17 replies to this topic

[Jai]

Hi,

I believe that my Windows 7 machine is infected with malware and need help!

Today morning, I received "System Message - Write Fault Error" message that popped up multiple times, with a message "A write command during the test has failed to complete ... This may be due to media ... invalid system memory address". Sorry, cannot see the message in full as the multiple windows overlap. The explanation below that window states "System Errror. Hard Disk Failure detected. Windows has lost access to the system partition during I/O process". Another window pops up asking to "Scan and repair (Recommended)" and another choice. On closing that window and other windows without any other action, my computer automatically reboots. And the same issue appears again.

Also, all icons on desktop objects have disappeared (other than a couple) and I cannot access any program under "All Programs".

I am able to start the computer in safe mode though.

I have downloaded dds.scr but am not sure if it can be run in safe mode (the only option available to me).

FYI - I do not have recovery CD available with me either.

Please assist with steps that I can do next.

Thanks
Jai

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Run DDS in Safe Mode if you must.

[Jai]

As I had mentioned, I had to run both dds and mbam.exe (updated yesterday night) in safe mode. Please suggest next steps. Please keep in mind that I can run only in safe mode right now.

Logs are below:

mbam quick scan detected 2 malicious objects. Quarantining them did not help the machine after reboot.

mbam log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.07
Windows 7 Service Pack 1 x86 FAT32 (Safe Mode)
Internet Explorer 8.0.7601.17514
snayak :: 4BRXBT1 [administrator]
7/8/2012 3:34:40 PM
mbam-log-2012-07-08 (15-34-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253150
Time elapsed: 2 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


---------------------
Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 6/1/2012 1:38:34 PM
System Uptime: 7/8/2012 3:29:12 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KCT5J
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU 1 | 2494/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 237.565 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
RP44: 6/23/2012 3:01:39 AM - Windows Update
RP45: 6/23/2012 3:02:13 AM - Windows Update
RP46: 6/23/2012 3:02:33 AM - Windows Update
RP47: 6/23/2012 3:02:52 AM - Windows Update
RP48: 6/23/2012 3:03:38 AM - Windows Update
RP49: 6/23/2012 3:04:04 AM - Windows Update
RP50: 6/23/2012 3:26:15 AM - Windows Update
RP51: 6/23/2012 3:28:50 AM - Windows Update
RP52: 6/23/2012 3:29:18 AM - Windows Update
RP53: 7/1/2012 12:00:04 AM - Scheduled Checkpoint
RP54: 7/8/2012 3:19:28 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP BiDi Channel Components Installer
7-Zip 9.20
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Altiris Application Metering Agent
Altiris Client Task Agent
Altiris PC Transplant Capture Agent
Altiris Power Management Agent
Altiris Script Task Agent
Altiris Service Control Task Agent
Altiris Software Delivery Agent For Task Server
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Conexant HDA D330 MDC V.92 Modem
CVE-2012-1889
CyberLink PowerDVD 9.5
DameWare Mini Remote Control Client Agent Service
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell System Manager
Dell Touchpad
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Export Notes v8.0.5.0 SP1
FileZilla Client 3.5.3
Flowstar.net Client Files
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Java Auto Updater
Java™ 6 Update 21
Juniper Installer Service
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Knowledge Xpert for PLSQL V9.0
Lotus Notes 8.5.1
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Agent
McAfee Host Intrusion Prevention
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2010
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
Netwaiting
Notepad++
Oracle Enterprise Single Sign-on Password Reset Client
Passport_Direct
PDFCreator
PhotoShowExpress
Qexplain2full
Quest Software Toad for Oracle Version 9.0.1
Quest SQL Tuning for Oracle
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
Snagit 11
Sonic CinePlayer Decoder Pack
Stat 5.5.4
TextPad 6
WebEx
WIDCOMM Bluetooth Software
X7Magic Setup
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 3:29:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/8/2012 3:29:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/8/2012 3:29:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/8/2012 3:29:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/8/2012 3:29:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/8/2012 3:29:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/8/2012 3:29:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FireTDI luafv mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless ZeroConfig Service service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 3:29:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 3:29:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/8/2012 2:49:09 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
7/8/2012 2:48:06 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
7/8/2012 2:47:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv
7/8/2012 2:47:01 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
7/8/2012 12:03:55 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
7/7/2012 10:57:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
7/7/2012 10:57:10 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/7/2012 10:30:51 AM, Error: Schannel [36887] - The following fatal alert was received: 10.
.
==== End Of File ===========================

