OK new to all this but got my PC infected with Malware. Found your great instructions and am following as best I can
Pasting the outputs of MBAM and DDS as requested
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.27.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
B059902 :: CG139277 [administrator]
27/06/2013 09:03:12
mbam-log-2013-06-27 (09-03-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303237
Time elapsed: 7 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: automatic updates -> Quarantined and deleted successfully.
Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\RECYCLER\S-1-5-21-434339603-4253306008-260024257-208007\$RBF3F58C9 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\01372275930437.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\86.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\88.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\8D.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temporary Internet Files\Content.IE5\6WV8HWLU\flashplayer11_6r226370_513_win[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902_old\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully.
(end)
And DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by B059902 at 9:18:06 on 2013-06-27
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1903.1219 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\media\sthda_5.10.6267.0_d28ae6e8f39501298e93a295a6a51ae8\STacSV.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\1E\NightWatchman50\NwmSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe
C:\Program Files\Common Files\Winland\cgserv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\1E\NightWatchman50\NWMCLI.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\SppClient.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\b059902\Local Settings\Temp\PixClip.exe
C:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\proquota.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://intranet.eu.tatasteel.com/irj/portal
uDefault_Page_URL = hxxp://intranet.eu.tatasteel.com/irj/portal
uInternet Connection Wizard,ShellNext = hxxp://intranet.eu.tatasteel.com/irj/portal
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130213095207.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft\office\office14\URLREDIR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PixClip] c:\documents and settings\b059902\local settings\temp\PixClip.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_07\bin\jusched.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\accelerometerST.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Specops Password Client] c:\windows\system32\SppClient.exe
mRun: [BCSSync] "c:\program files\microsoft\office\office14\BCSSync.exe" /DelayServices
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{00010409-78e1-11d2-b60f-006097c998e7}\misc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoThemesTab = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoPropertiesMyDocuments = dword:1
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoSetTaskbar = dword:1
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoAutoUpdate = dword:1
uPolicies-Explorer: NoDFSTab = dword:1
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: NoDrives = dword:20
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: RecycleBinSize = dword:1
uPolicies-System: NoColorChoice = dword:1
uPolicies-System: SetVisualStyle = %windir%\resources\Themes\Luna\Luna.msstyles
uPolicies-System: Wallpaper = c:\windows\web\wallpaper\corus skin kit\BlueNoLogo.bmp
uPolicies-System: WallpaperStyle = 2
uPolicies-System: EnableProfileQuota = dword:1
uPolicies-System: ProfileQuotaMessage = You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. For further information, please contact your local helpdesk.
uPolicies-System: MaxProfileSize = dword:13000
uPolicies-System: IncludeRegInProQuota = dword:1
uPolicies-System: WarnUser = dword:1
uPolicies-System: WarnUserTimeout = dword:15
uPolicies-Windows\System: ExcludeProfileDirs = .javaws;Application Data;Cookies;Favorites;Favorites.old;My Documents;Oracle Jar Cache;Recent;SAP;SAP_Cache_B019833;SAP_Cache_B020523;SAP_Cache_B036311;Notes;.iuclid5;
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoMSAppLogo5ChannelNotify = dword:1
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-System: legalnoticecaption = WARNING
mPolicies-System: legalnoticetext = Access to this system is not permitted unless authorised by Tata Steel.
If you require authorisation, please contact the Service Desk.
Your attention is drawn to the Tata Steel Group Information Security
Policy and user guidance which can be found on the Information
Security intranet site at http://infosec.corp.tatasteel.com
mPolicies-System: RunLogonScriptSync = dword:0
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
mPolicies-Windows\System: SlowLinkDetectEnabled = dword:1
mPolicies-Windows\System: UserProfileMinTransferRate = dword:6000
mPolicies-Windows\System: SlowLinkTimeOut = dword:10
mPolicies-Windows\System: UserPolicyMode = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: cgateeu.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://quickplace-continental.corusnet.corusgroup.com/qp2.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.aquire.com/codebase71/OrgPubX.cab
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 212.74.112.66 212.74.112.67
TCP: Interfaces\{4CC7700C-EF6A-4CE6-9229-81FEEA552B02} : DHCPNameServer = 212.74.112.66 212.74.112.67
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: SoPwdClt - SPP3Clt.dll
mASetup: {00180409-78E1-11D2-B60F-006097C998E7} - msiexec /fu {00180409-78E1-11D2-B60F-006097C998E7} /qn
mASetup: {0389F63E-3A0B-48CD-9A47-DCE5B901DB66} - msiexec /fup {0389F63E-3A0B-48CD-9A47-DCE5B901DB66} /qb!
