Jump to content

"System Message - Write Fault Error"


Recommended Posts

Hi,

I believe that my Windows 7 machine is infected with malware and need help!

Today morning, I received "System Message - Write Fault Error" message that popped up multiple times, with a message "A write command during the test has failed to complete ... This may be due to media ... invalid system memory address". Sorry, cannot see the message in full as the multiple windows overlap. The explanation below that window states "System Errror. Hard Disk Failure detected. Windows has lost access to the system partition during I/O process". Another window pops up asking to "Scan and repair (Recommended)" and another choice. On closing that window and other windows without any other action, my computer automatically reboots. And the same issue appears again.

Also, all icons on desktop objects have disappeared (other than a couple) and I cannot access any program under "All Programs".

I am able to start the computer in safe mode though.

I have downloaded dds.scr but am not sure if it can be run in safe mode (the only option available to me).

FYI - I do not have recovery CD available with me either.

Please assist with steps that I can do next.

Thanks

Jai

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Run DDS in Safe Mode if you must.

Link to post
Share on other sites

As I had mentioned, I had to run both dds and mbam.exe (updated yesterday night) in safe mode. Please suggest next steps. Please keep in mind that I can run only in safe mode right now.

Logs are below:

mbam quick scan detected 2 malicious objects. Quarantining them did not help the machine after reboot.

mbam log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x86 FAT32 (Safe Mode)

Internet Explorer 8.0.7601.17514

snayak :: 4BRXBT1 [administrator]

7/8/2012 3:34:40 PM

mbam-log-2012-07-08 (15-34-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 253150

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume2

Install Date: 6/1/2012 1:38:34 PM

System Uptime: 7/8/2012 3:29:12 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0KCT5J

Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU 1 | 2494/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 237.565 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfehidk

Device ID: ROOT\LEGACY_MFEHIDK\0000

Manufacturer:

Name: McAfee Inc. mfehidk

PNP Device ID: ROOT\LEGACY_MFEHIDK\0000

Service: mfehidk

.

==== System Restore Points ===================

.

RP44: 6/23/2012 3:01:39 AM - Windows Update

RP45: 6/23/2012 3:02:13 AM - Windows Update

RP46: 6/23/2012 3:02:33 AM - Windows Update

RP47: 6/23/2012 3:02:52 AM - Windows Update

RP48: 6/23/2012 3:03:38 AM - Windows Update

RP49: 6/23/2012 3:04:04 AM - Windows Update

RP50: 6/23/2012 3:26:15 AM - Windows Update

RP51: 6/23/2012 3:28:50 AM - Windows Update

RP52: 6/23/2012 3:29:18 AM - Windows Update

RP53: 7/1/2012 12:00:04 AM - Scheduled Checkpoint

RP54: 7/8/2012 3:19:28 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

.

32 Bit HP BiDi Channel Components Installer

7-Zip 9.20

AccelerometerP11

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Altiris Application Metering Agent

Altiris Client Task Agent

Altiris PC Transplant Capture Agent

Altiris Power Management Agent

Altiris Script Task Agent

Altiris Service Control Task Agent

Altiris Software Delivery Agent For Task Server

Altiris Software Delivery Solution Agent

Altiris Task Synchronization Agent

Conexant HDA D330 MDC V.92 Modem

CVE-2012-1889

CyberLink PowerDVD 9.5

DameWare Mini Remote Control Client Agent Service

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell System Manager

Dell Touchpad

Dell Webcam Central

Digital Line Detect

DirectX 9 Runtime

Export Notes v8.0.5.0 SP1

FileZilla Client 3.5.3

Flowstar.net Client Files

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Java Auto Updater

Java 6 Update 21

Juniper Installer Service

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Knowledge Xpert for PLSQL V9.0

Lotus Notes 8.5.1

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Agent

McAfee Host Intrusion Prevention

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Lync 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Standard 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Standard 2007

Microsoft Office Word MUI (English) 2010

Microsoft Online Services Sign-in Assistant

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Diagnostic Tool

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB973688)

Netwaiting

Notepad++

Oracle Enterprise Single Sign-on Password Reset Client

Passport_Direct

PDFCreator

PhotoShowExpress

Qexplain2full

Quest Software Toad for Oracle Version 9.0.1

Quest SQL Tuning for Oracle

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)

Snagit 11

Sonic CinePlayer Decoder Pack

Stat 5.5.4

TextPad 6

WebEx

WIDCOMM Bluetooth Software

X7Magic Setup

.

