Inactive Fake PC Performance (System Ckeck) removal

Status
Not open for further replies.
S

sowghati

Hi,

I followed the 5 steps. Malwarebytes and DDS generated logs, but GMER did not. The logs are as follows. What should I do next? Thanks

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Amir :: AMIR-PC [administrator]

Protection: Enabled

02/02/2012 6:49:02 PM
mbam-log-2012-02-02 (18-49-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240582
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Detected: 2
C:\ProgramData\nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> 6940 -> Delete on reboot.
C:\ProgramData\NZWjhmcCjLS4eb.exe (Trojan.FakeAlert) -> 12052 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> Quarantined and deleted successfully.
HKCU\Software\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08df64bf-660a-75b1-3d3b-7a37c483a224} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKCR\CLSID\{08df64bf-660a-75b1-3d3b-7a37c483a224} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08DF64BF-660A-75B1-3D3B-7A37C483A224} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\nJKYVsNDdEKo.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Program Files (x86)\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Files Detected: 15
C:\ProgramData\nJKYVsNDdEKo.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\NZWjhmcCjLS4eb.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Amir\AppData\Local\Temp\vNNg5QmADFrU9X.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Amir at 19:57:48 on 2012-02-02
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.8181.6648 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229213431.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [InterVoip] "C:\Program Files (x86)\InterVoip.com\InterVoip\InterVoip.exe" -nosplash -minimized
uRun: [Google Update] "C:\Users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Amir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{927629B9-EFF6-425F-A69C-DBE876AE9F38} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B1A5D8D0-769E-4CFE-B5A7-28F76D38AF4B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B1A5D8D0-769E-4CFE-B5A7-28F76D38AF4B}\7484F4C414D4D23594A5 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229213431.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files (x86)\myBabylon\tbmyBa.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amir\AppData\Roaming\Mozilla\Firefox\Profiles\7gn6xdi6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 1080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Dependency Checker\NPDCDetector.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF - plugin: C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Amir\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Amir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Amir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-13 92160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-1-23 103440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-26 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-26 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
R2 MSSQL$MSSQLSERVERR2;SQL Server (MSSQLSERVERR2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-1-31 66560]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-3-30 2075480]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-13 1692480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-7-7 376352]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$MSSQLSERVERR2;SQL Server Agent (MSSQLSERVERR2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-02-02 23:47:40 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Malwarebytes
2012-02-02 23:47:27 -------- d--h--w- C:\ProgramData\Malwarebytes
2012-02-02 23:47:23 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-02 23:47:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-02 15:20:27 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-02-02 15:18:57 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-02-02 15:14:10 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-02-02 15:12:40 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-02-02 15:12:40 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-02-02 15:12:40 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-02-02 15:12:40 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-02-02 15:08:39 3141632 ----a-w- C:\Windows\System32\win32k.sys
2012-02-02 15:03:35 -------- d-----w- C:\089dba48f211d9d2db
2012-02-02 04:58:45 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-02 04:58:45 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAB9A2BA-E5E2-4B77-A356-C660754A8AFE}\gapaengine.dll
2012-02-02 04:57:14 8602168 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEAF9857-7F53-4FBC-B9B6-9C36CA461CE6}\mpengine.dll
2012-02-02 04:27:30 -------- d-----w- C:\9f958e766051aa5c4c46318e272aa1c2
2012-02-02 04:24:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-02 04:23:40 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-02 04:14:42 10165440 ---ha-w- C:\mseinstall.exe
2012-01-30 01:16:02 -------- d-----w- C:\Windows\Hewlett-Packard
2012-01-29 02:58:49 -------- d--h--w- C:\Users\Amir\AppData\Local\dftmp
2012-01-28 21:27:27 -------- d-----w- C:\Program Files (x86)\NuGet 1.2
2012-01-28 21:02:12 -------- d-----w- C:\Program Files (x86)\Windows Azure Tools
2012-01-28 20:57:55 -------- d-----w- C:\ProgramData\Package Cache
2012-01-28 20:55:27 -------- d--h--w- C:\Users\Amir\AppData\Local\DevelopmentStorage
2012-01-28 20:55:24 -------- d-----w- C:\Program Files\Windows Azure Emulator
2012-01-28 20:53:07 -------- d-----w- C:\Program Files\Windows Azure SDK
2012-01-28 20:51:11 -------- d-----w- C:\Program Files\Microsoft
2012-01-28 20:48:38 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Microsoft Corporation
2012-01-28 20:01:36 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-28 20:01:36 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-28 20:01:28 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-28 20:01:28 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-28 19:54:22 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-01-28 19:54:22 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-01-28 19:43:59 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-01-28 19:43:46 -------- d-----w- C:\Program Files\IIS
2012-01-28 19:43:46 -------- d-----w- C:\Program Files (x86)\IIS
2012-01-28 19:36:24 2494624 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-28 19:27:44 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-01-28 19:27:44 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-01-28 19:24:32 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-01-28 19:24:32 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-01-28 17:31:23 -------- d-----w- C:\inetpub
2012-01-28 17:23:17 -------- d-----w- C:\Program Files (x86)\Microsoft Dependency Checker
2012-01-28 17:09:55 -------- d--h--w- C:\WATK
2012-01-26 20:45:55 -------- d-----w- C:\Program Files\iPod
2012-01-26 20:45:54 -------- d-----w- C:\Program Files\iTunes
2012-01-26 20:45:54 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-23 02:56:08 -------- d--h--w- C:\Users\Amir\AppData\Roaming\AVS4YOU
2012-01-23 02:54:41 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2012-01-23 02:53:40 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-01-23 02:53:39 -------- d--h--w- C:\ProgramData\AVS4YOU
2012-01-23 02:53:39 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2012-01-23 02:44:26 -------- d--h--w- C:\Users\Amir\AppData\Local\{2E45DF8C-86EC-4469-9BC4-D3F6466D5663}
2012-01-23 02:44:26 -------- d--h--w- C:\Users\Amir\AppData\Local\{07DFC55B-0A28-40BF-93DA-E801DAF0E7E1}
2012-01-19 15:37:00 -------- d-----w- C:\Program Files (x86)\InterVoip.com
2012-01-12 01:51:29 -------- d--h--w- C:\Users\Amir\AppData\Roaming\Athentech
2012-01-12 01:48:29 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 01:48:29 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 01:48:29 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 01:48:29 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-12 01:28:47 -------- d-----w- C:\Program Files\Athentech
2012-01-12 01:28:46 -------- d-----w- C:\Program Files (x86)\Athentech
2012-01-12 01:24:40 -------- d--h--w- C:\ProgramData\regid.1986-12.com.adobe
2012-01-12 00:10:45 -------- d--h--w- C:\Users\Amir\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-12 00:10:41 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
.
==================== Find3M ====================
.
2011-12-10 03:09:07 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-10 03:09:07 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-11-30 23:16:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:59:08.15 ===============
 