mASetup: {0A65F6EE-BF32-4618-8D89-44F271154D59} - msiexec /fup {0A65F6EE-BF32-4618-8D89-44F271154D59} /qn
mASetup: {15242440-0FCC-43E6-B45E-F5000676EC65} - msiexec /fu {15242440-0FCC-43E6-B45E-F5000676EC65} /qn
mASetup: {30526EC3-EA81-4B16-AAC7-736DD56A8EC5} - msiexec /fu {30526EC3-EA81-4B16-AAC7-736DD56A8EC5} /qn
mASetup: {326C444B-94FD-41D1-96E6-1F1761DED185} - msiexec /faup {326C444B-94FD-41D1-96E6-1F1761DED185} /qn
mASetup: {49EB0287-6F61-45CB-A983-348BB742BCD9} - msiexec /fu {49EB0287-6F61-45CB-A983-348BB742BCD9} /qn
mASetup: {574FA498-C1C3-46C2-AC87-F3EA6ADD4AED} - msiexec /fup {574FA498-C1C3-46C2-AC87-F3EA6ADD4AED} /QN
mASetup: {5A5C0539-5D12-409A-BFCC-6C68476458A1} - msiexec /fu {5A5C0539-5D12-409A-BFCC-6C68476458A1} /qn
mASetup: {5C0A46EE-0582-4631-AEFC-75FDBD4BCD72} - msiexec /fu {5C0A46EE-0582-4631-AEFC-75FDBD4BCD72} /qn
mASetup: {6692F6CA-CA86-4D67-BA00-67007EFECF9D} - msiexec /fu {6692F6CA-CA86-4D67-BA00-67007EFECF9D} /qn
mASetup: {71283FD0-C2D5-4051-A44D-346FCACA74CF} - msiexec /fup {71283FD0-C2D5-4051-A44D-346FCACA74CF} /qn
mASetup: {81BE0B17-563B-45D4-B198-5721E6C665CD} - msiexec /fu {81BE0B17-563B-45D4-B198-5721E6C665CD} /qn
mASetup: {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} - msiexec /fu {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} /qn
mASetup: {8DF98EED-7178-425C-A65B-3DA2396CF645} - msiexec /fu {8DF98EED-7178-425C-A65B-3DA2396CF645} /qn
mASetup: {90120000-0012-0000-0000-0000000FF1CE} - wscript.exe "c:\program files\microsoft office\OfficeSetting.vbs"
mASetup: {963A5145-60B3-4AFD-A7ED-BDE1CFECC43E} - msiexec /fu {963A5145-60B3-4AFD-A7ED-BDE1CFECC43E} /qn
mASetup: {9F6DEA51-F458-422E-B779-5068BE3099B7} - msiexec /fu {9F6DEA51-F458-422E-B779-5068BE3099B7} /qn
mASetup: {B32792B7-6B70-45F7-A941-96192B2024F8} - msiexec /fu {B32792B7-6B70-45F7-A941-96192B2024F8} /qn
mASetup: {BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07} - msiexec /fu {BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07} /qn
mASetup: {C5A5623A-BB2A-45AC-B5B9-ABD5F65B13C6} - msiexec /fu {C5A5623A-BB2A-45AC-B5B9-ABD5F65B13C6} /qn
mASetup: {D58FF0D7-37B4-48B0-AF22-7D6656D59B7B} - msiexec /fu {D58FF0D7-37B4-48B0-AF22-7D6656D59B7B} /qn
mASetup: {DB497FF5-24D0-434B-BC97-20817B00DEDF} - Msiexec /fup {DB497FF5-24D0-434B-BC97-20817B00DEDF} /qn
mASetup: {E0CA67C8-1693-47E5-83B8-CDDB0541342A} - msiexec /fu {E0CA67C8-1693-47E5-83B8-CDDB0541342A} /qn
mASetup: {FDEF8467-4A2B-470F-A58A-8BCF00164064} - msiexec /fup {FDEF8467-4A2B-470F-A58A-8BCF00164064} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-9-21 477584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-9-21 90368]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [2007-8-24 63008]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-3-17 132464]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-11-27 132712]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-9-21 167344]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-9-21 159640]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-2-23 1578400]
R2 NightWatchman50;NightWatchman50;c:\program files\1e\nightwatchman50\NwmSvc.exe [2008-7-25 414352]
R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2007-9-4 139264]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R2 WakeUpAgt;1E WakeUp Agent;c:\program files\1e\wakeup\agent\WakeUpAgt.exe [2008-8-26 266896]
R2 Winland;DISOE Winland Agent;c:\program files\common files\winland\cgserv.exe [2012-10-8 359424]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-5-16 113664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-5-16 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2012-5-16 166568]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-5-16 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-16 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-16 205824]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-9-21 215024]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-9-21 59616]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2012-5-16 49152]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-7-31 17968]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-9-21 87816]
.
