TechSpot

Fake PC Performance (System Ckeck) removal

By sowghati
Feb 2, 2012
  1. Hi,

    I followed the 5 steps. Malwarebytes and DDS generated logs, but GMER did not. The logs are as follows. What should I do next? Thanks

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.02.08

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Amir :: AMIR-PC [administrator]

    Protection: Enabled

    02/02/2012 6:49:02 PM
    mbam-log-2012-02-02 (18-49-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 240582
    Time elapsed: 16 minute(s), 39 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> 6940 -> Delete on reboot.
    C:\ProgramData\NZWjhmcCjLS4eb.exe (Trojan.FakeAlert) -> 12052 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCR\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> Quarantined and deleted successfully.
    HKCU\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08df64bf-660a-75b1-3d3b-7a37c483a224} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKCR\CLSID\{08df64bf-660a-75b1-3d3b-7a37c483a224} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08DF64BF-660A-75B1-3D3B-7A37C483A224} (Adware.AdRotator) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\nJKYVsNDdEKo.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 4
    C:\Program Files (x86)\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

    Files Detected: 15
    C:\ProgramData\nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\ProgramData\NZWjhmcCjLS4eb.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Users\Amir\AppData\Local\Temp\vNNg5QmADFrU9X.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

    (end)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Amir at 19:57:48 on 2012-02-02
    Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.8181.6648 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskmgr.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229213431.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [InterVoip] "C:\Program Files (x86)\InterVoip.com\InterVoip\InterVoip.exe" -nosplash -minimized
    uRun: [Google Update] "C:\Users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Amir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{927629B9-EFF6-425F-A69C-DBE876AE9F38} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B1A5D8D0-769E-4CFE-B5A7-28F76D38AF4B} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B1A5D8D0-769E-4CFE-B5A7-28F76D38AF4B}\7484F4C414D4D23594A5 : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229213431.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Amir\AppData\Roaming\Mozilla\Firefox\Profiles\7gn6xdi6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 1080
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 1080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Dependency Checker\NPDCDetector.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
    FF - plugin: C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Amir\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Amir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Amir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-13 92160]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-1-23 103440]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-26 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-26 208536]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
    R2 MSSQL$MSSQLSERVERR2;SQL Server (MSSQLSERVERR2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
    R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-1-31 66560]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-3-30 2075480]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-13 1692480]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
    S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-7-7 376352]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$MSSQLSERVERR2;SQL Server Agent (MSSQLSERVERR2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-02-02 23:47:40 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Malwarebytes
    2012-02-02 23:47:27 -------- d--h--w- C:\ProgramData\Malwarebytes
    2012-02-02 23:47:23 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-02 23:47:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-02 15:20:27 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2012-02-02 15:18:57 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2012-02-02 15:14:10 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-02-02 15:12:40 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-02-02 15:12:40 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-02-02 15:12:40 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-02-02 15:12:40 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-02-02 15:08:39 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-02 15:03:35 -------- d-----w- C:\089dba48f211d9d2db
    2012-02-02 04:58:45 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-02 04:58:45 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAB9A2BA-E5E2-4B77-A356-C660754A8AFE}\gapaengine.dll
    2012-02-02 04:57:14 8602168 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEAF9857-7F53-4FBC-B9B6-9C36CA461CE6}\mpengine.dll
    2012-02-02 04:27:30 -------- d-----w- C:\9f958e766051aa5c4c46318e272aa1c2
    2012-02-02 04:24:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-02 04:23:40 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-02 04:14:42 10165440 ---ha-w- C:\mseinstall.exe
    2012-01-30 01:16:02 -------- d-----w- C:\Windows\Hewlett-Packard
    2012-01-29 02:58:49 -------- d--h--w- C:\Users\Amir\AppData\Local\dftmp
    2012-01-28 21:27:27 -------- d-----w- C:\Program Files (x86)\NuGet 1.2
    2012-01-28 21:02:12 -------- d-----w- C:\Program Files (x86)\Windows Azure Tools
    2012-01-28 20:57:55 -------- d-----w- C:\ProgramData\Package Cache
    2012-01-28 20:55:27 -------- d--h--w- C:\Users\Amir\AppData\Local\DevelopmentStorage
    2012-01-28 20:55:24 -------- d-----w- C:\Program Files\Windows Azure Emulator
    2012-01-28 20:53:07 -------- d-----w- C:\Program Files\Windows Azure SDK
    2012-01-28 20:51:11 -------- d-----w- C:\Program Files\Microsoft
    2012-01-28 20:48:38 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Microsoft Corporation
    2012-01-28 20:01:36 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-01-28 20:01:36 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-01-28 20:01:28 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-01-28 20:01:28 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-01-28 19:54:22 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2012-01-28 19:54:22 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2012-01-28 19:43:59 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
    2012-01-28 19:43:46 -------- d-----w- C:\Program Files\IIS
    2012-01-28 19:43:46 -------- d-----w- C:\Program Files (x86)\IIS
    2012-01-28 19:36:24 2494624 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-01-28 19:27:44 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
    2012-01-28 19:27:44 -------- d-----w- C:\Program Files (x86)\Microsoft F#
    2012-01-28 19:24:32 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
    2012-01-28 19:24:32 -------- d-----w- C:\Program Files\Microsoft Help Viewer
    2012-01-28 17:31:23 -------- d-----w- C:\inetpub
    2012-01-28 17:23:17 -------- d-----w- C:\Program Files (x86)\Microsoft Dependency Checker
    2012-01-28 17:09:55 -------- d--h--w- C:\WATK
    2012-01-26 20:45:55 -------- d-----w- C:\Program Files\iPod
    2012-01-26 20:45:54 -------- d-----w- C:\Program Files\iTunes
    2012-01-26 20:45:54 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-01-23 02:56:08 -------- d--h--w- C:\Users\Amir\AppData\Roaming\AVS4YOU
    2012-01-23 02:54:41 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
    2012-01-23 02:53:40 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2012-01-23 02:53:39 -------- d--h--w- C:\ProgramData\AVS4YOU
    2012-01-23 02:53:39 -------- d-----w- C:\Program Files (x86)\AVS4YOU
    2012-01-23 02:44:26 -------- d--h--w- C:\Users\Amir\AppData\Local\{2E45DF8C-86EC-4469-9BC4-D3F6466D5663}
    2012-01-23 02:44:26 -------- d--h--w- C:\Users\Amir\AppData\Local\{07DFC55B-0A28-40BF-93DA-E801DAF0E7E1}
    2012-01-19 15:37:00 -------- d-----w- C:\Program Files (x86)\InterVoip.com
    2012-01-12 01:51:29 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Athentech
    2012-01-12 01:48:29 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-12 01:48:29 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-12 01:48:29 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-12 01:48:29 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-12 01:28:47 -------- d-----w- C:\Program Files\Athentech
    2012-01-12 01:28:46 -------- d-----w- C:\Program Files (x86)\Athentech
    2012-01-12 01:24:40 -------- d--h--w- C:\ProgramData\regid.1986-12.com.adobe
    2012-01-12 00:10:45 -------- d--h--w- C:\Users\Amir\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-01-12 00:10:41 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
    .
    ==================== Find3M ====================
    .
    2011-12-10 03:09:07 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-12-10 03:09:07 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-11-30 23:16:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 19:59:08.15 ===============
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I will be glad to help you, but I could surely do a better job if I knew what problems you were experiencing! I can see malware in the logs- however in order to know what to address in particular, I have to know what's happening.
    ---------------------------------
    There is another log from DDS named Attach.txt. Please find that on the system and paste it in the next reply. You do not need to zip it.
    ====================================
    There are several very active rogue programs hitting systems now. Fake PC Performance & Stability Analysis Report is usually from a rogue System Restore malware infection. This is not the System Check malware.