Welcome to TechSpot! I will be glad to help you, but I could surely do a better job if I knew what problems you were experiencing! I can see malware in the logs- however in order to know what to address in particular, I have to know what's happening.
---------------------------------
There is another log from DDS named Attach.txt. Please find that on the system and paste it in the next reply. You do not need to zip it.
====================================
There are several very active rogue programs hitting systems now. Fake PC Performance & Stability Analysis Report is usually from a rogue System Restore malware infection. This is not the System Check malware.

Does the following sound familiar?
1. Fake computer analysis and optimization program from the FakeHDD family of rogues.
2. Displays false alerts, also display fake alerts from your Windows taskbar.
Delayed Write Failed
Detected a hard disk problem
Critical Error!
Low Disk Space
These alerts, like the fake scans and corrupt messages, are only designed to scare you into purchasing the program.
3. Configured to start automatically when you login to Windows.
4. Attempts to make it so you cannot run any programs on your computer.
Missing icons, files, programs
5. Sets Policies:
"NoChangingWallPaper" = '1'
"Explorer "NoDesktop" = '1'
"DisableTaskMgr" = '1'
6. Changes desktop background to a solid black color
7. Do not delete files in temp folders or use temp file cleaner> deletes shortcuts found in various locations and store backups of them in the %Temp%\smtmp folder
===================================
You've also gotten a lot of adware from the FLV Direct Player. This could be either from the program itself or the download site you used.
====================================
You are using 2 antivirus programs:
AV: Microsoft Security Essentials
AV: McAfee Anti-Virus and Anti-Spyware
Please remove one of them. Multiple AVs make a system more vulnerable, not less.
Reboot the computer when finished.
==================================
You may also be infected with Wolfram Antivirus, another computer infection from the Rogue.WinAVPro family.
==================================
I want to make you aware that you have an excessive number of processes running. This will cause scans to take longer and it will also make my reviews of the massive log take longer> so expect those things.
=================================
I'm going to have you run Combofix only untill I get some information from you as to what's happening. Please leave the logs in the next reply with the Attact.txt log.

