Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major trojan issues - running out of solutions


  • This topic is locked This topic is locked
2 replies to this topic

#1 lazymo

lazymo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 13 October 2009 - 01:37 AM

I have a company laptop with a major malware problem. I cannot disable the Macfee antivirus on my machine. The mbam.exe file is deleted before the Malwarebytes installation completes. I tried running ComboFix but I keep getting the xxxxxx - Unable to Locate Com ponents popups saying the C:Windowssystem32wxvault.dll was not found. I don't click ok but try to close the message box with the X on the top but they keep coming back. In the back blue screen for ComboFix, I see a prompt saying "The system cannot find the file CoreDLL02".

Someone please help.

So far I've ran ESET Online scanner, Hijackthis, Win32kDiag. Below are my logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:40 AM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Documents and Settingskhanz1DesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://wss2.bp.com/FCA/Group_Internal_Cont...ls/default.aspx
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: OneBPSidebar Class - {02F70F62-1717-4A69-8F51-E9B9B50B88DB} - c:Program FilesOneBPOneBP sidebarATLBPWorldCompanion.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScan Enterprisescriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.3.4501.1418swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync] "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE" /SYNC
O4 - HKLM..Run: [PHIME2002A] "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE" /IMEName
O4 - HKLM..Run: [ICFCheck] "wscript.exe" //Job:main C:WINDOWSICFICF.WSF
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:Program FilesNetwork AssociatesCommon Frameworkudaterui.exe" /StartedFromRunKey
O4 - HKLM..Run: [MSPY2002] "C:WINDOWSsystem32IMEPINTLGNTImScInst.exe" /SYNC
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM..Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [Apoint] "C:Program FilesApointApoint.exe"
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [Document Manager] "C:Program FilesWave Systems CorpServices ManagerDocMgrbindocmgr.exe"
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [googletalk] "C:Program FilesGoogleGoogle Talkgoogletalk.exe" /autostart
O4 - HKLM..Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [C2C MaX Compression initial registry keys] C:Program FilesMaXCompressionRegMaxComp54.exe /Q
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [RoxWatchTray] "C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe"
O4 - HKLM..Run: [RightFAX Print-to-Fax Driver] C:Program FilesRightFaxClientFAXCTRL.exe
O4 - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [Communicator] "C:Program FilesMicrosoft Office Communicatorcommunicator.exe" /fromrunkey
O4 - HKLM..Run: [Enterprise Vault Offline Vault Size] C:Program FilesEnterprise VaultEVregEVCREG13.exe /Q
O4 - HKLM..Run: [ShStatEXE] "C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [AeXAgentLogon] C:Program FilesAltirisAltiris AgentAeXAgentActivate.exe /logon
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKLM..Run: [pomehubos] Rundll32.exe "c:windowssystem32fetezeme.dll",a
O4 - HKCU..Run: [Google Update] "C:Documents and Settingskhanz1Local SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%InstallerTSClientMsiTranstscuinst.vbs" (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%InstallerTSClientMsiTranstscdsbl.bat" (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%InstallerTSClientMsiTranstscuinst.vbs" (User 'Default user')
O4 - Startup: Enable or Disable Proxy Server.lnk = ?
O4 - Startup: qlock.lnk = C:Program FilesQlockqlock.exe
O4 - Startup: Shortcut to StickyNotes.exe.lnk = C:StickynotesStickyNotes.exe
O4 - Global Startup: Device Detector 3.lnk = C:Program FilesOlympusDeviceDetectorDevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:Program FilesWave Systems CorpServices ManagerSecure UpdateAutoUpdate.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: OneBP sidebar - {2A788CEE-150C-46e0-97F1-E30F3D0AFAC4} - c:Program FilesOneBPOneBP sidebarATLBPWorldCompanion.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: @C:Program FilesMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: @C:Program FilesMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/31.37/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = bp1.ad.bp.com
O17 - HKLMSoftware..Telephony: DomainName = bp1.ad.bp.com
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = bp1.ad.bp.com
O20 - AppInit_DLLs: C:WINDOWSsystem32wxvault.dll C:WINDOWSsystem32AMInit.dll c:windowssystem32fetezeme.dll,wevoyira.dll
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist516G2AWinLogon.dll
O21 - SSODL: misogokaw - {d334931b-ab73-4669-9ebf-535571d4dced} - c:windowssystem32fetezeme.dll
O22 - SharedTaskScheduler: gahurihor - {d334931b-ab73-4669-9ebf-535571d4dced} - c:windowssystem32fetezeme.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:Program FilesAltirisAltiris AgentAeXNSAgent.exe
O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:insighttoolsaiclient.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:Program FilesWave Systems CorpCommonDataServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToAssist516g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 - Service: iPassConnectEngine - iPass, Inc. - C:Program FilesiPassiPassConnect BPiPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:Program FilesiPassiPassConnect BPiPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:Program FilesiPassiPassConnect BPiPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: IBM Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:Program FilesRationalClearQuestmailservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: BP COE Admin Password Changer (PwdChanger) - Unknown owner - C:WINDOWSsystem32Lgnserv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:Program FilesNTRU CryptosystemsNTRU Hybrid TSS v2.0.25bintcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe

--
End of file - 13099 bytes

Here is the Win32kDiag.txt log:

Running from: C:Documents and Settingskhanz1DesktopWin32kDiag.exe

Log file at : C:Documents and Settingskhanz1DesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINDOWS'...





Finished!

Here is the ESET online scan log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=31abea92632d72469f10426d98a5fefe
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-13 06:16:52
# local_time=2009-10-13 01:16:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=122345
# found=5
# cleaned=0
# scan_time=2792
C:WINDOWSsystem32hesudipi.dll a variant of Win32/Adware.Virtumonde.NFS application 00000000000000000000000000000000 I
C:WINDOWSsystem32jutokuki.dll a variant of Win32/Adware.Virtumonde.NFS application 00000000000000000000000000000000 I
C:WINDOWSsystem32pebewoge.dll a variant of Win32/Adware.Virtumonde.NFS application 00000000000000000000000000000000 I
C:WINDOWSsystem32schtmldbsinit.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:WINDOWSsystem32schtmlwispex.html Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I

Here is my RootRepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/13 01:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xBA565000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF79BF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xB9E73000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:WINDOWSTemporary Internet FilesContent.IE5DM87JD0Itopic264034[1].htm
Status: Visible to the Windows API, but not on disk.

Path: C:WINDOWSTemporary Internet FilesContent.IE5XSBLHRORforum22[1].htm
Status: Invisible to the Windows API!

==EOF==

Below is my DDS and Attach report from running DDS:


DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by khanz1 at 2:07:11.57 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSsystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and Settingskhanz1Desktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = https://wss2.bp.com/FCA/Group_Internal_Cont...ls/default.aspx
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: OneBPSidebar Class: {02f70f62-1717-4a69-8f51-e9b9b50b88db} - c:program filesonebponebp sidebarATLBPWorldCompanion.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_05binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscan enterprisescriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.3.4501.1418swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
EB: OneBP sidebar: {3f883f0a-9e83-4f44-85e6-3406ee36e8e6} - c:program filesonebponebp sidebarATLBPWorldCompanion.dll
uRun: [Google Update] "c:documents and settingskhanz1local settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [IMJPMIG8.1] "c:windowsimeimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] "c:windowssystem32imetintlgntTINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:windowssystem32imetintlgntTINTSETP.EXE" /IMEName
mRun: [ICFCheck] "wscript.exe" //Job:main c:windowsicfICF.WSF
mRun: [McAfeeUpdaterUI] "c:program filesnetwork associatescommon frameworkudaterui.exe" /StartedFromRunKey
mRun: [MSPY2002] "c:windowssystem32imepintlgntImScInst.exe" /SYNC
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /installquiet
mRun: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
mRun: [DVDLauncher] "c:program filescyberlinkpowerdvdDVDLauncher.exe"
mRun: [Apoint] "c:program filesapointApoint.exe"
mRun: [IntelZeroConfig] "c:program filesintelwirelessbinZCfgSvc.exe"
mRun: [IntelWireless] "c:program filesintelwirelessbinifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Document Manager] "c:program fileswave systems corpservices managerdocmgrbindocmgr.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [googletalk] "c:program filesgooglegoogle talkgoogletalk.exe" /autostart
mRun: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
mRun: [C2C MaX Compression initial registry keys] c:program filesmaxcompressionRegMaxComp54.exe /Q
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [RoxWatchTray] "c:program filescommon filesroxio shared9.0sharedcomRoxWatchTray9.exe"
mRun: [RightFAX Print-to-Fax Driver] c:program filesrightfaxclientFAXCTRL.exe
mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon
mRun: [Communicator] "c:program filesmicrosoft office communicatorcommunicator.exe" /fromrunkey
mRun: [Enterprise Vault Offline Vault Size] c:program filesenterprise vaultevregEVCREG13.exe /Q
mRun: [ShStatEXE] "c:program filesmcafeevirusscan enterpriseSHSTAT.EXE" /STANDALONE
mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe"
mRun: [AeXAgentLogon] c:program filesaltirisaltiris agentAeXAgentActivate.exe /logon
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [VX1000] c:windowsvVX1000.exe
mRun: [UserFaultCheck] %systemroot%system32dumprep 0 -u
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [pomehubos] Rundll32.exe "c:windowssystem32fetezeme.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmmbamgui.exe /install /silent
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%InstallerTSClientMsiTranstscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%InstallerTSClientMsiTranstscdsbl.bat"
StartupFolder: c:docume~1khanz1startm~1programsstartupenable~1.lnk - c:docume~1khanz1applic~1microsoftinstaller{18e879b1-28ee-4547-8aa0-c227b43d5b40}Icon18E879B1.exe
StartupFolder: c:docume~1khanz1startm~1programsstartupqlock.lnk - c:program filesqlockqlock.exe
StartupFolder: c:docume~1khanz1startm~1programsstartupshortc~1.lnk - c:stickynotesStickyNotes.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdevice~1.lnk - c:program filesolympusdevicedetectorDevDtct2.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupembass~1.lnk - c:program fileswave systems corpservices managersecure updateAutoUpdate.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)
mPolicies-system: HideShutdownScripts = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
IE: &Windows Live Search - c:program fileswindows live toolbarmsntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_05binssv.dll
IE: {2A788CEE-150C-46e0-97F1-E30F3D0AFAC4} - {3F883F0A-9E83-4F44-85E6-3406EE36E8E6} - c:program filesonebponebp sidebarATLBPWorldCompanion.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
Trusted Zone: google.compicasaweb
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/31.37/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:program filessapfrontendsapguiSAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:program filessapfrontendsapguiSAPHTMLP.DLL
Notify: GoToAssist - c:program filescitrixgotoassist516G2AWinLogon.dll
AppInit_DLLs: c:windowssystem32wxvault.dll c:windowssystem32aminit.dll c:windowssystem32fetezeme.dll,wevoyira.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SSODL: misogokaw - {d334931b-ab73-4669-9ebf-535571d4dced} - c:windowssystem32fetezeme.dll
STS: gahurihor: {d334931b-ab73-4669-9ebf-535571d4dced} - c:windowssystem32fetezeme.dll
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli witiwegu.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1khanz1applic~1mozillafirefoxprofilessjqzk1zi.default
FF - prefs.js: browser.startup.homepage - hxxp://finance.google.com/finance
FF - plugin: c:documents and settingskhanz1application datamozillapluginsnpgoogletalk.dll
FF - plugin: c:documents and settingskhanz1local settingsapplication datagoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesgooglegoogle updater2.4.1536.6592npCIDetect13.dll
FF - plugin: c:program filesgooglepicasa3npPicasa3.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:windowssystem32driversa320raid.sys [2006-10-3 217600]
R0 aarich;aarich;c:windowssystem32driversaarich.sys [2006-10-3 214528]
S2 PwdChanger;BP COE Admin Password Changer;c:windowssystem32Lgnserv.exe [2001-1-29 348672]
S3 ess;ESS Audio Driver (WDM);c:windowssystem32driversess.sys [2005-9-6 63360]
S3 MSHUSBVideo;NX6000 Filter Driver;c:windowssystem32driversnx6000.sys [2009-5-10 31512]