    Does the following sound familiar?
    1. Fake computer analysis and optimization program from the FakeHDD family of rogues.
    2. Displays false alerts, also display fake alerts from your Windows taskbar.
    Delayed Write Failed
    Detected a hard disk problem
    Critical Error!
    Low Disk Space
    These alerts, like the fake scans and corrupt messages, are only designed to scare you into purchasing the program.
    3. Configured to start automatically when you login to Windows.
    4. Attempts to make it so you cannot run any programs on your computer.
    Missing icons, files, programs
    5. Sets Policies:
    "NoChangingWallPaper" = '1'
    "Explorer "NoDesktop" = '1'
    "DisableTaskMgr" = '1'
    6. Changes desktop background to a solid black color
    7. Do not delete files in temp folders or use temp file cleaner> deletes shortcuts found in various locations and store backups of them in the %Temp%\smtmp folder
    ===================================
    You've also gotten a lot of adware from the FLV Direct Player. This could be either from the program itself or the download site you used.
    ====================================
    You are using 2 antivirus programs:
    AV: Microsoft Security Essentials
    AV: McAfee Anti-Virus and Anti-Spyware
    Please remove one of them. Multiple AVs make a system more vulnerable, not less.
    Reboot the computer when finished.
    ==================================
    You may also be infected with Wolfram Antivirus, another computer infection from the Rogue.WinAVPro family.
    ==================================
    I want to make you aware that you have an excessive number of processes running. This will cause scans to take longer and it will also make my reviews of the massive log take longer> so expect those things.
    =================================
    I'm going to have you run Combofix only untill I get some information from you as to what's happening. Please leave the logs in the next reply with the Attact.txt log.

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.[/COLOR][/B]


    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  3. sowghati

    sowghati TS Rookie Topic Starter

    Thanks you for reply Bobbye,
    The answer to your first 6 questions is positive. My computer has all the symptoms that you mentioned.. I installed Combofix and its generated log is as follows. Seems like the problem is no longer there, but still my start menu icons are hidden, wallpaper is not there and the quick icons are rearranged. What's next Bobbye? Any chance that everything will be back to normal? Thanks a lot for your help, really appreciate it.