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.[/COLOR][/B]


If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
Thanks you for reply Bobbye,
The answer to your first 6 questions is positive. My computer has all the symptoms that you mentioned.. I installed Combofix and its generated log is as follows. Seems like the problem is no longer there, but still my start menu icons are hidden, wallpaper is not there and the quick icons are rearranged. What's next Bobbye? Any chance that everything will be back to normal? Thanks a lot for your help, really appreciate it.

Log attact.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 22/01/2010 12:02:31 PM
System Uptime: 02/02/2012 7:13:56 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 167.596 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1525 (802.11n) WLAN PCIe Card
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3755305C&0&00E3
Manufacturer: Atheros Communications Inc.
Name: DW1525 (802.11n) WLAN PCIe Card #2
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3755305C&0&00E3
Service: athr
.
==== System Restore Points ===================
.
RP558: 02/02/2012 1:39:33 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
.NET Compact Framework-based Splash Screen Sample
4500_G510nz_Help_Web
4500G510nz_Software_Min
4500G510nz_web
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS5.1
Adobe Reader 9.1.2
AdventureWorksDB
Apple Application Support
Apple Software Update
Bing Bar
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
Crystal Reports Basic for Visual Studio 2008
Crystal Reports for Visual Studio
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Destinations
DeviceDiscovery
DocMgr
DocProc
Dotfuscator Software Services - Community Edition
Fax
Free NaturalReader
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IMVU Avatar Chat Software
InterVoip
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
Microsoft Dependency Checker
Microsoft Document Explorer 2008
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project Professional 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2000 Sample Database Scripts
Microsoft SQL Server 2008 Books Online (English)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0 (x86 en-US)
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.0 MuseScore score typesetter
myBabylon Toolbar
Neuro-Programmer 3 Visualizations Pack 1.0
Neuro-Programmer 3.0.1
NuGet
PDF Settings CS5
Perfectly Clear Plugin 1.5.8
PowerDVD DX
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Reason 4.0
Red Light Center 3D Client
ReliaSoft DOE++
ReliaSoft Office 7
Roxio Burn
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Times Reader
Toolbox
TrayApp
Undelete Plus 2.96
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2483190)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC Runtimes MSI
Vista Codec Package
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x64 Runtime - v9.0.30729.6161
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 1.1.7
WebReg
WinCHM 4.2
WinDjView 1.0.1
Windows Azure Tools for Microsoft Visual Studio 2010 - November 2011
Windows Azure Tools for Microsoft Visual Studio 2010 1.6
Windows Azure Tools for Microsoft Visual Studio 2010 Core
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
29/01/2012 10:15:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
27/01/2012 10:40:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
02/02/2012 9:53:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 7:08:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
02/02/2012 6:40:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
02/02/2012 2:09:50 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
02/02/2012 2:08:06 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/02/2012 2:06:21 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/02/2012 2:04:38 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/02/2012 2:02:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/02/2012 2:00:43 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/02/2012 10:35:35 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/02/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/02/2012 10:35:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/02/2012 10:35:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/02/2012 10:34:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
02/02/2012 10:30:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk MpFilter NetBIOS NetBT nsiproxy Psched rdbss RsFx0103 Soluto spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:22 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 10:30:18 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 1:52:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
02/02/2012 1:50:17 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
02/02/2012 1:32:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
01/02/2012 11:48:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
01/02/2012 11:48:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/02/2012 11:47:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter RsFx0103 Soluto spldr Wanarpv6
01/02/2012 11:36:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
01/02/2012 11:27:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss RsFx0103 Soluto spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
01/02/2012 11:10:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RsFx0103 Soluto spldr Wanarpv6
.
==== End Of File ===========================
 
Combofix Log:

ComboFix 12-02-02.02 - Amir 02/02/2012 22:50:00.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.8181.6097 [GMT -5:00]
Running from: c:\users\Amir\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\users\Amir\AppData\Roaming\chrtmp
c:\users\Amir\AppData\Roaming\DataSafeDotNet.exe
c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Amir\Desktop\System Check.lnk
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 02:29 . 2012-02-03 02:29 -------- d-----w- c:\program files\Microsoft Lync
2012-02-03 02:29 . 2012-02-03 02:29 -------- d-----w- c:\program files (x86)\Microsoft Lync
2012-02-03 02:14 . 2012-02-03 04:05 -------- d-----w- c:\users\Amir\Tracing
2012-02-03 02:14 . 2012-02-03 02:28 -------- d-----w- c:\program files (x86)\OCSetup
2012-02-02 23:47 . 2012-02-02 23:47 -------- d--h--w- c:\users\Amir\AppData\Roaming\Malwarebytes
2012-02-02 23:47 . 2012-02-02 23:47 -------- d--h--w- c:\programdata\Malwarebytes
2012-02-02 23:47 . 2012-02-02 23:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-02 23:47 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 23:44 . 2012-02-02 23:44 -------- d--h--w- c:\users\Amir\AppData\Roaming\HPAppData
2012-02-02 15:20 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-02 15:18 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-02-02 15:14 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-02-02 15:12 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-02-02 15:12 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-02-02 15:12 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-02-02 15:12 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-02-02 15:08 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 15:03 . 2012-02-02 15:04 -------- d-----w- C:\089dba48f211d9d2db
2012-02-02 04:27 . 2012-02-02 04:27 -------- d-----w- C:\9f958e766051aa5c4c46318e272aa1c2
2012-02-02 04:14 . 2012-02-02 04:15 10165440 ---ha-w- C:\mseinstall.exe
2012-01-30 01:16 . 2012-01-30 01:16 -------- d-----w- c:\windows\Hewlett-Packard
2012-01-29 02:58 . 2012-01-29 02:58 -------- d--h--w- c:\users\Amir\AppData\Local\dftmp
2012-01-28 21:27 . 2012-01-28 21:27 -------- d-----w- c:\program files (x86)\NuGet 1.2
2012-01-28 21:02 . 2012-01-28 21:02 -------- d-----w- c:\program files (x86)\Windows Azure Tools
2012-01-28 20:57 . 2012-01-28 20:57 -------- d-----w- c:\programdata\Package Cache
2012-01-28 20:55 . 2012-01-29 03:48 -------- d--h--w- c:\users\Amir\AppData\Local\DevelopmentStorage
2012-01-28 20:55 . 2012-01-28 20:55 -------- d-----w- c:\program files\Windows Azure Emulator
2012-01-28 20:53 . 2012-01-28 20:53 -------- d-----w- c:\program files\Windows Azure SDK
2012-01-28 20:51 . 2012-01-28 20:51 -------- d-----w- c:\program files\Microsoft
2012-01-28 20:48 . 2012-01-28 20:48 -------- d--h--w- c:\users\Amir\AppData\Roaming\Microsoft Corporation
2012-01-28 20:01 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-28 20:01 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-01-28 20:01 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-28 20:01 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-01-28 19:43 . 2012-01-28 21:18 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-01-28 19:43 . 2012-01-28 19:43 -------- d-----w- c:\program files\IIS
2012-01-28 19:43 . 2012-01-28 19:43 -------- d-----w- c:\program files (x86)\IIS
2012-01-28 19:27 . 2012-01-28 19:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-01-28 19:27 . 2012-01-28 19:31 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-01-28 19:24 . 2012-01-28 19:55 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-01-28 19:24 . 2012-01-28 19:24 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-01-28 17:35 . 2012-01-28 17:35 -------- d-----w- c:\users\Classic .NET AppPool
2012-01-28 17:31 . 2012-01-29 16:14 -------- d-----w- C:\inetpub
2012-01-28 17:23 . 2012-01-28 17:23 -------- d-----w- c:\program files (x86)\Microsoft Dependency Checker
2012-01-28 17:09 . 2012-01-28 17:14 -------- d-----w- C:\WATK
2012-01-26 20:45 . 2012-01-26 20:45 -------- d-----w- c:\program files\iPod
2012-01-26 20:45 . 2012-01-26 20:46 -------- d-----w- c:\program files\iTunes
2012-01-26 20:45 . 2012-01-26 20:46 -------- d-----w- c:\program files (x86)\iTunes
2012-01-23 02:56 . 2012-01-23 02:56 -------- d--h--w- c:\users\Amir\AppData\Roaming\AVS4YOU
2012-01-23 02:54 . 2012-01-23 03:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-01-23 02:53 . 2011-08-22 21:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-01-23 02:53 . 2012-01-23 03:01 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-01-23 02:53 . 2012-01-23 02:55 -------- d--h--w- c:\programdata\AVS4YOU
2012-01-19 15:37 . 2012-01-19 15:37 -------- d-----w- c:\program files (x86)\InterVoip.com
2012-01-12 01:51 . 2012-01-12 01:51 -------- d--h--w- c:\users\Amir\AppData\Roaming\Athentech
2012-01-12 01:48 . 2012-02-01 01:57 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-12 01:48 . 2012-01-12 01:48 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 01:48 . 2012-01-12 01:48 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 01:48 . 2012-01-12 01:48 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 01:28 . 2012-01-12 01:28 -------- d-----w- c:\program files\Athentech
2012-01-12 01:28 . 2012-01-12 01:28 -------- d-----w- c:\program files (x86)\Athentech
2012-01-12 01:24 . 2012-01-12 01:24 -------- d--h--w- c:\programdata\regid.1986-12.com.adobe
2012-01-12 01:20 . 2012-01-12 01:24 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-12 00:10 . 2012-01-12 00:10 -------- d--h--w- c:\users\Amir\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-12 00:10 . 2012-01-12 00:10 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 03:10 . 2010-07-20 10:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-02-03 01:14 . 2011-11-30 23:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 21:27 . 2012-01-28 19:36 2494624 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-10 03:09 . 2011-12-10 03:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-10 03:09 . 2011-12-10 03:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files (x86)\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
.
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 19:54 1555480 ----a-w- c:\program files (x86)\myBabylon\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files (x86)\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
.
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InterVoip"="c:\program files (x86)\InterVoip.com\InterVoip\InterVoip.exe" [2011-08-13 13855024]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-10 296056]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-11-16 12065056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\Sanaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Amir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$MSSQLSERVERR2;SQL Server Agent (MSSQLSERVERR2);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
S2 MSSQL$MSSQLSERVERR2;SQL Server (MSSQLSERVERR2);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVERR2\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-01-31 66560]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 08:56]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 08:56]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1000Core.job
- c:\users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 13:47]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1000UA.job
- c:\users\Amir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 13:47]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1007Core.job
- c:\users\Sanaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 01:03]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1911981099-295284775-696251958-1007UA.job
- c:\users\Sanaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 01:03]
.
2012-02-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Amir\AppData\Roaming\Mozilla\Firefox\Profiles\7gn6xdi6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 1080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{34EA1C70-42CC-42C5-AA29-EC58B95A343E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-02 23:26:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 04:26
.
Pre-Run: 182,136,573,952 bytes free
Post-Run: 185,184,063,488 bytes free
.
- - End Of File - - 94C5C20C7B4F2FD4146164C1F358E425
 
