Author Topic: how can I get rid of sality.nba?? (Read 15674 times)

majik280 · « **on:** March 30, 2012, 03:31:38 AM »

My computer affected by sality.nba virus
Help me plz

SuperDave · « **Reply #1 on:** March 30, 2012, 11:18:40 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Darthgumby · « **Reply #2 on:** March 30, 2012, 01:20:18 PM »

Which antivirus software do you have? I would suggest booting into safe mode without networking and running a virus scan and a MalwareBytes scan to see if that resolves it.

majik280 · « **Reply #3 on:** March 30, 2012, 03:04:49 PM »

thanks dave

the log file:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2012 at 01:25 AM

Application Version : 5.0.1146

Core Rules Database Version : 8402
Trace Rules Database Version: 6214

Scan type : Complete Scan
Total Scan Time : 01:36:21

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 754
Memory threats detected : 0
Registry items scanned : 71157
Registry threats detected : 0
File items scanned : 143146
File threats detected : 46

Adware.Tracking Cookie
   C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Cookies\RPQB1TJP.txt [ /zedo.com ]
   C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Cookies\07M50LY8.txt [ /imrworldwide.com ]
   C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Cookies\1KBQCK4A.txt [ /doubleclick.net ]
   C:\USERS\DELL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HAPU2M6.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\DELL\Cookies\RPQB1TJP.txt [ Cookie:[email protected]/ ]
   C:\USERS\DELL\Cookies\07M50LY8.txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\DELL\Cookies\1KBQCK4A.txt [ Cookie:[email protected]/ ]
   .imrworldwide.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .accounts.google.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .accounts.google.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   .accounts.google.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V07U9LK9.DEFAULT\COOKIES.SQLITE ]

Heur.Agent/Gen-WhiteBox
   C:\USERS\DELL\DOCUMENTS\DOWNLOADS\COMPRESSED\ALCOHOL.120%.V1.9.8.7612.MULTILANGUAGE.WINDOWS.7.X64.86\ALCOHOL.120%.V1.9.8.7612.MULTILANGUAGE.WINDOWS.7.X64.86.REPACK\RMK-FREE LOADER AUTO.EXE

majik280 · « **Reply #4 on:** March 30, 2012, 05:27:49 PM »

another log file:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-PC [administrator]

Protection: Enabled

3/31/2012 1:40:13 AM
mbam-log-2012-03-31 (01-40-13).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346428
Time elapsed: 45 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Delete on reboot.

Registry Keys Detected: 8
HKCR\CLSID\{F636FC71-75E1-4133-B355-7697E6935F86} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F636FC71-75E1-4133-B355-7697E6935F86} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F636FC71-75E1-4133-B355-7697E6935F86} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F636FC71-75E1-4133-B355-7697E6935F86} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F636FC71-75E1-4133-B355-7697E6935F86} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Delete on reboot.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Software\FIL TER\filter\U2312.exe (PUP.UltraReach) -> Quarantined and deleted successfully.
C:\Software\FIL TER\filter\U8859.exe (PUP.UltraReach) -> Quarantined and deleted successfully.
C:\Software\FIL TER\filter\U995.exe (PUP.UltraReach) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Delete on reboot.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)