=============== Created Last 30 ================

2009-10-13 01:26 <DIR> --d----- c:program filesM
2009-10-13 00:24 <DIR> --d----- c:program filesESET
2009-10-12 23:42 <DIR> --ds---- C:CF
2009-10-12 23:42 389,120 a------- c:windowssystem32CF24350.exe
2009-10-12 23:26 <DIR> --d----- c:program filesMal
2009-10-12 22:59 <DIR> --d----- C:Temp
2009-10-12 07:37 389,120 a------- c:windowssystem32CF30657.exe
2009-10-12 07:14 <DIR> --d----- c:windowssystem32schtml
2009-10-12 07:10 89 a------- c:windowssystem32wwp.htm
2009-10-11 15:32 <DIR> --d----- c:docume~1khanz1applic~1Malwarebytes
2009-10-11 15:31 38,224 a------- c:windowssystem32driversmbamswissarmy.sys
2009-10-11 15:31 19,160 a------- c:windowssystem32driversmbam.sys
2009-10-11 15:31 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-10-11 15:31 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-10-09 23:13 <DIR> a-dshr-- C:cmdcons
2009-10-09 11:26 229,888 a------- c:windowsPEV.exe
2009-09-22 15:18 <DIR> --d----- C:Downloads
2009-09-22 14:32 237,568 a------- c:windowssystem32rmc_rtspdl.dll
2009-09-22 14:32 156,672 a------- c:windowssystem32rmc_fixasf.exe
2009-09-22 14:32 323,584 a------- c:windowssystem32AUDIOGENIE2.DLL
2009-09-22 14:32 <DIR> --d----- c:windowsReplay Media Catcher
2009-09-22 14:32 <DIR> --d----- c:program filesReplay Media Catcher
2009-09-22 14:10 <DIR> --d----- c:program filesFlash Favorite
2009-09-14 00:28 <DIR> --d----- c:program filesiPod
2009-09-14 00:28 <DIR> --d----- c:program filesiTunes
2009-09-14 00:28 <DIR> --d----- c:docume~1alluse~1applic~1{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-12 22:46 10,761 a------- c:documents and settingskhanz1khanz1_notes.dat
2009-10-09 22:41 298,371 a------- c:windowssystem32nvModes.dat
2009-08-29 12:33 256 a------- c:documents and settingskhanz1pool.bin
2009-07-30 20:01 81,736 a------- c:windowssystem32lmdimon8.dll
2008-11-05 21:44 60,744 a------- c:documents and settingskhanz1g2mdlhlpx.exe
2008-04-18 10:48 61,224 a------- c:documents and settingskhanz1GoToAssistDownloadHelper.exe
2007-12-11 09:55 3,125,248 a------- c:program filescommon filessapxlhelper.dll
2007-12-11 09:55 1,229,312 a------- c:program filescommon filesSAPActiveXL_nosig.xlt
2007-12-11 09:55 1,167,872 a------- c:program filescommon filesSAPActiveXL.xlt
2007-12-11 09:55 626,688 a------- c:program filescommon filessapconsaccess.dll
2007-12-11 09:55 192,512 a------- c:program filescommon filessapconsr3.dll
2007-12-11 09:55 40,960 a------- c:program filescommon filesDigitalSignature.ocx
2007-11-07 14:31 5,632 a--sh--- c:program filescommon filesThumbs.db
2005-11-15 15:32 3,638 a----r-- c:program filescommon filesAltiris_Icon.ico
2009-07-12 22:14 88,064 a--sh--- c:windowssystem32fetezeme.dll
2009-07-10 12:10 37,888 a--sh--- c:windowssystem32hesudipi.dll
2009-07-09 10:23 88,576 a--sh--- c:windowssystem32jowagesa.dll
2009-07-12 07:09 38,400 a--sh--- c:windowssystem32jutokuki.dll
2009-07-12 22:14 51,712 a--sh--- c:windowssystem32kijozilu.dll
2009-07-12 22:14 51,712 a--sh--- c:windowssystem32lizuside.dll
2009-07-12 22:14 38,400 a--sh--- c:windowssystem32metadomo.dll
2009-07-09 22:42 88,576 a--sh--- c:windowssystem32mubomoha.dll
2009-07-09 22:41 50,688 a--sh--- c:windowssystem32pebewoge.dll
2009-07-09 10:23 60,416 a--sh--- c:windowssystem32raroweno.dll
2009-07-12 22:14 51,712 a--sh--- c:windowssystem32wevoyira.dll
2009-07-12 22:14 51,712 a--sh--- c:windowssystem32witiwegu.dll

============= FINISH: 2:07:41.25 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 4/26/2007 2:00:19 PM
System Uptime: 10/13/2009 12:19:46 AM (2 hours ago)