=============== Created Last 30 ================
.
2013-06-27 08:02:07 -------- d-----w- c:\documents and settings\b059902\application data\Malwarebytes
2013-06-27 08:01:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-27 08:01:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-27 08:01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-27 07:53:52 18656 ----a-w- c:\documents and settings\all users\application data\microsoft\msoidentitycrl\production\msoidconfig.dll
2013-06-26 20:13:39 -------- d-----w- c:\documents and settings\all users\application data\1E
2013-06-24 07:57:53 -------- d-----w- c:\program files\TNSnames
2013-06-11 14:02:37 -------- d-----w- c:\documents and settings\b059902\local settings\application data\Citrix
2013-06-11 14:02:31 113224 ----a-w- c:\documents and settings\b059902\g2ax_customer_downloadhelper_win32_x86.exe
.
==================== Find3M ====================
.
2013-05-20 13:18:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-20 13:18:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:18:40.89 ===============
Pasting the outputs of MBAM and DDS as requested
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.27.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
B059902 :: CG139277 [administrator]
27/06/2013 09:03:12
mbam-log-2013-06-27 (09-03-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303237
Time elapsed: 7 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: automatic updates -> Quarantined and deleted successfully.
Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\RECYCLER\S-1-5-21-434339603-4253306008-260024257-208007\$RBF3F58C9 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\01372275930437.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\86.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\88.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temp\8D.tmp (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902\Local Settings\Temporary Internet Files\Content.IE5\6WV8HWLU\flashplayer11_6r226370_513_win[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\b059902_old\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Quarantined and deleted successfully.
(end)
And DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by B059902 at 9:18:06 on 2013-06-27
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1903.1219 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\media\sthda_5.10.6267.0_d28ae6e8f39501298e93a295a6a51ae8\STacSV.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\1E\NightWatchman50\NwmSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe
C:\Program Files\Common Files\Winland\cgserv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\1E\NightWatchman50\NWMCLI.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\SppClient.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\b059902\Local Settings\Temp\PixClip.exe
C:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\proquota.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://intranet.eu.tatasteel.com/irj/portal
uDefault_Page_URL = hxxp://intranet.eu.tatasteel.com/irj/portal
uInternet Connection Wizard,ShellNext = hxxp://intranet.eu.tatasteel.com/irj/portal
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130213095207.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft\office\office14\URLREDIR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PixClip] c:\documents and settings\b059902\local settings\temp\PixClip.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_07\bin\jusched.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\accelerometerST.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Specops Password Client] c:\windows\system32\SppClient.exe
mRun: [BCSSync] "c:\program files\microsoft\office\office14\BCSSync.exe" /DelayServices
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{00010409-78e1-11d2-b60f-006097c998e7}\misc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoThemesTab = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoPropertiesMyDocuments = dword:1
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoSetTaskbar = dword:1
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoAutoUpdate = dword:1
uPolicies-Explorer: NoDFSTab = dword:1
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: NoDrives = dword:20
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: RecycleBinSize = dword:1
uPolicies-System: NoColorChoice = dword:1
uPolicies-System: SetVisualStyle = %windir%\resources\Themes\Luna\Luna.msstyles
uPolicies-System: Wallpaper = c:\windows\web\wallpaper\corus skin kit\BlueNoLogo.bmp
uPolicies-System: WallpaperStyle = 2
uPolicies-System: EnableProfileQuota = dword:1
uPolicies-System: ProfileQuotaMessage = You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. For further information, please contact your local helpdesk.