majik280 · « **Reply #5 on:** March 30, 2012, 05:34:26 PM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dell at 4:00:24 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5316 [GMT 4.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Tango\Tango.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Common Files\AOL\1324634892\ee\aolsoftware.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Your Freedom\freedom.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Opera\opera.exe
C:\windows\notepad.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2549263
uInternet Settings,ProxyServer = 127.0.0.1:8080
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111126092442.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r
uRun: [Google Update] "C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1324634892\ee\AOLSoftware.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337}\24D463332377D2536483543383 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337}\25169716E6568416D6271686 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337}\4416279716 : DhcpNameServer = 85.15.1.15 85.15.1.14
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337}\44C496E6B6 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4926F4AC-D059-450E-AC5E-2ED635A17337}\D416279646 : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111126092442.dll
BHO-X64: scriptproxy - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1324634892\ee\AOLSoftware.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\v07u9lk9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dell\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-30 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-5-25 363336]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-30 13336]
R2 IDMWFP;IDMWFP;C:\windows\system32\DRIVERS\idmwfp.sys --> C:\windows\system32\DRIVERS\idmwfp.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-25 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-9-30 197960]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-9-30 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-30 2009704]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-30 1692480]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-22 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-30 2655768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2011-7-1 298824]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe [2011-7-1 58013]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-30 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-03-30 19:10:13   --------   d-----w-   C:\Users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 19:09:29   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-03-30 19:09:29   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-03-30 09:38:01   --------   d-----w-   C:\Program Files\CCleaner
2012-03-29 18:58:48   --------   d-----w-   C:\Users\Dell\Impostazioni locali
2012-03-29 10:35:42   --------   d-----w-   C:\Film
2012-03-29 10:32:46   --------   d-----w-   C:\Users\Dell\AppData\Local\{000D9F2C-4EB6-4C39-BEFF-F526DA25284D}
2012-03-28 13:19:55   --------   d-----w-   C:\Program Files (x86)\Expat_Shield
2012-03-28 13:19:15   --------   d-----w-   C:\Expat Shield
2012-03-28 13:17:52   755016   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\afurladvisor50.dll
2012-03-28 13:17:51   756552   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\afurladvisor.dll
2012-03-28 13:17:50   --------   d-----w-   C:\Program Files (x86)\Expat Shield
2012-03-25 18:05:04   --------   d-----w-   C:\Norooz91
2012-03-25 12:38:43   --------   d-----w-   C:\Users\Dell\AppData\Roaming\Malwarebytes
2012-03-25 12:38:27   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-03-25 12:38:24   23152   ----a-w-   C:\windows\System32\drivers\mbam.sys
2012-03-25 12:38:23   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-25 12:02:27   592824   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-25 12:02:27   44472   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-25 10:47:10   --------   d-----w-   C:\ProgramData\Premium
2012-03-25 10:43:47   --------   d-----w-   C:\ProgramData\TheBflix
2012-03-25 10:37:42   --------   d-----w-   C:\ProgramData\InstallMate
2012-03-23 16:17:36   --------   d-----w-   C:\Users\Dell\AppData\Local\ElevatedDiagnostics
2012-03-19 00:03:12   5559152   ----a-w-   C:\windows\System32\ntoskrnl.exe
2012-03-19 00:03:10   3968368   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 00:03:09   3913584   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2012-03-18 17:36:52   1544192   ----a-w-   C:\windows\System32\DWrite.dll
2012-03-18 17:36:30   1077248   ----a-w-   C:\windows\SysWow64\DWrite.dll
2012-03-18 17:17:52   3145728   ----a-w-   C:\windows\System32\win32k.sys
2012-03-14 18:24:45   1031680   ----a-w-   C:\windows\System32\rdpcore.dll
2012-03-14 18:24:34   826880   ----a-w-   C:\windows\SysWow64\rdpcore.dll
2012-03-14 18:24:24   210944   ----a-w-   C:\windows\System32\drivers\rdpwd.sys
2012-03-14 18:24:23   23552   ----a-w-   C:\windows\System32\drivers\tdtcp.sys
2012-03-14 18:24:21   9216   ----a-w-   C:\windows\System32\rdrmemptylst.exe
2012-03-14 18:24:21   77312   ----a-w-   C:\windows\System32\rdpwsx.dll
2012-03-14 18:24:21   149504   ----a-w-   C:\windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-01-04 10:44:20   509952   ----a-w-   C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41   442880   ----a-w-   C:\windows\SysWow64\ntshrui.dll
.
============= FINISH: 4:01:25.47 ===============

SuperDave · « **Reply #6 on:** March 31, 2012, 12:53:45 PM »

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uInternet Settings,ProxyServer = 127.0.0.1:8080
uURLSearchHooks: H - No File
mRun: [<NO NAME>] 
BHO-X64:     IDM Helper - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     scriptproxy - No File
BHO-X64:     IESpeakDoc - No File
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64:     URLRedirectionBHO - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*******************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

majik280 · « **Reply #7 on:** March 31, 2012, 01:11:10 PM »

========== OTL ==========
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 03312012_234035

majik280 · « **Reply #8 on:** April 01, 2012, 10:33:13 AM »