------------------------------------
DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.7601.17514
Run by snayak at 15:30:40 on 2012-07-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2269 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120601155244.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LidpjsgBGxdFuo.exe] c:\programdata\LidpjsgBGxdFuo.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: expedia.be
Trusted Zone: expedia.co.uk
Trusted Zone: expedia.com
Trusted Zone: expedia.de
Trusted Zone: expedia.es
Trusted Zone: expedia.fr
Trusted Zone: expedia.it
Trusted Zone: expedia.nl
Trusted Zone: flowstar.net
Trusted Zone: sumtotalsystems.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://gssricew.flowserve.net:8004/OA_HTML/oaj2se.exe
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DhcpNameServer = 172.26.1.10 172.19.106.28
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475055524C49434 : DhcpNameServer = 204.59.152.208 208.67.222.222 57.67.127.195
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DhcpNameServer = 172.26.1.10 172.30.24.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\snayak\appdata\roaming\mozilla\firefox\profiles\79znsqch.default\
FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 165416]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 463912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]
S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2012-6-1 24615]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464]
S2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-6-1 35696]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 166024]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 148520]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]
S2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]
S3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-6-1 107928]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-6-1 38680]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-6-1 35552]
S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 180328]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 59192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87392]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-2 113120]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-07-08 14:47:46 343800 ----a-w- c:\programdata\LidpjsgBGxdFuo.exe
2012-06-30 17:23:22 -------- d-----w- c:\windows\system32\Dell
2012-06-25 15:10:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-23 16:05:41 -------- d--h--w- c:\users\snayak\appdata\roaming\Quest Software
2012-06-23 08:28:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-23 08:28:57 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-23 08:28:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-23 08:04:13 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-23 08:04:13 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-23 08:01:50 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-06-19 17:01:17 -------- d--h--w- c:\users\snayak\appdata\roaming\webex
2012-06-19 15:36:51 -------- d-----w- c:\programdata\WebEx
2012-06-17 05:09:04 -------- d--h--w- c:\users\snayak\appdata\roaming\Helios
2012-06-17 05:08:25 -------- d-----w- c:\program files\TextPad 6
2012-06-16 22:32:50 -------- d--h--w- c:\users\snayak\appdata\local\Dell
2012-06-16 22:26:29 0 ----a-w- c:\windows\invcol.tmp
2012-06-15 20:01:05 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2012-06-15 20:00:54 -------- d-----w- c:\program files\MSXML 4.0
2012-06-13 03:27:58 -------- d--h--w- c:\users\snayak\appdata\roaming\pdfforge
2012-06-13 03:27:52 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-06-13 03:27:51 79360 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-13 03:27:50 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-06-13 03:27:50 -------- d-----w- c:\program files\PDFCreator
2012-06-13 03:27:49 -------- d-----w- c:\programdata\Premium
2012-06-13 03:26:36 -------- d-----w- c:\programdata\InstallMate
2012-06-12 14:23:55 -------- d--h--w- c:\users\snayak\Lync Recordings
2012-06-12 04:51:34 604706 ----a-w- c:\windows\system32\~.tmp
2012-06-12 03:13:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 03:13:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 23:28:09 -------- d-----w- c:\program files\Trend Micro
2012-06-09 23:09:00 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-09 22:58:58 -------- d-----w- c:\windows\system32\appmgmt
2012-06-09 13:19:49 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-09 05:36:12 -------- d--h--w- c:\users\snayak\appdata\local\temp
2012-06-08 22:21:50 -------- d--h--w- c:\users\snayak\appdata\local\ElevatedDiagnostics
2012-06-08 20:36:27 -------- d--h--w- c:\users\snayak\appdata\local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2012-06-13 22:42:39 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 01:46:46 143040 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-06-09 04:23:19 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-06-02 01:56:06 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe
2012-06-02 01:56:03 303104 ----a-w- c:\windows\9684826Uninstall.exe
2012-06-01 21:06:00 933888 ----a-w- c:\windows\system32\WebMail_.exe
2012-06-01 21:05:59 933888 ----a-w- c:\windows\system32\WebMail.exe
2012-06-01 21:05:59 77760 ----a-w- c:\windows\system32\WebMail_.sys
2012-05-24 01:40:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-24 01:40:55 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-24 01:40:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-24 01:40:30 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-24 01:40:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-24 01:40:30 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-24 01:40:30 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-24 01:40:15 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:31:23.21 ===============

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[Jai]

Ran combofix in safe mode. Some of the desktop icons appeared (possibly all are there but not visible in safe mode). There was no reboot.

