStyler v1.7.4
EncFlac 1.1.2
Evernote
FinalBurner Free v2.2.0.132
FlipShare
Foxit PDF Editor
Foxit Reader
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Update Helper
Google Updater
Graph paper printer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
LAME v3.98.2 for Audacity
Lexmark Software Uninstall
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Media Player Codec Pack 3.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft OpenType Font File Properties Extension
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 6-9 Converter
Move Media Player
Mozilla Firefox (3.6.13)
Mpeg2Decoder 1.3
mpegable DS decoder
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
msxml4
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenLibraries
OW Professional Edition
Parent Pager
Plato DVD Ripper Professional 6.66.14
PowerDVD
PrimoPDF
Prism Video File Converter
QuickTime
RealPlayer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Segoe UI
Serif PagePlus 9.0
Skype™ 5.1
Sonic Activation Module
StuffIt Expander 2009
Super Video Converter 5.8
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Video Edit Magic 4.4
WAV MP3 Converter v4.2 build 1259
WebFldrs XP
Webroot® Client
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:02:02 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Generic Flash Disk USB Device.
4/7/2011 1:02:49 PM, error: Print [6161] - The document \\faclex2\users\tdavis\Desktop\Publication1.PDF owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 90825816. Number of bytes printed: 90825668. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/7/2011 1:00:29 PM, error: Print [6161] - The document Publication1 owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 29491200. Number of bytes printed: 26313752. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Broadcom ASF IP Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2011 1:57:33 PM, error: Service Control Manager [7034] - The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 3:53:33 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FACLEX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/11/2011 2:07:06 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:59 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:54 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:06:33 PM, error: Service Control Manager [7034] - The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:02:03 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
Two days ago, after storms and a power outage, I restarted my work computer. Since that time, no web browsers (IE, Firefox, Chrome) will make a connection. I cannot update any software programs. I also cannot use our membership database program, which runs via TCP/IP. I can ping internal and external IP's with no problem, and I can access everything on our network. I can even use LogMeIn from home to access my work computer. Our offsite tech person said it might be a virus.
I followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions, and logs are included. One exception is MBAM. I saved the log file, but it would not completion of deleting the two infected entries it found. The program hung, and I had to quit and start it over. It keeps finding the same two entries.
Thanks for any help you can give!
Tim
--------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4049
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
4/14/2011 1:33:23 PM
mbam-log-2011-04-14 (13-33-23).txt
Scan type: Quick scan
Objects scanned: 216915
Time elapsed: 7 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------------------------------------------
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-14 13:07:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 ST3160815AS rev.3.ADA
Running: gmer.exe; Driver: C:\DOCUME~1\tdavis\LOCALS~1\Temp\pxtdipob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip 8A187218
Device \Driver\Tcpip \Device\Ip 8A278190
Device \Driver\Tcpip \Device\Ip 8A40C198
Device \Driver\Tcpip \Device\Tcp 8A187218
Device \Driver\Tcpip \Device\Tcp 8A278190
Device \Driver\Tcpip \Device\Tcp 8A40C198
Device \Driver\Tcpip \Device\Udp 8A187218
Device \Driver\Tcpip \Device\Udp 8A278190
Device \Driver\Tcpip \Device\Udp 8A40C198
Device \Driver\Tcpip \Device\RawIp 8A187218
Device \Driver\Tcpip \Device\RawIp 8A278190
Device \Driver\Tcpip \Device\RawIp 8A40C198
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by tdavis at 13:11:51.09 on Thu 04/14/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1309 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\authServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\OpenBase\bin\openexec.exe
C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Webroot\Client\SpySweeperUI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
C:\OpenBase\bin\openinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
\\faclex2\users\tdavis\Desktop\virus\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Google Update] "c:\documents and settings\tdavis\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [Synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [WebrootClientUI] "c:\program files\webroot\client\SpySweeperUI.EXE" /StartInTray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KASHMSSLNK22553580818899] "c:\program files\kaseya\msslnk22553580818899\KaUsrTsk.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
LSP: CESpy.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209155705967