    Log attact.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22/01/2010 12:02:31 PM
    System Uptime: 02/02/2012 7:13:56 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0N826N
    Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 167.596 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: DW1525 (802.11n) WLAN PCIe Card
    Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3755305C&0&00E3
    Manufacturer: Atheros Communications Inc.
    Name: DW1525 (802.11n) WLAN PCIe Card #2
    PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3755305C&0&00E3
    Service: athr
    .
    ==== System Restore Points ===================
    .
    RP558: 02/02/2012 1:39:33 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    .NET Compact Framework-based Splash Screen Sample
    4500_G510nz_Help_Web
    4500G510nz_Software_Min
    4500G510nz_web
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.0 Professional
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop CS5.1
    Adobe Reader 9.1.2
    AdventureWorksDB
    Apple Application Support
    Apple Software Update
    Bing Bar
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Compatibility Pack for the 2007 Office system
    Crystal Reports Basic for Visual Studio 2008
    Crystal Reports for Visual Studio
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Dotfuscator Software Services - Community Edition
    Fax
    Free NaturalReader
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GoToAssist 8.0.0.514
    GPBaseService2
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IMVU Avatar Chat Software
    InterVoip
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    McAfee Security Scan Plus
    McAfee Total Protection
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
    Microsoft ASP.NET Web Pages
    Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
    Microsoft Dependency Checker
    Microsoft Document Explorer 2008
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2007
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Project Professional 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2000 Sample Database Scripts
    Microsoft SQL Server 2008 Books Online (English)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 10.0 (x86 en-US)
    MSDN Library for Visual Studio 2008 - ENU
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MuseScore 1.0 MuseScore score typesetter
    myBabylon Toolbar
    Neuro-Programmer 3 Visualizations Pack 1.0
    Neuro-Programmer 3.0.1
    NuGet
    PDF Settings CS5
    Perfectly Clear Plugin 1.5.8
    PowerDVD DX
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Reason 4.0
    Red Light Center 3D Client
    ReliaSoft DOE++
    ReliaSoft Office 7
    Roxio Burn
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2434737)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrinting
    SolutionCenter
    Status
    Times Reader
    Toolbox
    TrayApp
    Undelete Plus 2.96
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2483190)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    VC Runtimes MSI
    Vista Codec Package
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - v9.0.30729.4148
    Visual C++ 2008 x64 Runtime - v9.0.30729.6161
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VLC media player 1.1.7
    WebReg
    WinCHM 4.2
    WinDjView 1.0.1
    Windows Azure Tools for Microsoft Visual Studio 2010 - November 2011
    Windows Azure Tools for Microsoft Visual Studio 2010 1.6
    Windows Azure Tools for Microsoft Visual Studio 2010 Core
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/01/2012 10:15:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    27/01/2012 10:40:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    02/02/2012 9:53:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 7:08:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    02/02/2012 6:40:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    02/02/2012 2:09:50 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
    02/02/2012 2:08:06 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    02/02/2012 2:06:21 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    02/02/2012 2:04:38 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    02/02/2012 2:02:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    02/02/2012 2:00:43 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    02/02/2012 10:35:35 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    02/02/2012 10:35:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    02/02/2012 10:35:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    02/02/2012 10:34:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    02/02/2012 10:30:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk MpFilter NetBIOS NetBT nsiproxy Psched rdbss RsFx0103 Soluto spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
    02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/02/2012 1:52:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    02/02/2012 1:50:17 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    02/02/2012 1:32:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    01/02/2012 11:48:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    01/02/2012 11:48:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    01/02/2012 11:47:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter RsFx0103 Soluto spldr Wanarpv6
    01/02/2012 11:36:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
    01/02/2012 11:27:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss RsFx0103 Soluto spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
    01/02/2012 11:10:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RsFx0103 Soluto spldr Wanarpv6
    .
    ==== End Of File ===========================
     
  4. sowghati

    sowghati TS Rookie Topic Starter

    Combofix Log:

    ComboFix 12-02-02.02 - Amir 02/02/2012 22:50:00.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.8181.6097 [GMT -5:00]
    Running from: c:\users\Amir\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
    c:\users\Amir\AppData\Roaming\chrtmp
    c:\users\Amir\AppData\Roaming\DataSafeDotNet.exe
    c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Amir\Desktop\System Check.lnk
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-03 02:29 . 2012-02-03 02:29 -------- d-----w- c:\program files\Microsoft Lync
    2012-02-03 02:29 . 2012-02-03 02:29 -------- d-----w- c:\program files (x86)\Microsoft Lync
    2012-02-03 02:14 . 2012-02-03 04:05 -------- d-----w- c:\users\Amir\Tracing
    2012-02-03 02:14 . 2012-02-03 02:28 -------- d-----w- c:\program files (x86)\OCSetup
    2012-02-02 23:47 . 2012-02-02 23:47 -------- d--h--w- c:\users\Amir\AppData\Roaming\Malwarebytes
    2012-02-02 23:47 . 2012-02-02 23:47 -------- d--h--w- c:\programdata\Malwarebytes
    2012-02-02 23:47 . 2012-02-02 23:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-02 23:47 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-02 23:44 . 2012-02-02 23:44 -------- d--h--w- c:\users\Amir\AppData\Roaming\HPAppData
    2012-02-02 15:20 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2012-02-02 15:18 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2012-02-02 15:14 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2012-02-02 15:12 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2012-02-02 15:12 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2012-02-02 15:12 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2012-02-02 15:12 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2012-02-02 15:08 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
    2012-02-02 15:03 . 2012-02-02 15:04 -------- d-----w- C:\089dba48f211d9d2db
    2012-02-02 04:27 . 2012-02-02 04:27 -------- d-----w- C:\9f958e766051aa5c4c46318e272aa1c2
    2012-02-02 04:14 . 2012-02-02 04:15 10165440 ---ha-w- C:\mseinstall.exe
    2012-01-30 01:16 . 2012-01-30 01:16 -------- d-----w- c:\windows\Hewlett-Packard
    2012-01-29 02:58 . 2012-01-29 02:58 -------- d--h--w- c:\users\Amir\AppData\Local\dftmp
    2012-01-28 21:27 . 2012-01-28 21:27 -------- d-----w- c:\program files (x86)\NuGet 1.2
    2012-01-28 21:02 . 2012-01-28 21:02 -------- d-----w- c:\program files (x86)\Windows Azure Tools
    2012-01-28 20:57 . 2012-01-28 20:57 -------- d-----w- c:\programdata\Package Cache
    2012-01-28 20:55 . 2012-01-29 03:48 -------- d--h--w- c:\users\Amir\AppData\Local\DevelopmentStorage
    2012-01-28 20:55 . 2012-01-28 20:55 -------- d-----w- c:\program files\Windows Azure Emulator
    2012-01-28 20:53 . 2012-01-28 20:53 -------- d-----w- c:\program files\Windows Azure SDK
    2012-01-28 20:51 . 2012-01-28 20:51 -------- d-----w- c:\program files\Microsoft
    2012-01-28 20:48 . 2012-01-28 20:48 -------- d--h--w- c:\users\Amir\AppData\Roaming\Microsoft Corporation
    2012-01-28 20:01 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-01-28 20:01 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2012-01-28 20:01 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-01-28 20:01 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft Sync Framework
    2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2012-01-28 19:43 . 2012-01-28 21:18 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
    2012-01-28 19:43 . 2012-01-28 19:43 -------- d-----w- c:\program files\IIS
    2012-01-28 19:43 . 2012-01-28 19:43 -------- d-----w- c:\program files (x86)\IIS
    2012-01-28 19:27 . 2012-01-28 19:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
    2012-01-28 19:27 . 2012-01-28 19:31 -------- d-----w- c:\program files (x86)\Microsoft F#
    2012-01-28 19:24 . 2012-01-28 19:55 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2012-01-28 19:24 . 2012-01-28 19:24 -------- d-----w- c:\program files\Microsoft Help Viewer
    2012-01-28 17:35 . 2012-01-28 17:35 -------- d-----w- c:\users\Classic .NET AppPool
    2012-01-28 17:31 . 2012-01-29 16:14 -------- d-----w- C:\inetpub
    2012-01-28 17:23 . 2012-01-28 17:23 -------- d-----w- c:\program files (x86)\Microsoft Dependency Checker
    2012-01-28 17:09 . 2012-01-28 17:14 -------- d-----w- C:\WATK
    2012-01-26 20:45 . 2012-01-26 20:45 -------- d-----w- c:\program files\iPod
    2012-01-26 20:45 . 2012-01-26 20:46 -------- d-----w- c:\program files\iTunes
    2012-01-26 20:45 . 2012-01-26 20:46 -------- d-----w- c:\program files (x86)\iTunes