Ran DDS again without reboot. Logs attached.

Combofix log is below -

ComboFix 12-07-08.01 - snayak 07/08/2012 16:33:48.3.4 - x86 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2225 [GMT -5:00]
Running from: c:\users\snayak\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LidpjsgBGxdFuo.exe
c:\windows\system32\~.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 21:38 . 2012-07-08 21:38 -------- d-----w- c:\users\snayak\AppData\Local\temp
2012-06-30 17:23 . 2012-06-30 17:23 -------- d-----w- c:\windows\system32\Dell
2012-06-25 15:10 . 2012-06-25 15:10 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-23 16:05 . 2012-06-23 16:05 -------- d--h--w- c:\users\snayak\AppData\Roaming\Quest Software
2012-06-23 08:28 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-23 08:28 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-23 08:28 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-23 08:04 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-23 08:04 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-23 08:01 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-06-19 17:01 . 2012-06-19 17:01 -------- d--h--w- c:\users\snayak\AppData\Roaming\webex
2012-06-19 15:36 . 2012-06-19 15:37 -------- d-----w- c:\programdata\WebEx
2012-06-17 05:09 . 2012-06-17 05:09 -------- d--h--w- c:\users\snayak\AppData\Roaming\Helios
2012-06-17 05:08 . 2012-06-17 05:08 -------- d-----w- c:\program files\TextPad 6
2012-06-16 22:32 . 2012-06-16 22:32 -------- d--h--w- c:\users\snayak\AppData\Local\Dell
2012-06-16 22:26 . 2012-06-16 22:26 0 ----a-w- c:\windows\invcol.tmp
2012-06-15 20:01 . 2009-09-30 19:18 2594632 ----a-r- c:\program files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
2012-06-15 20:00 . 2012-06-15 20:00 -------- d-----w- c:\program files\MSXML 4.0
2012-06-13 22:43 . 2012-06-13 22:43 -------- d-----w- c:\program files\Common Files\Java
2012-06-13 22:42 . 2012-06-13 22:42 -------- d-----w- c:\program files\Java
2012-06-13 03:27 . 2012-06-13 03:30 -------- d--h--w- c:\users\snayak\AppData\Roaming\pdfforge
2012-06-13 03:27 . 1998-06-24 06:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-06-13 03:27 . 2012-05-14 14:17 79360 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-13 03:27 . 2012-06-13 03:28 -------- d-----w- c:\program files\PDFCreator
2012-06-13 03:27 . 1998-07-06 06:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-06-13 03:27 . 2012-06-13 03:27 -------- d-----w- c:\programdata\Premium
2012-06-13 03:27 . 2012-06-13 03:27 454 ----a-w- C:\user.js
2012-06-13 03:26 . 2012-06-13 03:27 -------- d-----w- c:\programdata\InstallMate
2012-06-12 14:23 . 2012-06-12 14:23 -------- d--h--w- c:\users\snayak\Lync Recordings
2012-06-12 04:51 . 2012-06-13 03:15 604706 ----a-w- c:\windows\system32\~.tmp
2012-06-12 03:13 . 2012-06-12 03:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 03:13 . 2012-06-12 03:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 23:28 . 2012-06-09 23:28 -------- d-----w- c:\program files\Trend Micro
2012-06-09 23:09 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-09 23:04 . 2012-06-09 23:04 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-08 22:35 . 2012-06-25 22:21 -------- d--h--w- c:\users\snayak\AppData\Roaming\Notepad++
2012-06-08 22:21 . 2012-06-08 22:21 -------- d--h--w- c:\users\snayak\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 22:42 . 2011-08-30 19:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 01:46 . 2012-06-01 20:43 143040 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-06-09 04:23 . 2010-11-20 21:29 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-06-04 15:54 . 2010-11-30 11:28 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-06-02 01:56 . 2012-06-02 01:56 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe
2012-06-02 01:56 . 2012-06-02 01:56 303104 ----a-w- c:\windows\9684826Uninstall.exe
2012-06-01 21:06 . 2012-06-01 21:06 933888 ----a-w- c:\windows\system32\WebMail_.exe
2012-06-01 21:05 . 2012-06-01 21:05 933888 ----a-w- c:\windows\system32\WebMail.exe
2012-06-01 21:05 . 2012-06-01 21:05 77760 ----a-w- c:\windows\system32\WebMail_.sys
2012-05-24 01:40 . 2012-05-24 01:40 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-24 01:40 . 2012-05-24 01:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-24 01:40 . 2012-05-24 01:40 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-24 01:40 . 2012-05-24 01:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-24 01:40 . 2012-05-24 01:40 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-24 01:40 . 2012-05-24 01:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-24 01:40 . 2012-05-24 01:40 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-24 01:40 . 2012-05-24 01:40 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-06-14 22:20 . 2012-07-02 22:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2011-04-13 979104]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 840992]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-23 50688]
Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
R2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [x]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [x]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [x]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SSPREnrollService;SSPREnrollService;c:\program files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WebMail;WebMail;c:\windows\system32\WebMail.exe [x]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [x]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]
R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]
R3 IgniteService;IgniteService;c:\program files\IgniteCDS\IgniteService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [x]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 03:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: expedia.be
Trusted Zone: expedia.co.uk
Trusted Zone: expedia.com
Trusted Zone: expedia.de
Trusted Zone: expedia.es
Trusted Zone: expedia.fr
Trusted Zone: expedia.it
Trusted Zone: expedia.nl
Trusted Zone: flowstar.net
Trusted Zone: sumtotalsystems.com
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
FF - ProfilePath - c:\users\snayak\AppData\Roaming\Mozilla\Firefox\Profiles\79znsqch.default\
FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LidpjsgBGxdFuo.exe - c:\programdata\LidpjsgBGxdFuo.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 16:41:49
ComboFix-quarantined-files.txt 2012-07-08 21:41
ComboFix2.txt 2012-06-09 13:20
.
Pre-Run: 254,971,559,936 bytes free
Post-Run: 254,778,601,472 bytes free
.
- - End Of File - - 2589B39E6BADF512541D5B9E3275CFBD