Motherboard: Dell Inc. | | 0KX350
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 23.917 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP70: 8/7/2009 9:12:45 AM - System Checkpoint
RP71: 8/9/2009 10:35:59 AM - Installed iTunes
RP72: 8/10/2009 11:29:35 AM - System Checkpoint
RP73: 8/11/2009 11:40:13 AM - System Checkpoint
RP74: 8/12/2009 4:44:01 PM - System Checkpoint
RP75: 8/14/2009 12:12:23 AM - System Checkpoint
RP76: 8/16/2009 11:55:15 PM - System Checkpoint
RP77: 8/18/2009 12:31:12 PM - Installed Windows XP KB957097.
RP78: 8/18/2009 12:32:46 PM - Installed Windows XP KB954459.
RP79: 8/18/2009 12:33:46 PM - Installed Windows XP KB923561.
RP80: 8/18/2009 12:34:43 PM - Installed Windows XP KB971633.
RP81: 8/18/2009 12:35:39 PM - Installed Windows XP KB961371.
RP82: 8/18/2009 12:36:32 PM - Installed Windows XP KB973346.
RP83: 8/18/2009 12:37:50 PM - Installed Windows XP KB972260.
RP84: 8/19/2009 1:04:10 PM - System Checkpoint
RP85: 8/20/2009 10:44:13 AM - Installed GSMS Remedy 32-bit Console
RP86: 8/21/2009 11:30:41 AM - System Checkpoint
RP87: 8/24/2009 4:48:26 PM - System Checkpoint
RP88: 8/28/2009 10:35:25 AM - System Checkpoint
RP89: 8/31/2009 12:38:29 AM - System Checkpoint
RP90: 9/1/2009 9:00:54 AM - Removed Microsoft Office Live Meeting 2007
RP91: 9/1/2009 9:01:29 AM - Installed Microsoft Office Live Meeting 2007
RP92: 9/2/2009 10:27:57 AM - System Checkpoint
RP93: 9/6/2009 4:08:37 PM - System Checkpoint
RP94: 9/7/2009 4:53:05 PM - System Checkpoint
RP95: 9/8/2009 10:32:20 PM - System Checkpoint
RP96: 9/10/2009 12:45:00 AM - System Checkpoint
RP97: 9/11/2009 11:50:48 AM - System Checkpoint
RP98: 9/13/2009 4:52:36 PM - System Checkpoint
RP99: 9/15/2009 9:34:12 AM - System Checkpoint
RP100: 9/17/2009 2:24:23 PM - System Checkpoint
RP101: 9/21/2009 11:52:17 AM - System Checkpoint
RP102: 9/22/2009 12:42:39 PM - System Checkpoint
RP103: 9/22/2009 2:53:28 PM - Installed Jing
RP104: 9/22/2009 2:59:36 PM - Removed Jing
RP105: 9/23/2009 3:11:22 PM - System Checkpoint
RP106: 9/24/2009 3:30:26 PM - System Checkpoint
RP107: 9/27/2009 7:14:35 PM - System Checkpoint
RP108: 9/30/2009 11:04:42 AM - System Checkpoint
RP109: 10/1/2009 11:37:31 AM - System Checkpoint
RP110: 10/2/2009 11:45:44 AM - System Checkpoint
RP111: 10/4/2009 7:24:31 PM - System Checkpoint
RP112: 10/6/2009 8:17:40 AM - System Checkpoint
RP113: 10/7/2009 10:05:52 AM - System Checkpoint
RP114: 10/8/2009 3:12:27 PM - System Checkpoint
RP115: 10/11/2009 5:47:59 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
ALPS Touch Pad Driver
Altiris Agent Install Service
Altiris Application Metering Agent
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BlackBerry Desktop Software 4.2.2
BlackBerry v4.2.1 for the 8800 Series Wireless Handheld
Bonjour
BP Branded Wallpaper
BP COE Admin Password Generator Service
BP COE Services File Update
BP iRAS 4.0 Suite for Passport
BP Office Templates
BP Screen Saver - BP-Firework
BP Screen Saver - BP-Fireworks
BP Screen Saver - BP-Reverse Firework
BP Screen Saver - BP-Reverse Fireworks
BP Screen Saver - BP-Text
BP Screen Saver - BP-Zoom
BP Screen Saver BP-Scope
BP Univers Fonts (Roman)
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Canon iP1700
Canon iP1800 series
Canon iP1800 series User Registration
Canon My Printer
Canon Utilities Easy-LayoutPrint
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Daylight Savings Patch - USA
Dell Embassy Trust Suite by Wave Systems
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Document Manager Lite
e-Expenses installer
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
EnableProxy
ESET Online Scanner v3
ETS Launch Pad
ETS Upgrade
Fix Paths
Foxit PDF Editor
Foxit Reader
Gadwin PrintScreen
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.516
GoToMeeting 4.0.0.320
GSMS Remedy 32-bit Console
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB950565)
Hotfix for Windows XP (KB950616)
Hotfix for Windows XP (KB951126)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB951937-v2)
Hotfix for Windows XP (KB952287)
HPV Solo
IBM Rational ClearQuest
Intel® PRO Network Adapters and Drivers
Intel® PROSet/Wireless Software
iPass Connect
IPass Connect BP Documentation 3.0
iPassConnect BP
iRAS SR1 Firewall Exceptions
iTunes
J2SE Runtime Environment 5.0 Update 15
Java™ 6 Update 2
Java™ 6 Update 5
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MaX Compression Client
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Group Policy Management Console with SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office Communicator 2007
Microsoft Office Communicator 2007, MUI
Microsoft Office Live Meeting 2005
Microsoft Office Live Meeting 2007
Microsoft Office Standard Edition 2003
Microsoft Office Visio Viewer 2007
Microsoft Organization Chart 2.0
Microsoft Outlook Personal Folders Backup
Microsoft RunTime Components
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