uPolicies-System: MaxProfileSize = dword:13000
uPolicies-System: IncludeRegInProQuota = dword:1
uPolicies-System: WarnUser = dword:1
uPolicies-System: WarnUserTimeout = dword:15
uPolicies-Windows\System: ExcludeProfileDirs = .javaws;Application Data;Cookies;Favorites;Favorites.old;My Documents;Oracle Jar Cache;Recent;SAP;SAP_Cache_B019833;SAP_Cache_B020523;SAP_Cache_B036311;Notes;.iuclid5;
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoMSAppLogo5ChannelNotify = dword:1
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-System: legalnoticecaption = WARNING
mPolicies-System: legalnoticetext = Access to this system is not permitted unless authorised by Tata Steel.
If you require authorisation, please contact the Service Desk.
Your attention is drawn to the Tata Steel Group Information Security
Policy and user guidance which can be found on the Information
Security intranet site at http://infosec.corp.tatasteel.com
mPolicies-System: RunLogonScriptSync = dword:0
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
mPolicies-Windows\System: SlowLinkDetectEnabled = dword:1
mPolicies-Windows\System: UserProfileMinTransferRate = dword:6000
mPolicies-Windows\System: SlowLinkTimeOut = dword:10
mPolicies-Windows\System: UserPolicyMode = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: cgateeu.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://quickplace-continental.corusnet.corusgroup.com/qp2.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.aquire.com/codebase71/OrgPubX.cab
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 212.74.112.66 212.74.112.67
TCP: Interfaces\{4CC7700C-EF6A-4CE6-9229-81FEEA552B02} : DHCPNameServer = 212.74.112.66 212.74.112.67
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: SoPwdClt - SPP3Clt.dll
mASetup: {00180409-78E1-11D2-B60F-006097C998E7} - msiexec /fu {00180409-78E1-11D2-B60F-006097C998E7} /qn
mASetup: {0389F63E-3A0B-48CD-9A47-DCE5B901DB66} - msiexec /fup {0389F63E-3A0B-48CD-9A47-DCE5B901DB66} /qb!
mASetup: {0A65F6EE-BF32-4618-8D89-44F271154D59} - msiexec /fup {0A65F6EE-BF32-4618-8D89-44F271154D59} /qn
mASetup: {15242440-0FCC-43E6-B45E-F5000676EC65} - msiexec /fu {15242440-0FCC-43E6-B45E-F5000676EC65} /qn
mASetup: {30526EC3-EA81-4B16-AAC7-736DD56A8EC5} - msiexec /fu {30526EC3-EA81-4B16-AAC7-736DD56A8EC5} /qn
mASetup: {326C444B-94FD-41D1-96E6-1F1761DED185} - msiexec /faup {326C444B-94FD-41D1-96E6-1F1761DED185} /qn
mASetup: {49EB0287-6F61-45CB-A983-348BB742BCD9} - msiexec /fu {49EB0287-6F61-45CB-A983-348BB742BCD9} /qn
mASetup: {574FA498-C1C3-46C2-AC87-F3EA6ADD4AED} - msiexec /fup {574FA498-C1C3-46C2-AC87-F3EA6ADD4AED} /QN
mASetup: {5A5C0539-5D12-409A-BFCC-6C68476458A1} - msiexec /fu {5A5C0539-5D12-409A-BFCC-6C68476458A1} /qn
mASetup: {5C0A46EE-0582-4631-AEFC-75FDBD4BCD72} - msiexec /fu {5C0A46EE-0582-4631-AEFC-75FDBD4BCD72} /qn
mASetup: {6692F6CA-CA86-4D67-BA00-67007EFECF9D} - msiexec /fu {6692F6CA-CA86-4D67-BA00-67007EFECF9D} /qn
mASetup: {71283FD0-C2D5-4051-A44D-346FCACA74CF} - msiexec /fup {71283FD0-C2D5-4051-A44D-346FCACA74CF} /qn
mASetup: {81BE0B17-563B-45D4-B198-5721E6C665CD} - msiexec /fu {81BE0B17-563B-45D4-B198-5721E6C665CD} /qn
mASetup: {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} - msiexec /fu {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} /qn
mASetup: {8DF98EED-7178-425C-A65B-3DA2396CF645} - msiexec /fu {8DF98EED-7178-425C-A65B-3DA2396CF645} /qn
mASetup: {90120000-0012-0000-0000-0000000FF1CE} - wscript.exe "c:\program files\microsoft office\OfficeSetting.vbs"
mASetup: {963A5145-60B3-4AFD-A7ED-BDE1CFECC43E} - msiexec /fu {963A5145-60B3-4AFD-A7ED-BDE1CFECC43E} /qn
