Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown Malware (bng#.tmp files)


  • This topic is locked This topic is locked
5 replies to this topic

#1 compstreet

compstreet

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 03 September 2009 - 12:45 PM

I've been hit with constant debug errors in svchost.exe for the last few years and can't seem to get my machine clean. MBAM deletes and trojan agenet reinstalls the offending files with the next reboot. Appreciate the help.

Problem: debug errors in svchost.exe, general slowness

Tried to no avail....

- Malwarebytes Anti-Malware (finds and removes bng#.tmp files)
- a-squared Free (cleaned out my cookies)
- ESET Online Scanner (found one threat and deleted)
- ATF Cleaner (full-meal deal)
- SuperAntiSpyware (never found anything)

Thanks in advance!

DDS Log...

DDS (Ver_09-07-30.01) - NTFSx86
Run by weeks at 9:25:45.79 on Thu 09/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1024 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\F5 VPN\f5fpclientW.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\F5InstallerService.exe
C:\WINDOWS\system32\F5FltSrv.exe
C:\WINDOWS\system32\F5TrafficSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Varicent\Service\VaricentService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Varicent 522\Varicent.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\weeks\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WindowBlinds] c:\program files\stardock\object desktop\object desktop\windowblinds\WBInstall32.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [F5_SAM_Client] "c:\program files\f5 vpn\f5fpclientW.exe" /autolaunch
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\weeks\startm~1\programs\startup\shortc~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: f5.com\biscuit
Trusted Zone: f5.com\blowfish
Trusted Zone: f5.com\fox
Trusted Zone: f5.com\fpsj
Trusted Zone: f5.com\frog
Trusted Zone: f5.com\frog.sea
Trusted Zone: f5.com\frog.sjc
Trusted Zone: f5.com\oak
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://project2/projectserver/objects/pjclient.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://fox.f5.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0821,2202
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187708979274
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://project2/projectserver/objects/1033/pjcintl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://mainstreet/Project/_layouts/pwa/objects/1033/pjcintl.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab
DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://mainstreet/Project/_layouts/pwa/objects/pjclient.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - file://C:/Program Files/F5 VPN/F5_TMP/f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL,wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\weeks\applic~1\mozilla\firefox\profiles\ji05zdfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/echarts?s=AAPL#chart2:symbol=aapl;range=1d;compare=^ixic+^gspc+ffiv;indicator=volume;charttype=line;crosshair=on;ohlcvalues=0;logscale=on;source=undefined | http://my.msn.com/ | http://www.seattlepi.com | http://www.mac.com | http://news.google.com/nwshp?tab=wn | http://digg.com/all/popular/24hours | http://www.tuaw.com/ | http://online.wsj.com/home/us | http://www.facebook.com
FF - component: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-6 342128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-9-1 980512]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [2009-4-12 242296]
R2 F5FltSrv;F5 Networks DNS Relay Proxy Service;c:\windows\system32\F5FltSrv.exe [2009-4-12 196736]
R2 F5TrafficSrv;F5 Networks Traffic Control Service;c:\windows\system32\F5TrafficSrv.exe [2009-4-12 128128]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-10 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-8-20 70216]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 202096]
R2 VaricentService;Varicent Service;c:\program files\varicent\service\VaricentService.exe [2008-4-3 32768]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-6 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-6 43288]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 35456]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2007-8-15 611360]
S3 F5FltDrv;F5 Networks DNS Relay Driver;c:\windows\system32\drivers\F5FltDrv.sys [2009-4-12 21248]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-5-2 10752]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-11 14336]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-8-20 65224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SchedulerService;Varicent Scheduler;c:\program files\varicent\service\VaricentService.exe [2008-4-3 32768]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-09-01 16:39 <DIR> --d----- c:\program files\a-squared Free
2009-08-20 18:33 65,224 a------- c:\windows\system32\drivers\mferkdet.sys
2009-08-20 18:33 70,216 a------- c:\windows\system32\mfevtps.exe
2009-08-18 06:13 <DIR> --d----- c:\program files\Skyhook Wireless
2009-08-18 06:13 <DIR> --d----- c:\program files\Boingo
2009-08-18 06:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GoBoingo
2009-08-17 20:02 <DIR> --d----- C:\CanonMP
2009-08-10 06:35 <DIR> --d----- c:\program files\ESET
2009-08-09 09:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-09 09:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-09 09:25 <DIR> --d----- c:\docume~1\weeks\applic~1\SUPERAntiSpyware.com
2009-08-09 09:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-08 09:25 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-08 09:22 <DIR> --d--r-- c:\program files\Skype
2009-08-06 12:40 <DIR> --d----- c:\docume~1\weeks\applic~1\Malwarebytes
2009-08-06 12:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 12:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 12:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-06 12:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 07:39 6,612,629 a------- c:\windows\FramePkg.exe