ComboFix 12-03-31.03 - Dell 04/01/2012 20:52:08.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6286 [GMT 4.5:30]
Running from: c:\users\Dell\Documents\Downloads\Programs\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
V:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 16:26 . 2012-04-01 16:26   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-03-31 19:10 . 2012-03-31 19:10   --------   d-----w-   C:\_OTL
2012-03-30 19:10 . 2012-03-30 19:10   --------   d-----w-   c:\users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 19:09 . 2012-03-30 19:10   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-03-30 19:09 . 2012-03-30 19:09   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-03-30 09:38 . 2012-03-30 09:38   --------   d-----w-   c:\program files\CCleaner
2012-03-29 19:13 . 2012-03-29 19:13   --------   d-----w-   c:\program files (x86)\Smart Projects
2012-03-29 18:58 . 2012-03-29 18:58   --------   d-----w-   c:\users\Dell\Impostazioni locali
2012-03-29 10:35 . 2012-03-29 13:43   --------   d-----w-   C:\Film
2012-03-28 13:20 . 2012-03-31 19:42   --------   d-----w-   c:\users\AppData
2012-03-28 13:19 . 2012-03-28 13:27   --------   d-----w-   c:\program files (x86)\Expat_Shield
2012-03-28 13:19 . 2012-03-28 13:19   --------   d-----w-   C:\Expat Shield
2012-03-28 13:17 . 2011-06-22 22:05   755016   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\[email protected]\components\afurladvisor50.dll
2012-03-28 13:17 . 2011-06-22 22:05   756552   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\[email protected]\components\afurladvisor.dll
2012-03-28 13:17 . 2012-03-28 13:27   --------   d-----w-   c:\program files (x86)\Expat Shield
2012-03-27 12:22 . 2012-03-27 12:22   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2012-03-25 18:05 . 2012-03-25 18:05   --------   d-----w-   C:\Norooz91
2012-03-25 12:38 . 2012-03-25 12:38   --------   d-----w-   c:\users\Dell\AppData\Roaming\Malwarebytes
2012-03-25 12:38 . 2012-03-25 12:38   --------   d-----w-   c:\programdata\Malwarebytes
2012-03-25 12:38 . 2011-12-10 10:54   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-25 12:38 . 2012-03-25 12:38   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 12:02 . 2012-03-25 12:02   592824   ----a-w-   c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-25 12:02 . 2012-03-25 12:02   44472   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-25 10:47 . 2012-03-25 10:47   --------   d-----w-   c:\programdata\Premium
2012-03-25 10:37 . 2012-03-25 10:47   --------   d-----w-   c:\programdata\InstallMate
2012-03-23 16:17 . 2012-03-30 18:58   --------   d-----w-   c:\users\Dell\AppData\Local\ElevatedDiagnostics
2012-03-19 00:03 . 2011-11-19 15:20   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-19 00:03 . 2011-11-19 14:50   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 00:03 . 2011-11-19 14:50   3913584   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 17:36 . 2012-02-10 06:36   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-18 17:36 . 2012-02-10 05:38   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-03-18 17:17 . 2012-02-03 04:34   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-03-14 18:24 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 18:24 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 18:24 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 18:24 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-14 18:24 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-03-14 18:24 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-03-14 18:24 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 10:44 . 2012-02-14 21:26   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 21:26   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-31_19.36.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-31 19:06   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-01 15:52   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-01 15:52   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-31 19:06   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-31 19:06   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 15:52   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-01 15:49   60634 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-01 15:49   39136 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-24 09:05 . 2012-03-31 19:06   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-24 09:05 . 2012-04-01 15:47   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-24 09:05 . 2012-04-01 15:47   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-24 09:05 . 2012-03-31 19:06   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-31 19:06   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 15:47   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-23 13:11 . 2012-03-31 19:45   12227 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-02-23 13:11 . 2012-03-31 14:51   12227 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-11-24 17:10 . 2012-03-31 09:04   8870 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3258191081-3927428048-1913053889-1001_UserData.bin
+ 2011-11-24 17:10 . 2012-04-01 15:49   8870 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3258191081-3927428048-1913053889-1001_UserData.bin
+ 2012-04-01 15:47 . 2012-04-01 15:47   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-31 19:06 . 2012-03-31 19:06   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-31 19:06 . 2012-03-31 19:06   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-01 15:47 . 2012-04-01 15:47   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-03-31 19:45   932624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-31 14:51   932624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-24 20:12 . 2012-03-31 19:45   51632612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3258191081-3927428048-1913053889-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41   233288   ----a-w-   c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-08-14 21975120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"Tango"="c:\program files (x86)\Tango\Tango.exe" [2011-11-04 13489992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-04-29 75064]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-03-13 1658440]
"HostManager"="c:\program files (x86)\Common Files\AOL\1324634892\ee\AOLSoftware.exe" [2010-03-08 41800]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-09-20 129584]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2011-07-01 298824]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-07-01 58013]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-05-24 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2011-05-25 329544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-31 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-20 539184]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 22:20]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 22:20]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3258191081-3927428048-1913053889-1001Core.job
- c:\users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 20:57]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3258191081-3927428048-1913053889-1001UA.job
- c:\users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 20:57]
.
2012-03-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 09799347-e3d3-4c69-b9e5-0f3dec8440ad.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-03-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6e023c3b-95d0-4823-95d0-bcc4fb61b9b1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2549263
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\v07u9lk9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3258191081-3927428048-1913053889-1001_Classes\Wow6432Node\CLSID\{5dd136f3-c17c-4b78-8d37-8a4ec1a77102}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:00000017
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3258191081-3927428048-1913053889-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b6,16,b6,9e,12,1f,40,da,2c,d4,5b,27,25,6e,fb,7b,34,b0,4c,4b,9c,
72,85,90,b4,ca,da,c1,21,67,c7,8f,d8,d9,96,59,b4,37,68,1b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-01 20:58:14
ComboFix-quarantined-files.txt 2012-04-01 16:28
ComboFix2.txt 2012-03-31 19:42
.
Pre-Run: 477,234,176,000 bytes free
Post-Run: 477,173,084,160 bytes free
.
- - End Of File - - 00B8A1ACE449AAC60AD0B5C530B11D1E

majik280 · « **Reply #9 on:** April 01, 2012, 10:45:13 AM »

I have the same problem in this link whit my computer:
http://www.computerhope.com/forum/index.php/topic,129459.msg842168.html#msg842168
what should i do?