-------------------------

DDS Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 6/1/2012 1:38:34 PM
System Uptime: 7/8/2012 4:29:58 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KCT5J
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU 1 | 2494/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 237.352 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Dell Wireless 375 Bluetooth Module
Device ID: USB\VID_413C&PID_8187\C01885D913AB
Manufacturer: Broadcom
Name: Dell Wireless 375 Bluetooth Module
PNP Device ID: USB\VID_413C&PID_8187\C01885D913AB
Service: BTHUSB
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
32 Bit HP BiDi Channel Components Installer
7-Zip 9.20
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Altiris Application Metering Agent
Altiris Client Task Agent
Altiris PC Transplant Capture Agent
Altiris Power Management Agent
Altiris Script Task Agent
Altiris Service Control Task Agent
Altiris Software Delivery Agent For Task Server
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Conexant HDA D330 MDC V.92 Modem
CVE-2012-1889
CyberLink PowerDVD 9.5
DameWare Mini Remote Control Client Agent Service
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell System Manager
Dell Touchpad
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Export Notes v8.0.5.0 SP1
FileZilla Client 3.5.3
Flowstar.net Client Files
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Java Auto Updater
Java™ 6 Update 21
Juniper Installer Service
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Knowledge Xpert for PLSQL V9.0
Lotus Notes 8.5.1
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Agent
McAfee Host Intrusion Prevention
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2010
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
Netwaiting
Notepad++
Oracle Enterprise Single Sign-on Password Reset Client
Passport_Direct
PDFCreator
PhotoShowExpress
Qexplain2full
Quest Software Toad for Oracle Version 9.0.1
Quest SQL Tuning for Oracle
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
Snagit 11
Sonic CinePlayer Decoder Pack
Stat 5.5.4
TextPad 6
WebEx
WIDCOMM Bluetooth Software
X7Magic Setup
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 4:42:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:38:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/8/2012 4:32:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/8/2012 4:30:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/8/2012 4:30:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/8/2012 4:30:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/8/2012 4:30:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/8/2012 4:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/8/2012 4:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/8/2012 4:30:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FireTDI luafv mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless ZeroConfig Service service depends on the WLAN AutoConfig service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 4:30:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 4:28:44 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
7/8/2012 4:28:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv
7/8/2012 4:28:28 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
7/8/2012 4:21:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/8/2012 2:49:09 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
7/8/2012 12:03:55 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
7/7/2012 10:57:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
7/7/2012 10:57:10 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/7/2012 10:30:51 AM, Error: Schannel [36887] - The following fatal alert was received: 10.
.
==== End Of File ===========================


DDS.txt :