==== Event Viewer Messages From Past Week ========

.

7/8/2012 3:29:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/8/2012 3:29:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/8/2012 3:29:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/8/2012 3:29:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/8/2012 3:29:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/8/2012 3:29:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/8/2012 3:29:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FireTDI luafv mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless ZeroConfig Service service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 3:29:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

7/8/2012 2:49:09 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

7/8/2012 2:48:06 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

7/8/2012 2:47:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv

7/8/2012 2:47:01 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

7/8/2012 12:03:55 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

7/7/2012 10:57:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

7/7/2012 10:57:10 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

7/7/2012 10:30:51 AM, Error: Schannel [36887] - The following fatal alert was received: 10.

.

==== End Of File ===========================

------------------------------------

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.7601.17514

Run by snayak at 15:30:40 on 2012-07-08

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2269 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120601155244.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe

mRun: [intelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"

mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [LidpjsgBGxdFuo.exe] c:\programdata\LidpjsgBGxdFuo.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: expedia.be

Trusted Zone: expedia.co.uk

Trusted Zone: expedia.com

Trusted Zone: expedia.de

Trusted Zone: expedia.es

Trusted Zone: expedia.fr

Trusted Zone: expedia.it

Trusted Zone: expedia.nl

Trusted Zone: flowstar.net

Trusted Zone: sumtotalsystems.com

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://gssricew.flowserve.net:8004/OA_HTML/oaj2se.exe

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DhcpNameServer = 172.26.1.10 172.19.106.28

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475055524C49434 : DhcpNameServer = 204.59.152.208 208.67.222.222 57.67.127.195

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DhcpNameServer = 172.26.1.10 172.30.24.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\snayak\appdata\roaming\mozilla\firefox\profiles\79znsqch.default\

FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 165416]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]

S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 463912]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]

S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2012-6-1 24615]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464]

S2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-6-1 35696]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]

S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 166024]

S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 148520]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]

S2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]

S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 257224]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]

S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

S3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-6-1 107928]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-6-1 38680]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-6-1 35552]

S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 180328]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 59192]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87392]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-2 113120]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]

S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2012-07-08 14:47:46 343800 ----a-w- c:\programdata\LidpjsgBGxdFuo.exe

2012-06-30 17:23:22 -------- d-----w- c:\windows\system32\Dell

2012-06-25 15:10:39 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-23 16:05:41 -------- d--h--w- c:\users\snayak\appdata\roaming\Quest Software

2012-06-23 08:28:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-23 08:28:57 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-23 08:28:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-23 08:04:13 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-23 08:04:13 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-23 08:01:50 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-06-19 17:01:17 -------- d--h--w- c:\users\snayak\appdata\roaming\webex

2012-06-19 15:36:51 -------- d-----w- c:\programdata\WebEx

2012-06-17 05:09:04 -------- d--h--w- c:\users\snayak\appdata\roaming\Helios

2012-06-17 05:08:25 -------- d-----w- c:\program files\TextPad 6

2012-06-16 22:32:50 -------- d--h--w- c:\users\snayak\appdata\local\Dell

2012-06-16 22:26:29 0 ----a-w- c:\windows\invcol.tmp

2012-06-15 20:01:05 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL

2012-06-15 20:00:54 -------- d-----w- c:\program files\MSXML 4.0

2012-06-13 03:27:58 -------- d--h--w- c:\users\snayak\appdata\roaming\pdfforge

2012-06-13 03:27:52 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-06-13 03:27:51 79360 ----a-w- c:\windows\system32\pdfcmon.dll