==================== Find3M ====================

2009-09-03 09:06 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-03 09:06 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-02 14:29 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-18 06:13 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 09:50 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-06-26 09:50 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-09 07:54 56,680 a------- c:\windows\system32\rpcnet.exe
2009-05-27 11:07 70,984 a------- c:\documents and settings\weeks\g2mdlhlpx.exe
2008-09-22 11:19 19,286,233 a------- c:\program files\Varicent.zip

============= FINISH: 9:27:39.39 ===============

Attached Files


Edited by compstreet, 03 September 2009 - 12:51 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 19 September 2009 - 05:19 PM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE




Please do not attach the logs. just copy and paste here.

Kind regards
Net_Surfer

:(

#3 compstreet

compstreet
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 21 September 2009 - 09:35 AM

Thanks for the help!

Here's the log file...



DDS (Ver_09-07-30.01) - NTFSx86
Run by weeks at 7:29:05.11 on Mon 09/21/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1091 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\F5InstallerService.exe
C:\WINDOWS\system32\F5FltSrv.exe
C:\WINDOWS\system32\F5TrafficSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Varicent\Service\VaricentService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\F5 VPN\f5fpclientW.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Varicent 522\Varicent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\weeks\My Documents\Downloads\dds.pif
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WindowBlinds] c:\program files\stardock\object desktop\object desktop\windowblinds\WBInstall32.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [F5_SAM_Client] "c:\program files\f5 vpn\f5fpclientW.exe" /autolaunch
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\weeks\startm~1\programs\startup\shortc~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: f5.com\biscuit
Trusted Zone: f5.com\blowfish
Trusted Zone: f5.com\fox
Trusted Zone: f5.com\fpsj
Trusted Zone: f5.com\frog
Trusted Zone: f5.com\frog.sea
Trusted Zone: f5.com\frog.sjc
Trusted Zone: f5.com\oak
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://project2/projectserver/objects/pjclient.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://fox.f5.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0821,2202
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187708979274
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://project2/projectserver/objects/1033/pjcintl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://mainstreet/Project/_layouts/pwa/objects/1033/pjcintl.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab
DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://mainstreet/Project/_layouts/pwa/objects/pjclient.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - file://C:/Program Files/F5 VPN/F5_TMP/f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL,wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\weeks\applic~1\mozilla\firefox\profiles\ji05zdfn.default\
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/echarts?s=AAPL#chart2:symbol=aapl;range=1d;compare=^ixic+^gspc+ffiv;indicator=volume;charttype=line;crosshair=on;ohlcvalues=0;logscale=on;source=undefined | http://my.msn.com/ | http://www.seattlepi.com | http://www.mac.com | http://news.google.com/nwshp?tab=wn | http://digg.com/all/popular/24hours | http://www.tuaw.com/ | http://online.wsj.com/home/us | http://www.facebook.com
FF - component: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\firefox\profiles\ji05zdfn.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\weeks\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-6 342128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-9-1 980512]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [2009-4-12 242296]
R2 F5FltSrv;F5 Networks DNS Relay Proxy Service;c:\windows\system32\F5FltSrv.exe [2009-4-12 196736]
R2 F5TrafficSrv;F5 Networks Traffic Control Service;c:\windows\system32\F5TrafficSrv.exe [2009-4-12 128128]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-26 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-8-20 70216]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 202096]
R2 VaricentService;Varicent Service;c:\program files\varicent\service\VaricentService.exe [2008-4-3 32768]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-6 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-6 43288]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 35456]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2007-8-15 611360]
S3 F5FltDrv;F5 Networks DNS Relay Driver;c:\windows\system32\drivers\F5FltDrv.sys [2009-4-12 21248]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-5-2 10752]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-11 14336]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-8-20 65224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SchedulerService;Varicent Scheduler;c:\program files\varicent\service\VaricentService.exe [2008-4-3 32768]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-09-21 07:28 <DIR> --d-h--- c:\windows\PIF
2009-09-11 17:00 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-09-11 17:00 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-09-11 17:00 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-11 17:00 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-09-11 17:00 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-09-11 16:54 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-09-11 16:41 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-09-11 16:41 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-09-11 16:31 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-09-11 16:27 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-09-11 16:18 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-09-11 16:14 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-09-11 16:00 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-03 09:28 0 a------- c:\documents and settings\weeks\settings.dat
2009-09-01 16:39 <DIR> --d----- c:\program files\a-squared Free