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.7601.17514
Run by snayak at 16:44:24 on 2012-07-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.2529 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\ctfmon.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120601155244.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 11\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: expedia.be
Trusted Zone: expedia.co.uk
Trusted Zone: expedia.com
Trusted Zone: expedia.de
Trusted Zone: expedia.es
Trusted Zone: expedia.fr
Trusted Zone: expedia.it
Trusted Zone: expedia.nl
Trusted Zone: flowstar.net
Trusted Zone: sumtotalsystems.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxp://ormnm21.flowserve.net/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://gssricew.flowserve.net:8004/OA_HTML/oaj2se.exe
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DhcpNameServer = 172.26.1.10 172.19.106.28
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475055524C49434 : DhcpNameServer = 204.59.152.208 208.67.222.222 57.67.127.195
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DhcpNameServer = 172.26.1.10 172.30.24.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\snayak\appdata\roaming\mozilla\firefox\profiles\79znsqch.default\
FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 165416]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 463912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]
S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2012-6-1 24615]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464]
S2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-6-1 35696]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 166024]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 148520]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]
S2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]
S3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-6-1 44680]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-6-1 107928]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-6-1 38680]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-6-1 35552]
S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 180328]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 59192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87392]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-2 113120]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-07-08 21:41:53 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-08 21:41:51 -------- d-----w- c:\users\snayak\appdata\local\temp
2012-07-08 21:32:02 98816 ----a-w- c:\windows\sed.exe
2012-07-08 21:32:02 518144 ----a-w- c:\windows\SWREG.exe
2012-07-08 21:32:02 256000 ----a-w- c:\windows\PEV.exe
2012-07-08 21:32:02 208896 ----a-w- c:\windows\MBR.exe
2012-06-30 17:23:22 -------- d-----w- c:\windows\system32\Dell
2012-06-25 15:10:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-23 16:05:41 -------- d-----w- c:\users\snayak\appdata\roaming\Quest Software
2012-06-23 08:28:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-23 08:28:57 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-23 08:28:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-23 08:04:13 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-23 08:04:13 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-23 08:01:50 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-06-19 17:01:17 -------- d-----w- c:\users\snayak\appdata\roaming\webex
2012-06-19 15:36:51 -------- d-----w- c:\programdata\WebEx
2012-06-17 05:09:04 -------- d-----w- c:\users\snayak\appdata\roaming\Helios
2012-06-17 05:08:25 -------- d-----w- c:\program files\TextPad 6
2012-06-16 22:32:50 -------- d-----w- c:\users\snayak\appdata\local\Dell
2012-06-16 22:26:29 0 ----a-w- c:\windows\invcol.tmp
2012-06-15 20:01:05 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2012-06-15 20:00:54 -------- d-----w- c:\program files\MSXML 4.0
2012-06-13 03:27:58 -------- d-----w- c:\users\snayak\appdata\roaming\pdfforge
2012-06-13 03:27:52 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-06-13 03:27:51 79360 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-13 03:27:50 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-06-13 03:27:50 -------- d-----w- c:\program files\PDFCreator
2012-06-13 03:27:49 -------- d-----w- c:\programdata\Premium
2012-06-13 03:26:36 -------- d-----w- c:\programdata\InstallMate
2012-06-12 14:23:55 -------- d-----w- c:\users\snayak\Lync Recordings
2012-06-12 04:51:34 604706 ----a-w- c:\windows\system32\~.tmp
2012-06-12 03:13:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 03:13:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 23:28:09 -------- d-----w- c:\program files\Trend Micro
2012-06-09 23:09:00 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-09 22:58:58 -------- d-----w- c:\windows\system32\appmgmt
2012-06-08 22:21:50 -------- d-----w- c:\users\snayak\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-06-13 22:42:39 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 01:46:46 143040 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-06-09 04:23:19 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-06-02 01:56:06 262202 ------r- c:\windows\bwUnin-8.2.0.29-9684826SL.exe
2012-06-02 01:56:03 303104 ----a-w- c:\windows\9684826Uninstall.exe
2012-06-01 21:06:00 933888 ----a-w- c:\windows\system32\WebMail_.exe
2012-06-01 21:05:59 933888 ----a-w- c:\windows\system32\WebMail.exe
2012-06-01 21:05:59 77760 ----a-w- c:\windows\system32\WebMail_.sys
2012-05-24 01:40:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-24 01:40:55 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-24 01:40:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-24 01:40:30 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-24 01:40:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-24 01:40:30 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-24 01:40:30 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-24 01:40:15 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:44:33.66 ===============

[Jai]

Just wanted to add that -

I rebooted and started the machine in normal mode. The errors do not appear any more. I am also able to access the Internet w/o errors. Thanks for the help.