2012-06-13 03:27:50 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-06-13 03:27:50 -------- d-----w- c:\program files\PDFCreator

2012-06-13 03:27:49 -------- d-----w- c:\programdata\Premium

2012-06-13 03:26:36 -------- d-----w- c:\programdata\InstallMate

2012-06-12 14:23:55 -------- d--h--w- c:\users\snayak\Lync Recordings

2012-06-12 04:51:34 604706 ----a-w- c:\windows\system32\~.tmp

2012-06-12 03:13:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-12 03:13:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-09 23:28:09 -------- d-----w- c:\program files\Trend Micro

2012-06-09 23:09:00 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-09 22:58:58 -------- d-----w- c:\windows\system32\appmgmt

2012-06-09 13:19:49 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-09 05:36:12 -------- d--h--w- c:\users\snayak\appdata\local\temp

2012-06-08 22:21:50 -------- d--h--w- c:\users\snayak\appdata\local\ElevatedDiagnostics

2012-06-08 20:36:27 -------- d--h--w- c:\users\snayak\appdata\local\LogMeIn Rescue Applet

.

==================== Find3M ====================

.

2012-06-13 22:42:39 423656 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-12 01:46:46 143040 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-06-09 04:23:19 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-06-02 01:56:06 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe

2012-06-02 01:56:03 303104 ----a-w- c:\windows\9684826Uninstall.exe

2012-06-01 21:06:00 933888 ----a-w- c:\windows\system32\WebMail_.exe

2012-06-01 21:05:59 933888 ----a-w- c:\windows\system32\WebMail.exe

2012-06-01 21:05:59 77760 ----a-w- c:\windows\system32\WebMail_.sys

2012-05-24 01:40:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-24 01:40:55 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-24 01:40:33 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-05-24 01:40:30 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-24 01:40:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-24 01:40:30 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-05-24 01:40:30 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-24 01:40:15 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 15:31:23.21 ===============

Link to post
Share on other sites

Ran combofix in safe mode. Some of the desktop icons appeared (possibly all are there but not visible in safe mode). There was no reboot.

Ran DDS again without reboot. Logs attached.

Combofix log is below -

ComboFix 12-07-08.01 - snayak 07/08/2012 16:33:48.3.4 - x86 MINIMAL

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2225 [GMT -5:00]

Running from: c:\users\snayak\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\LidpjsgBGxdFuo.exe

c:\windows\system32\~.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 21:38 . 2012-07-08 21:38 -------- d-----w- c:\users\snayak\AppData\Local\temp

2012-06-30 17:23 . 2012-06-30 17:23 -------- d-----w- c:\windows\system32\Dell

2012-06-25 15:10 . 2012-06-25 15:10 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-23 16:05 . 2012-06-23 16:05 -------- d--h--w- c:\users\snayak\AppData\Roaming\Quest Software

2012-06-23 08:28 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-23 08:28 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-23 08:28 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-23 08:04 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-23 08:04 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-23 08:01 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-06-19 17:01 . 2012-06-19 17:01 -------- d--h--w- c:\users\snayak\AppData\Roaming\webex

2012-06-19 15:36 . 2012-06-19 15:37 -------- d-----w- c:\programdata\WebEx

2012-06-17 05:09 . 2012-06-17 05:09 -------- d--h--w- c:\users\snayak\AppData\Roaming\Helios

2012-06-17 05:08 . 2012-06-17 05:08 -------- d-----w- c:\program files\TextPad 6

2012-06-16 22:32 . 2012-06-16 22:32 -------- d--h--w- c:\users\snayak\AppData\Local\Dell

2012-06-16 22:26 . 2012-06-16 22:26 0 ----a-w- c:\windows\invcol.tmp

2012-06-15 20:01 . 2009-09-30 19:18 2594632 ----a-r- c:\program files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL

2012-06-15 20:00 . 2012-06-15 20:00 -------- d-----w- c:\program files\MSXML 4.0

2012-06-13 22:43 . 2012-06-13 22:43 -------- d-----w- c:\program files\Common Files\Java