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://192.168.1.113/program/SonySncRz25View.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://managed.missinglinklex.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tdavis\applic~1\mozilla\firefox\profiles\qv46ad0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tdavis\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\tdavis\application data\mozilla\firefox\profiles\qv46ad0s.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\tdavis\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-25 30136]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-3-21 246272]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\kaseya\msslnk22553580818899\AgentMon.exe [2011-4-13 737280]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-6 47640]
R2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [2009-7-1 731853]
R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\acink corp\parent pager\PPUM.2323.exe [2010-5-5 446464]
R2 WebrootCommAgentService;Webroot CommAgent Service;c:\program files\webroot\client\CommAgent.exe [2009-8-25 715176]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2011-4-13 13824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\client\SPYSWEEPER.EXE [2009-8-25 4110352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-13 42112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-13 18:26:38 -------- d-----w- C:\CCleaner
2011-04-13 18:26:33 855464 ----a-w- c:\temp\ccsetup208.exe
2011-04-13 18:10:37 -------- d-----w- c:\docume~1\tdavis\applic~1\Malwarebytes
2011-04-13 18:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 18:09:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2011-04-13 18:08:38 -------- d-----w- C:\apps
2011-04-13 17:45:02 -------- d-----w- c:\program files\RealVNC
2011-04-13 17:14:39 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
2011-04-13 17:14:39 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
2011-04-13 17:14:37 -------- d-----w- c:\program files\Kaseya
2011-04-11 18:57:52 -------- d-----w- c:\program files\Emicsoft Studio
2011-03-21 13:08:03 246272 ----a-w- c:\windows\system32\authServer.exe
2011-03-16 20:58:38 -------- d-----w- c:\program files\OW2010
.
==================== Find3M ====================
.
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 19:38:38 241912 ----a-w- c:\windows\system32\nmNsp.dll
2011-01-20 19:38:14 193272 ----a-w- c:\windows\system32\CESpy.dll
.
============= FINISH: 13:12:01.87 ===============
----------------------------------------------------------------------------------------
Attach log file from DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/21/2008 2:55:34 PM
System Uptime: 4/14/2011 12:45:07 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0TT708
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2605/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 87.919 GiB free.
D: is CDROM ()
E: is Removable
P: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
S: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Y: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Z: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player
Advanced IP Scanner v1.5
Advanced Security for Outlook
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audacity 1.2.6
Audacity 1.3.12
Avidemux 2.5
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CDM+ 9.0
Compatibility Pack for the 2007 Office system
Countdown Creator 2.0
Covenant Eyes
Dell ETS Factory Installation
DivX Setup
Dropbox
DVDStyler v1.7.4
EncFlac 1.1.2
Evernote
FinalBurner Free v2.2.0.132
FlipShare
Foxit PDF Editor
Foxit Reader
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Update Helper
Google Updater
Graph paper printer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
LAME v3.98.2 for Audacity
Lexmark Software Uninstall
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Media Player Codec Pack 3.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft OpenType Font File Properties Extension
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 6-9 Converter
Move Media Player
Mozilla Firefox (3.6.13)
Mpeg2Decoder 1.3
mpegable DS decoder
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
msxml4
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenLibraries
OW Professional Edition
Parent Pager
Plato DVD Ripper Professional 6.66.14
PowerDVD
PrimoPDF
Prism Video File Converter
QuickTime
RealPlayer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Segoe UI
Serif PagePlus 9.0
Skype™ 5.1
Sonic Activation Module
StuffIt Expander 2009
Super Video Converter 5.8
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Video Edit Magic 4.4
WAV MP3 Converter v4.2 build 1259
WebFldrs XP
Webroot® Client
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:02:02 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Generic Flash Disk USB Device.
4/7/2011 1:02:49 PM, error: Print [6161] - The document \\faclex2\users\tdavis\Desktop\Publication1.PDF owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 90825816. Number of bytes printed: 90825668. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/7/2011 1:00:29 PM, error: Print [6161] - The document Publication1 owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 29491200. Number of bytes printed: 26313752. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Broadcom ASF IP Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2011 1:57:33 PM, error: Service Control Manager [7034] - The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 3:53:33 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FACLEX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/11/2011 2:07:06 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:59 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:54 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:06:33 PM, error: Service Control Manager [7034] - The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:02:03 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================