mIWA
MKV Splitter
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.14)
mPfMgr
mPfWiz
mProSafe
MSN Money Investment Toolbox
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mWMI
mXML
mZConfig
nav-u tool
NetWaiting
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
Olympus Digital Wave Player
OneBP sidebar
OneBP Sidebar Uninstall
Password Safe 3.15 for Windows
PC Information Utility
Picasa 3
PIXMA Extended Survey Program
PowerDVD 5.7
Preboot Manager
Private Information Manager
Qlock Lite
QuickTime
RealPlayer
Remote Control USB Driver
Remove Hidden Data Tool
Right Fax Client
Roxio Media Manager
SAPGUI 7.10 PL8 / BW3.5 PL3 / BI 7.1 PL SP04_400 - SAP GUI for Windows v7100.2.8.1039 Build 983952
Secure Update
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Security Wizards
SkillSoft Course Manager
Snapshot Viewer
Symantec Enterprise Vault Outlook Add-In
Time Zone Data Update Tool for Microsoft Office Outlook
Toad for Oracle Freeware
Trillian
Update for Windows XP (KB942763)
upekmsi
VC80CRTRedist - 8.0.50727.762
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11 Enterprise Deployment
Windows Messenger 5.1
Windows Messenger 5.1 MUI Pack
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows XP Security Patch (KB902400) Vulnerabilities in MSDTC and COM+
Windows XP Security Patch (KB914388) Vulnerability in DHCP Client Service
Windows XP Security Patch (KB917159) Vulnerability in Server Service
Windows XP Security Patch (KB920683) Vulnerability in DNS Resolution
Windows XP Service Pack 3
WinZip
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/9/2009 8:44:02 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2C8CA0D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/9/2009 11:29:51 AM, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
10/9/2009 11:29:51 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 11:29:49 AM, error: Service Control Manager [7034] - The BP COE Admin Password Changer service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 11:29:49 AM, error: Service Control Manager [7034] - The Asset Insight Client service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 11:27:56 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 11:27:56 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/9/2009 11:26:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/9/2009 11:26:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/9/2009 11:20:02 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 11:12:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
10/9/2009 11:02:14 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).
10/9/2009 10:41:58 PM, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUMMicrosoftRawPort5&200550d&0&LPT1) disappeared from the system without first being prepared for removal.
10/9/2009 10:41:58 PM, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPIPNP04014&25e2ff18&0) disappeared from the system without first being prepared for removal.
10/9/2009 10:41:34 PM, error: Dhcp [1002] - The IP address lease 10.199.27.249 for the Network Card with network address 0019D2C8CA0D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/9/2009 10:41:24 PM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPIDockDevice_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
10/8/2009 7:34:50 AM, error: Dhcp [1002] - The IP address lease 16.10.1.4 for the Network Card with network address 0019D2C8CA0D has been denied by the DHCP server 12.169.176.2 (The DHCP Server sent a DHCPNACK message).
10/6/2009 8:07:33 AM, error: Dhcp [1002] - The IP address lease 16.10.1.6 for the Network Card with network address 0019D2C8CA0D has been denied by the DHCP server 12.169.176.2 (The DHCP Server sent a DHCPNACK message).
10/12/2009 7:35:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/12/2009 11:53:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 11:53:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2009 3:42:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/11/2009 11:02:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/10/2009 12:09:50 PM, error: NETLOGON [5719] - No Domain Controller is available for domain BP1 due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================

Here is the CKScanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:reference materialit security referencedefault passwordscrack.txt
scanner sequence 3.AP.11
----- EOF -----

I was able to run ComboFix. On restart, there were a couple of popups about missing files but I let ComboFix finish. I can post it here if someone will look at it.

Merged 6 posts. ~ OB

Edited by Orange Blossom, 23 October 2009 - 09:39 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:15 PM

Posted 27 October 2009 - 12:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:15 PM

Posted 01 November 2009 - 04:22 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users