2012-06-13 22:42 . 2012-06-13 22:42 -------- d-----w- c:\program files\Java

2012-06-13 03:27 . 2012-06-13 03:30 -------- d--h--w- c:\users\snayak\AppData\Roaming\pdfforge

2012-06-13 03:27 . 1998-06-24 06:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-06-13 03:27 . 2012-05-14 14:17 79360 ----a-w- c:\windows\system32\pdfcmon.dll

2012-06-13 03:27 . 2012-06-13 03:28 -------- d-----w- c:\program files\PDFCreator

2012-06-13 03:27 . 1998-07-06 06:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-06-13 03:27 . 2012-06-13 03:27 -------- d-----w- c:\programdata\Premium

2012-06-13 03:27 . 2012-06-13 03:27 454 ----a-w- C:\user.js

2012-06-13 03:26 . 2012-06-13 03:27 -------- d-----w- c:\programdata\InstallMate

2012-06-12 14:23 . 2012-06-12 14:23 -------- d--h--w- c:\users\snayak\Lync Recordings

2012-06-12 04:51 . 2012-06-13 03:15 604706 ----a-w- c:\windows\system32\~.tmp

2012-06-12 03:13 . 2012-06-12 03:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-12 03:13 . 2012-06-12 03:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-09 23:28 . 2012-06-09 23:28 -------- d-----w- c:\program files\Trend Micro

2012-06-09 23:09 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-09 23:04 . 2012-06-09 23:04 -------- d-----w- c:\program files\Common Files\Adobe

2012-06-08 22:35 . 2012-06-25 22:21 -------- d--h--w- c:\users\snayak\AppData\Roaming\Notepad++

2012-06-08 22:21 . 2012-06-08 22:21 -------- d--h--w- c:\users\snayak\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 22:42 . 2011-08-30 19:46 423656 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-12 01:46 . 2012-06-01 20:43 143040 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-06-09 04:23 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-06-04 15:54 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll

2012-06-02 01:56 . 2012-06-02 01:56 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe

2012-06-02 01:56 . 2012-06-02 01:56 303104 ----a-w- c:\windows\9684826Uninstall.exe

2012-06-01 21:06 . 2012-06-01 21:06 933888 ----a-w- c:\windows\system32\WebMail_.exe

2012-06-01 21:05 . 2012-06-01 21:05 933888 ----a-w- c:\windows\system32\WebMail.exe

2012-06-01 21:05 . 2012-06-01 21:05 77760 ----a-w- c:\windows\system32\WebMail_.sys

2012-05-24 01:40 . 2012-05-24 01:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-24 01:40 . 2012-05-24 01:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-24 01:40 . 2012-05-24 01:40 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-05-24 01:40 . 2012-05-24 01:40 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-24 01:40 . 2012-05-24 01:40 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-24 01:40 . 2012-05-24 01:40 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-05-24 01:40 . 2012-05-24 01:40 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-24 01:40 . 2012-05-24 01:40 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-06-14 22:20 . 2012-07-02 22:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]

"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]

"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2011-04-13 979104]

"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-05-16 12098648]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 840992]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-23 50688]

Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

R1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

R2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [x]

R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [x]

R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [x]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [x]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SSPREnrollService;SSPREnrollService;c:\program files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R2 WebMail;WebMail;c:\windows\system32\WebMail.exe [x]

R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [x]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]

R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]

R3 IgniteService;IgniteService;c:\program files\IgniteCDS\IgniteService.exe [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [x]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [x]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [x]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 03:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: expedia.be

Trusted Zone: expedia.co.uk

Trusted Zone: expedia.com

Trusted Zone: expedia.de

Trusted Zone: expedia.es

Trusted Zone: expedia.fr

Trusted Zone: expedia.it

Trusted Zone: expedia.nl

Trusted Zone: flowstar.net

Trusted Zone: sumtotalsystems.com

TCP: DhcpNameServer = 192.168.1.1

Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab

FF - ProfilePath - c:\users\snayak\AppData\Roaming\Mozilla\Firefox\Profiles\79znsqch.default\

FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-LidpjsgBGxdFuo.exe - c:\programdata\LidpjsgBGxdFuo.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-08 16:41:49

ComboFix-quarantined-files.txt 2012-07-08 21:41

ComboFix2.txt 2012-06-09 13:20

.