    2012-01-23 02:56 . 2012-01-23 02:56 -------- d--h--w- c:\users\Amir\AppData\Roaming\AVS4YOU
    2012-01-23 02:54 . 2012-01-23 03:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2012-01-23 02:53 . 2011-08-22 21:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2012-01-23 02:53 . 2012-01-23 03:01 -------- d-----w- c:\program files (x86)\AVS4YOU
    2012-01-23 02:53 . 2012-01-23 02:55 -------- d--h--w- c:\programdata\AVS4YOU
    2012-01-19 15:37 . 2012-01-19 15:37 -------- d-----w- c:\program files (x86)\InterVoip.com
    2012-01-12 01:51 . 2012-01-12 01:51 -------- d--h--w- c:\users\Amir\AppData\Roaming\Athentech
    2012-01-12 01:48 . 2012-02-01 01:57 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-12 01:48 . 2012-01-12 01:48 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-12 01:48 . 2012-01-12 01:48 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-12 01:48 . 2012-01-12 01:48 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-12 01:28 . 2012-01-12 01:28 -------- d-----w- c:\program files\Athentech
    2012-01-12 01:28 . 2012-01-12 01:28 -------- d-----w- c:\program files (x86)\Athentech
    2012-01-12 01:24 . 2012-01-12 01:24 -------- d--h--w- c:\programdata\regid.1986-12.com.adobe
    2012-01-12 01:20 . 2012-01-12 01:24 -------- d-----w- c:\program files\Common Files\Adobe
    2012-01-12 00:10 . 2012-01-12 00:10 -------- d--h--w- c:\users\Amir\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-01-12 00:10 . 2012-01-12 00:10 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 03:10 . 2010-07-20 10:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2012-02-03 01:14 . 2011-11-30 23:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-28 21:27 . 2012-01-28 19:36 2494624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-12-10 03:09 . 2011-12-10 03:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-12-10 03:09 . 2011-12-10 03:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files (x86)\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
    .
    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    2008-02-14 19:54 1555480 ----a-w- c:\program files (x86)\myBabylon\tbmyBa.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files (x86)\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
    .
    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InterVoip"="c:\program files (x86)\InterVoip.com\InterVoip\InterVoip.exe" [2011-08-13 13855024]
    "VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-10 296056]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-11-16 12065056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
    .
    c:\users\Sanaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$MSSQLSERVERR2;SQL Server Agent (MSSQLSERVERR2);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
    S2 MSSQL$MSSQLSERVERR2;SQL Server (MSSQLSERVERR2);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
    S2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-01-31 66560]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 08:56]
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 08:56]
    .
    2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1000Core.job
    - c:\users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 13:47]
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1000UA.job
    - c:\users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 13:47]
    .
    2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1007Core.job
    - c:\users\Sanaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 01:03]
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1007UA.job
    - c:\users\Sanaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 01:03]
    .
    2012-02-02 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Amir\AppData\Roaming\Mozilla\Firefox\Profiles\7gn6xdi6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 1080
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 1080
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{34EA1C70-42CC-42C5-AA29-EC58B95A343E} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-02 23:26:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-03 04:26
    .
    Pre-Run: 182,136,573,952 bytes free
    Post-Run: 185,184,063,488 bytes free
    .
    - - End Of File - - 94C5C20C7B4F2FD4146164C1F358E425
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please do not send me a PM about logs unless I haven't replied for 48 hours. I will check Combofix later. For the cosmetic problems:

    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
    Note 2: If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    ================================
    Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    ======================================
    I will return later. We have not finished.
     
  6. sowghati

    sowghati TS Rookie Topic Starter

    Thank you so much Bobbye,

    I ran unhide.exe and did what you instructed me to do.
    The desktop is back to normal, start menu icons are back and the toolbar is fine again. What's next? Am I still vulnerable?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You did also have System Check. Most of these rogues will also bring the TDSSRootkit with it, so I'd like you to do the following scans:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save the log and include in next reply.
    • A reboot is required after disinfection.
    =======================================
    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    =======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    After reviewing these logs> TDSSKiller, Mbam and the Eset scan, I'll have some script for you to run through Combofix.
     
  8. sowghati

    sowghati TS Rookie Topic Starter

    Hi Bobbye,

    Thank you for the instructions. I followed all the steps but no thread was found on my system. Also the windows installed more than 30 updates and afterwards, the start menu is back to normal again. Should I do anything else?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Catching up! Thanks for your patience.

    There should be a log fro TDSSKiller. If you cannot find it on the system, please run the program again, save the log and post it in next reply. Most of the rogue program are including the TDSS malware.
    =====================================
    If you did not get a log after the Eset scan, that's okay.
    ======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    C:\089dba48f211d9d2db
    C:\9f958e766051aa5c4c46318e272aa1c2
    C:\ProgramData\Package Cache
    DDS::
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"=-
    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"=- 
    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader:> Adobe Reader Update
    Java(TM):> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...