==================== Find3M ====================

2009-09-21 07:10 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-21 07:10 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-16 12:52 11,645,873 a------- c:\windows\FramePkg.exe
2009-09-02 14:29 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-18 06:13 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 09:50 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-06-26 09:50 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-05-27 11:07 70,984 a------- c:\documents and settings\weeks\g2mdlhlpx.exe
2008-09-22 11:19 19,286,233 a------- c:\program files\Varicent.zip

============= FINISH: 7:31:47.92 ===============

(Attach.tx below)...





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/6/2007 3:36:27 PM
System Uptime: 9/21/2009 7:09:25 AM (0 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 40.5 GiB free.
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: USB Device
Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&AB208E&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&AB208E&0&00E1
Service: NETw4x32

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

==== System Restore Points ===================

RP519: 8/12/2009 5:36:24 AM - System Checkpoint
RP520: 8/15/2009 10:04:03 AM - Malware Cleanup Final
RP521: 8/17/2009 8:29:31 AM - System Checkpoint
RP522: 8/18/2009 6:12:53 AM - Removed Boingo Wi-Fi
RP523: 8/18/2009 6:13:18 AM - Installed Boingo Wi-Fi
RP524: 8/18/2009 6:21:49 AM - Software Distribution Service 3.0
RP525: 8/19/2009 11:46:36 AM - System Checkpoint
RP526: 8/21/2009 11:44:31 AM - System Checkpoint
RP527: 8/21/2009 4:20:19 PM - Removed Microsoft Office Access 2003
RP528: 8/21/2009 4:30:30 PM - Removed ActiveState Komodo Edit 4.4.1
RP529: 8/24/2009 12:38:40 PM - System Checkpoint
RP530: 8/25/2009 10:35:45 AM - Configured Microsoft Office Professional Plus 2007
RP531: 8/27/2009 11:58:17 AM - System Checkpoint
RP532: 8/28/2009 1:09:05 PM - System Checkpoint
RP533: 8/31/2009 11:55:40 AM - System Checkpoint
RP534: 8/31/2009 12:27:10 PM - August 31 2009
RP535: 9/1/2009 12:29:56 PM - System Checkpoint
RP536: 9/2/2009 12:49:40 PM - System Checkpoint
RP537: 9/3/2009 12:49:54 PM - System Checkpoint
RP538: 9/4/2009 6:13:13 AM - Software Distribution Service 3.0
RP539: 9/8/2009 12:21:58 PM - System Checkpoint
RP540: 9/9/2009 1:33:00 PM - System Checkpoint
RP541: 9/11/2009 8:44:19 AM - System Checkpoint
RP542: 9/14/2009 8:06:45 AM - Software Distribution Service 3.0
RP543: 9/15/2009 3:00:25 AM - Software Distribution Service 3.0
RP544: 9/16/2009 1:24:00 PM - System Checkpoint
RP545: 9/18/2009 11:49:39 AM - System Checkpoint
RP546: 9/18/2009 1:49:52 PM - Installed FirePass Component Installer