Pre-Run: 254,971,559,936 bytes free

Post-Run: 254,778,601,472 bytes free

.

- - End Of File - - 2589B39E6BADF512541D5B9E3275CFBD

-------------------------

DDS Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume2

Install Date: 6/1/2012 1:38:34 PM

System Uptime: 7/8/2012 4:29:58 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0KCT5J

Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU 1 | 2494/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 237.352 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Dell Wireless 375 Bluetooth Module

Device ID: USB\VID_413C&PID_8187\C01885D913AB

Manufacturer: Broadcom

Name: Dell Wireless 375 Bluetooth Module

PNP Device ID: USB\VID_413C&PID_8187\C01885D913AB

Service: BTHUSB

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfehidk

Device ID: ROOT\LEGACY_MFEHIDK\0000

Manufacturer:

Name: McAfee Inc. mfehidk

PNP Device ID: ROOT\LEGACY_MFEHIDK\0000

Service: mfehidk

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

32 Bit HP BiDi Channel Components Installer

7-Zip 9.20

AccelerometerP11

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Altiris Application Metering Agent

Altiris Client Task Agent

Altiris PC Transplant Capture Agent

Altiris Power Management Agent

Altiris Script Task Agent

Altiris Service Control Task Agent

Altiris Software Delivery Agent For Task Server

Altiris Software Delivery Solution Agent

Altiris Task Synchronization Agent

Conexant HDA D330 MDC V.92 Modem

CVE-2012-1889

CyberLink PowerDVD 9.5

DameWare Mini Remote Control Client Agent Service

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell System Manager

Dell Touchpad

Dell Webcam Central

Digital Line Detect

DirectX 9 Runtime

Export Notes v8.0.5.0 SP1

FileZilla Client 3.5.3

Flowstar.net Client Files

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Java Auto Updater

Java 6 Update 21

Juniper Installer Service

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Knowledge Xpert for PLSQL V9.0

Lotus Notes 8.5.1

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Agent

McAfee Host Intrusion Prevention

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Lync 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Standard 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Standard 2007

Microsoft Office Word MUI (English) 2010

Microsoft Online Services Sign-in Assistant

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Diagnostic Tool

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB973688)

Netwaiting

Notepad++

Oracle Enterprise Single Sign-on Password Reset Client

Passport_Direct

PDFCreator

PhotoShowExpress

Qexplain2full

Quest Software Toad for Oracle Version 9.0.1

Quest SQL Tuning for Oracle

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)

Snagit 11

Sonic CinePlayer Decoder Pack

Stat 5.5.4

TextPad 6

WebEx

WIDCOMM Bluetooth Software

X7Magic Setup

.

==== Event Viewer Messages From Past Week ========

.

7/8/2012 4:42:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:38:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/8/2012 4:32:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

7/8/2012 4:30:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/8/2012 4:30:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/8/2012 4:30:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/8/2012 4:30:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/8/2012 4:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/8/2012 4:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/8/2012 4:30:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FireTDI luafv mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless ZeroConfig Service service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.

7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/8/2012 4:28:44 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

7/8/2012 4:28:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv

7/8/2012 4:28:28 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

7/8/2012 4:21:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

7/8/2012 2:49:09 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

7/8/2012 12:03:55 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

7/7/2012 10:57:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

7/7/2012 10:57:10 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

7/7/2012 10:30:51 AM, Error: Schannel [36887] - The following fatal alert was received: 10.

.