Please do not send me a PM about logs unless I haven't replied for 48 hours. I will check Combofix later. For the cosmetic problems:

Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
Note 2: If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
================================
Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
Some items may not show on the Start menu. To add them back:
  • Right click on Start> Properties
  • Taskbar and Start Menu Properties screen appears
  • choose Start Menu tab> Click on Customize
  • For Windows XP> Choose Advanced tab
  • Check the items you want back on the Start Menu
  • When finished> click on OK> Apply and close.
======================================
I will return later. We have not finished.
 
Thank you so much Bobbye,

I ran unhide.exe and did what you instructed me to do.
The desktop is back to normal, start menu icons are back and the toolbar is fine again. What's next? Am I still vulnerable?
 
You did also have System Check. Most of these rogues will also bring the TDSSRootkit with it, so I'd like you to do the following scans:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Save the log and include in next reply.
  • A reboot is required after disinfection.
=======================================
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
=======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
======================================
After reviewing these logs> TDSSKiller, Mbam and the Eset scan, I'll have some script for you to run through Combofix.
 
Hi Bobbye,

Thank you for the instructions. I followed all the steps but no thread was found on my system. Also the windows installed more than 30 updates and afterwards, the start menu is back to normal again. Should I do anything else?
 
Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
 
Catching up! Thanks for your patience.

There should be a log fro TDSSKiller. If you cannot find it on the system, please run the program again, save the log and post it in next reply. Most of the rogue program are including the TDSS malware.
=====================================
If you did not get a log after the Eset scan, that's okay.
======================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
C:\089dba48f211d9d2db
C:\9f958e766051aa5c4c46318e272aa1c2
C:\ProgramData\Package Cache
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"=-
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"=- 
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader:> Adobe Reader Update
Java(TM):> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back