But -
my wall paper (background) image is not there; the background is black, no image.
Plus many of the desktop icons that I had not used are not displayed anymore. Though the ones which I have used are all being displayed.

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

[Jai]

Hi Chris,

I will answer your last question first (even after the ESET run):
1) When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed.
2) My background wallpaper image is till not there and all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.
3) But Internet search seems to be working fine and at earlier speeds.

The ESET run did find one malicious object and removed it. I did see that the log showed the objects that was removed. Unfortunately, I chose the option to uninstall the application and it removed the log too. Sorry about not being able to post the file name,

The results for securitycheck.exe is shown below:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 21
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise mfeann.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[screen317]

Hi,

Quote

1) When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed.

This isn't abnormal. Everyone has to click on All Programs to see the program list.

Quote

2) My background wallpaper image is till not there and all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.

Which unused icons??? Is there a folder with them inside??




Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):


Java™ 6 Update 21

Restart your computer.

Get the latest version of Java.

Run Windows Update and install all updates, including Internet Explorer 9.


Reboot and post a fresh SecurityCheck log.

Let me know what issues remain.

[Jai]

Hi Chris,

Let me clarify. I am on Windows 7.

>> When I click on Start, the list of programs do not appear; only "All Programs" appear. I have to click on "All Programs" and only then all the programs get listed

Before the Malware attack, when I clicked on Start, a list of programs appeared above "All Programs". After the attack, the list was empty. The corrective actions did not restore it.
Well, after some Google search, I clicked on Start, right-clicked on "All Programs", and saw that "Store and Display recently opened programs in the start menu" and choice below it were both unchecked. Checking them back populated the program list in the menu.


>> all my unused desktop icons are not there. It is almost as if the Microsoft utility removing unused icons was run at some stage.

These unused shortcut icons were on my desktop. The shortcuts that I had been using were all restored back after the combofix run.

I was referring to a program in XP that would automatically (after a certain duration) ask if the unused icons needed to be deleted. It was like during the malware attack, that program ran on my Windows 7 machine. I was not sure where those unused icons got moved to (or were deleted).

I looked for those missing shortcuts today and found them all in "C:\Qoobox\Quarantine\C\Users\<user name>\AppData\Local\Temp\smtmp\4".

I also see a bunch of files under the path of "C:\Qoobox\Quarantine\C\Users\<user name>\AppData\Local\Temp\smtmp\1". There is a sub-directory of "Programs" under the "1" sub-directory and a whole of lot of program directories are there. There are two shortcuts "Default Programs" and "Windows Update" under the "1" sub-directory. Not sure what these sub-directories and files mean.

If you have any ideas on the above, please provide them.

I have gone ahead and got my desktop wallpaper restored.

On Java 6 Update 21 and IE 8 - I cannot update these as we use application programs that require these specific versions unfortunately (this is a work laptop).

Thanks for all your help. I really appreciate it. Other than the diconcerting feeling that the unused icons did not get restored back, I do not see any abnormal behavior or missing programs or hidden files.

[screen317]

Hi,

Let me discuss this with my colleagues. I'll be back with you as soon as possible.

[screen317]

Hi,

Can you please zip up and attach this folder:

C:\Qoobox\Quarantine

Thank you.

[Jai]

Please see attached.

Thanks
Jai

Attached Files

•  Quarantine.zip   175.07K   13 downloads

[screen317]

Hi,

Looks like the infection messed with some settings. To have the Start Menu begin to repopulate its list, do the following:

Right-click the Taskbar and click Properties. Click the Start Menu tab. Check both boxes under "Privacy."

Reboot.

[Jai]

Thanks. I had already done that step as mentioned in the first part of post #10.

Do the other files in the Quarantine directory have any relevance? I do see some of the missing desktop short cuts there, which I really do not care for much since they were unused by me. My laptop seems to be functioning fine otherwise. Is there anything else that is left to be done?

[screen317]

Hi,

You're welcome to restore them manually-- change the .vir extension to .lnk and they should be functional. At the end of the day they're just shortcuts. I don't see any malware left.


Let me know if there's anything else I can do.

[Jai]

Please close this thread. Thanks for the help.

Jai

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!