==== End Of File ===========================

DDS.txt :

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.7601.17514

Run by snayak at 16:44:24 on 2012-07-08

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2529 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\ctfmon.exe

C:\windows\explorer.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120601155244.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe

mRun: [intelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"

mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 11\Snagit32.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: expedia.be

Trusted Zone: expedia.co.uk

Trusted Zone: expedia.com

Trusted Zone: expedia.de

Trusted Zone: expedia.es

Trusted Zone: expedia.fr

Trusted Zone: expedia.it

Trusted Zone: expedia.nl

Trusted Zone: flowstar.net

Trusted Zone: sumtotalsystems.com

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://gssricew.flowserve.net:8004/OA_HTML/oaj2se.exe

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DhcpNameServer = 172.26.1.10 172.19.106.28

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475055524C49434 : DhcpNameServer = 204.59.152.208 208.67.222.222 57.67.127.195

TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DhcpNameServer = 172.26.1.10 172.30.24.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\snayak\appdata\roaming\mozilla\firefox\profiles\79znsqch.default\

FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 165416]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]

S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 463912]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]

S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2012-6-1 24615]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464]

S2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-6-1 35696]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]

S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 166024]

S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 148520]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]

S2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]

S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 257224]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]

S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

S3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-6-1 107928]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-6-1 38680]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-6-1 35552]

S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 180328]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 59192]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87392]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-2 113120]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]

S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2012-07-08 21:41:53 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-08 21:41:51 -------- d-----w- c:\users\snayak\appdata\local\temp

2012-07-08 21:32:02 98816 ----a-w- c:\windows\sed.exe

2012-07-08 21:32:02 518144 ----a-w- c:\windows\SWREG.exe

2012-07-08 21:32:02 256000 ----a-w- c:\windows\PEV.exe

2012-07-08 21:32:02 208896 ----a-w- c:\windows\MBR.exe

2012-06-30 17:23:22 -------- d-----w- c:\windows\system32\Dell

2012-06-25 15:10:39 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-23 16:05:41 -------- d-----w- c:\users\snayak\appdata\roaming\Quest Software

2012-06-23 08:28:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-23 08:28:57 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-23 08:28:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-23 08:04:13 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-23 08:04:13 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-23 08:01:50 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-06-19 17:01:17 -------- d-----w- c:\users\snayak\appdata\roaming\webex

2012-06-19 15:36:51 -------- d-----w- c:\programdata\WebEx

2012-06-17 05:09:04 -------- d-----w- c:\users\snayak\appdata\roaming\Helios

2012-06-17 05:08:25 -------- d-----w- c:\program files\TextPad 6

2012-06-16 22:32:50 -------- d-----w- c:\users\snayak\appdata\local\Dell

2012-06-16 22:26:29 0 ----a-w- c:\windows\invcol.tmp

2012-06-15 20:01:05 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL

2012-06-15 20:00:54 -------- d-----w- c:\program files\MSXML 4.0

2012-06-13 03:27:58 -------- d-----w- c:\users\snayak\appdata\roaming\pdfforge

2012-06-13 03:27:52 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-06-13 03:27:51 79360 ----a-w- c:\windows\system32\pdfcmon.dll

2012-06-13 03:27:50 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-06-13 03:27:50 -------- d-----w- c:\program files\PDFCreator

2012-06-13 03:27:49 -------- d-----w- c:\programdata\Premium

2012-06-13 03:26:36 -------- d-----w- c:\programdata\InstallMate

2012-06-12 14:23:55 -------- d-----w- c:\users\snayak\Lync Recordings

2012-06-12 04:51:34 604706 ----a-w- c:\windows\system32\~.tmp

2012-06-12 03:13:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-12 03:13:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-09 23:28:09 -------- d-----w- c:\program files\Trend Micro

2012-06-09 23:09:00 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-09 22:58:58 -------- d-----w- c:\windows\system32\appmgmt

2012-06-08 22:21:50 -------- d-----w- c:\users\snayak\appdata\local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2012-06-13 22:42:39 423656 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-12 01:46:46 143040 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-06-09 04:23:19 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-06-02 01:56:06 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe

2012-06-02 01:56:03 303104 ----a-w- c:\windows\9684826Uninstall.exe

2012-06-01 21:06:00 933888 ----a-w- c:\windows\system32\WebMail_.exe

2012-06-01 21:05:59 933888 ----a-w- c:\windows\system32\WebMail.exe

2012-06-01 21:05:59 77760 ----a-w- c:\windows\system32\WebMail_.sys

2012-05-24 01:40:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-24 01:40:55 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-24 01:40:33 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-05-24 01:40:30 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-24 01:40:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-24 01:40:30 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-05-24 01:40:30 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-24 01:40:15 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 16:44:33.66 ===============

Link to post
Share on other sites

Just wanted to add that -

I rebooted and started the machine in normal mode. The errors do not appear any more. I am also able to access the Internet w/o errors. Thanks for the help.

But -

my wall paper (background) image is not there; the background is black, no image.

Plus many of the desktop icons that I had not used are not displayed anymore. Though the ones which I have used are all being displayed.

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi Chris,

I will answer your last question first (even after the ESET run):

1) When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed.

2) My background wallpaper image is till not there and all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.

3) But Internet search seems to be working fine and at earlier speeds.

The ESET run did find one malicious object and removed it. I did see that the log showed the objects that was removed. Unfortunately, I chose the option to uninstall the application and it removed the log too. Sorry about not being able to post the file name,

The results for securitycheck.exe is shown below:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee VirusScan Enterprise

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 21

Java version out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (13.0.1)

````````Process Check: objlist.exe by Laurent````````

McAfee VirusScan Enterprise vstskmgr.exe

McAfee VirusScan Enterprise mfeann.exe

Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE

Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

1) When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed.
This isn't abnormal. Everyone has to click on All Programs to see the program list.
2) My background wallpaper image is till not there and all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.
Which unused icons??? Is there a folder with them inside??

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 21

Restart your computer.

Get the latest version of Java.

Run Windows Update and install all updates, including Internet Explorer 9.

Reboot and post a fresh SecurityCheck log.

Let me know what issues remain.

Link to post
Share on other sites

Hi Chris,

Let me clarify. I am on Windows 7.

>> When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed

Before the Malware attack, when I clicked on Start, a list of programs appeared above "All Programs". After the attack, the list was empty. The corrective actions did not restore it.

Well, after some Google search, I clicked on Start, right-clicked on "All Programs", and saw that "Store and Display recently opened programs in the start menu" and choice below it were both unchecked. Checking them back populated the program list in the menu.

>> all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.

These unused shortcut icons were on my desktop. The shortcuts that I had been using were all restored back after the combofix run.

I was referring to a program in XP that would automatically (after a certain duration) ask if the unused icons needed to be deleted. It was like during the malware attack, that program ran on my Windows 7 machine. I was not sure where those unused icons got moved to (or were deleted).

I looked for those missing shortcuts today and found them all in "C:\Qoobox\Quarantine\C\Users\<user name>\AppData\Local\Temp\smtmp\4".

I also see a bunch of files under the path of "C:\Qoobox\Quarantine\C\Users\<user name>\AppData\Local\Temp\smtmp\1". There is a sub-directory of "Programs" under the "1" sub-directory and a whole of lot of program directories are there. There are two shortcuts "Default Programs" and "Windows Update" under the "1" sub-directory. Not sure what these sub-directories and files mean.

If you have any ideas on the above, please provide them.

I have gone ahead and got my desktop wallpaper restored.

On Java 6 Update 21 and IE 8 - I cannot update these as we use application programs that require these specific versions unfortunately (this is a work laptop).

Thanks for all your help. I really appreciate it. Other than the diconcerting feeling that the unused icons did not get restored back, I do not see any abnormal behavior or missing programs or hidden files.

Link to post
Share on other sites

Thanks. I had already done that step as mentioned in the first part of post #10.

Do the other files in the Quarantine directory have any relevance? I do see some of the missing desktop short cuts there, which I really do not care for much since they were unused by me. My laptop seems to be functioning fine otherwise. Is there anything else that is left to be done?

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.