mASetup: {9F6DEA51-F458-422E-B779-5068BE3099B7} - msiexec /fu {9F6DEA51-F458-422E-B779-5068BE3099B7} /qn
mASetup: {B32792B7-6B70-45F7-A941-96192B2024F8} - msiexec /fu {B32792B7-6B70-45F7-A941-96192B2024F8} /qn
mASetup: {BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07} - msiexec /fu {BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07} /qn
mASetup: {C5A5623A-BB2A-45AC-B5B9-ABD5F65B13C6} - msiexec /fu {C5A5623A-BB2A-45AC-B5B9-ABD5F65B13C6} /qn
mASetup: {D58FF0D7-37B4-48B0-AF22-7D6656D59B7B} - msiexec /fu {D58FF0D7-37B4-48B0-AF22-7D6656D59B7B} /qn
mASetup: {DB497FF5-24D0-434B-BC97-20817B00DEDF} - Msiexec /fup {DB497FF5-24D0-434B-BC97-20817B00DEDF} /qn
mASetup: {E0CA67C8-1693-47E5-83B8-CDDB0541342A} - msiexec /fu {E0CA67C8-1693-47E5-83B8-CDDB0541342A} /qn
mASetup: {FDEF8467-4A2B-470F-A58A-8BCF00164064} - msiexec /fup {FDEF8467-4A2B-470F-A58A-8BCF00164064} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-9-21 477584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-9-21 90368]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [2007-8-24 63008]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-3-17 132464]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-11-27 132712]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-9-21 167344]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-9-21 159640]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-2-23 1578400]
R2 NightWatchman50;NightWatchman50;c:\program files\1e\nightwatchman50\NwmSvc.exe [2008-7-25 414352]
R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2007-9-4 139264]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R2 WakeUpAgt;1E WakeUp Agent;c:\program files\1e\wakeup\agent\WakeUpAgt.exe [2008-8-26 266896]
R2 Winland;DISOE Winland Agent;c:\program files\common files\winland\cgserv.exe [2012-10-8 359424]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-5-16 113664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-5-16 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2012-5-16 166568]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-5-16 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-16 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-16 205824]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-9-21 215024]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-9-21 59616]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2012-5-16 49152]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-7-31 17968]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-9-21 87816]
.
=============== Created Last 30 ================
.
2013-06-27 08:02:07 -------- d-----w- c:\documents and settings\b059902\application data\Malwarebytes
2013-06-27 08:01:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-27 08:01:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-27 08:01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-27 07:53:52 18656 ----a-w- c:\documents and settings\all users\application data\microsoft\msoidentitycrl\production\msoidconfig.dll
2013-06-26 20:13:39 -------- d-----w- c:\documents and settings\all users\application data\1E
2013-06-24 07:57:53 -------- d-----w- c:\program files\TNSnames
2013-06-11 14:02:37 -------- d-----w- c:\documents and settings\b059902\local settings\application data\Citrix
2013-06-11 14:02:31 113224 ----a-w- c:\documents and settings\b059902\g2ax_customer_downloadhelper_win32_x86.exe
.
==================== Find3M ====================
.
2013-05-20 13:18:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-20 13:18:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:18:40.89 ===============