==== Installed Programs ======================


a-squared Free 4.5
ActiveState Komodo Edit 5.0.3
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Apex Data Loader 14
Apple Software Update
biolsp patch
Boingo Wi-Fi
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
Clarify ClearConfigurator 11.5SR1.21
Clarify ClearConfigurator Rule Wizard 11.5SR1.21 (Remove Only)
Clarify CRM Client
ClarifyCRM eFrontOffice11.5SR1.21 Client for Microsoft SQL Server
Conexant HDA D330 MDC V.92 Modem
Configuration Manager Client
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Touchpad
Digital Line Detect
Digsby
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ESET Online Scanner v3
ETS Upgrade
F5 Networks Secure Access Client
F5 VPN Tray Client
FirePass Component Installer
GDR 1406 for SQL Server Analysis Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Database Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Integration Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Tools and Workstation Components 2005 ENU (KB932557)
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
hp LaserJet-all-in-one
HP Software Update
Instant Scheduler for Microsoft Outlook
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
IntelliSonic Speech Enhancement
J2SE Runtime Environment 5.0 Update 6
LaserAIO
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 7.0
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
NetWaiting
NTRU TCG Software Stack
O2Micro USB Smart Card Reader
Octoshape add-in for Adobe Flash Player
OPSWAT AntiVirus and Firewall Integration Libraries
PowerDVD
Preboot Manager
Private Information Manager
QFolder
QuickSet
QuickTime
RDC
Salesforce Office Edition
Salesforce Outlook Edition 3.2
Scan
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Wizards
SigmaTel Audio
Skyhook Wireless Wi-Fi Service
Skype web features
Skype™ 4.1
Sonic Activation Module
SQLXML4
SUPERAntiSpyware Free Edition
Time Zone Data Update Tool for Microsoft Office Outlook
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
upekmsi
Varicent SPM Service 4.61.4508.4976
Visual Studio 2005 Tools for Office Second Edition Runtime
VMware Player
Wave Infrastructure Installer
Wave Support Software
WebEx
WebFldrs XP
WIMGAPI
WindowBlinds
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/21/2009 6:18:40 AM, error: Dhcp [1002] - The IP address lease 192.168.0.14 for the Network Card with network address 001B778034D9 has been denied by the DHCP server 2.2.2.2 (The DHCP Server sent a DHCPNACK message).
9/18/2009 2:23:14 PM, error: EFS [6028] - EFS recovery policy contains invalid recovery certificate.
9/17/2009 6:30:50 AM, error: Dhcp [1002] - The IP address lease 172.16.76.31 for the Network Card with network address 001B778034D9 has been denied by the DHCP server 172.17.0.1 (The DHCP Server sent a DHCPNACK message).
9/16/2009 7:10:15 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
9/16/2009 7:06:40 AM, error: Service Control Manager [7034] - The Wave UCSPlus service terminated unexpectedly. It has done this 1 time(s).
9/16/2009 7:06:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
9/16/2009 7:06:37 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/16/2009 7:06:36 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
9/16/2009 7:05:48 AM, error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as OLYMPUS\weeks with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/16/2009 7:05:48 AM, error: Service Control Manager [7038] - The MSSQLSERVER service was unable to log on as OLYMPUS\weeks with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/16/2009 7:05:48 AM, error: Service Control Manager [7038] - The msftesql service was unable to log on as OLYMPUS\weeks with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/16/2009 7:05:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ccmsetup service to connect.
9/16/2009 7:05:48 AM, error: Service Control Manager [7000] - The SQL Server FullText Search (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
9/16/2009 7:05:48 AM, error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
9/16/2009 7:05:48 AM, error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
9/16/2009 7:04:33 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
9/16/2009 10:30:25 AM, error: Service Control Manager [7016] - The F5 Networks Traffic Control Service service has reported an invalid current state 0.
9/15/2009 6:13:08 AM, error: Dhcp [1002] - The IP address lease 192.168.0.14 for the Network Card with network address 001B778034D9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/15/2009 4:28:16 PM, error: Dhcp [1002] - The IP address lease 172.16.72.117 for the Network Card with network address 001B778034D9 has been denied by the DHCP server 172.17.0.1 (The DHCP Server sent a DHCPNACK message).
9/15/2009 3:43:23 PM, error: NETLOGON [5719] - No Domain Controller is available for domain OLYMPUS due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
9/15/2009 3:34:52 PM, error: NETLOGON [5719] - No Domain Controller is available for domain OLYMPUS due to the following: The remote procedure call failed. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
9/15/2009 3:30:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001B778034D9 has been denied by the DHCP server 172.17.0.1 (The DHCP Server sent a DHCPNACK message).
9/15/2009 3:28:47 PM, error: Service Control Manager [7000] - The VMware VMparport service failed to start due to the following error: The system cannot find the device specified.
9/15/2009 3:28:38 PM, error: NETLOGON [5719] - No Domain Controller is available for domain OLYMPUS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================

Edited by compstreet, 21 September 2009 - 09:43 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:36 AM

Posted 23 September 2009 - 01:43 PM

Hi compstreet,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please tell me if this is a company computer, if yes do you have administrator rights?

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:36 AM

Posted 25 September 2009 - 06:12 PM

Are you still there?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:36 AM

Posted 29 September 2009 - 05:01 AM

The topic is closed now due to lack of activity.

If you have still the issue please send me a PM in a couple of days. Other wise start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users