SuperDave · « **Reply #10 on:** April 01, 2012, 11:16:06 AM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

majik280 · « **Reply #11 on:** April 01, 2012, 12:50:43 PM »

Thanks Dave
I couldn't run the program normally but it run in "win XP mode"
here the log:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 11.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:683 Go - Free:444 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [CD_Rom]
V:\ [Fixed-NTFS] .. ( Total:14 Go - Free:6 Go )
.
Scan : 23:16.54
Path : C:\Users\Dell\Documents\Downloads\Programs\Rooter.exe
User : Dell ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

¶?

?? (396)
______

¶?

?? (624)
______

¶?

?? (772)
______

¶?

?? (792)
______

¶?

?? (832)
______

¶?

?? (856)
______

¶?

?? (864)
______

¶?

?? (960)
______

¶?

?? (132)
______

¶?

?? (372)
______

¶?

?? (644)
______

¶?

?? (720)
______

¶?

?? (908)
______

¶?

?? (1048)
______

¶?

?? (1128)
______

¶?

?? (1456)
______

¶?

?? (1556)
______

¶?

?? (1700)
______

¶?

?? (1712)
______

¶?

?? (1796)
______

¶?

?? (1824)
______

¶?

?? (2028)
______

¶?

?? (420)
______ C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (1764)
______

¶?

?? (912)
______ C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe (2084)
______ C:\Program Files (x86)\Expat Shield\bin\hsswd.exe (2116)
______

¶?

?? (2164)
______

¶?

?? (2232)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (2272)
______ C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2300)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (2332)
______

¶?

?? (2364)
______

¶?

?? (2624)
______

¶?

?? (2736)
______

¶?

?? (2776)
______ C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (2916)
______ C:\windows\SysWOW64\vmnat.exe (2940)
______

¶?

?? (3004)
______

¶?

?? (2072)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (1336)
______

¶?

?? (2532)
______

¶?

?? (2720)
______ C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (2440)
______

¶?

?? (4072)
______ C:\windows\SysWOW64\vmnetdhcp.exe (2860)
______

¶?

?? (2836)
______

¶?

?? (3068)
______

¶?

?? (4120)
______

¶?

?? (4464)
______ C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (4488)
______

¶?

?? (4868)
______

¶?

?? (4876)
______

¶?

?? (4988)
______

¶?

?? (5028)
______ C:\Program Files (x86)\Internet Download Manager\IDMan.exe (5004)
______ C:\Program Files (x86)\ooVoo\ooVoo.exe (5416)
______

¶?

?? (5424)
______

¶?

?? (5180)
______

¶?

?? (3428)
______

¶?

?? (3656)
______

¶?

?? (5372)
______ C:\Program Files (x86)\Dell\Stage Remote\DMR.exe (5068)
______ C:\Program Files (x86)\Tango\Tango.exe (7308)
______ C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (7388)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (7412)
______ C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (7436)
______

¶?

?? (7704)
______ C:\Program Files (x86)\Common Files\AOL\1324634892\ee\aolsoftware.exe (7776)
______ C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (8064)
______ C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (8140)
______

¶?

?? (9092)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3752)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (10012)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (10228)
______ C:\Program Files (x86)\Nero\Update\NASvc.exe (2060)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4728)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (11048)
______ C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe (1908)
______

¶?

?? (9600)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8920)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2800)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4132)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (9880)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (6608)
______

¶?

?? (9680)
______ C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (7028)
______

¶?

?? (8368)
______

¶?

?? (7680)
______

¶?

?? (10432)
______

¶?

?? (9980)
______ C:\Users\Dell\Documents\Downloads\Programs\Rooter.exe (4776)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:105906176 | Length:15728640000)
\Device\Harddisk0\Partition3 (Start_Offset:15834546176 | Length:734320779264)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3258191081-3927428048-1913053889-1001Core.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3258191081-3927428048-1913053889-1001UA.job
C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 09799347-e3d3-4c69-b9e5-0f3dec8440ad.job
C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6e023c3b-95d0-4823-95d0-bcc4fb61b9b1.job
C:\windows\Tasks\SystemToolsDailyTest.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:16.56
.
C:\Rooter$\Rooter_1.txt - (01/04/2012 | 23:16.56)

SuperDave · « **Reply #12 on:** April 01, 2012, 04:13:08 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

majik280 · « **Reply #13 on:** April 02, 2012, 06:02:35 AM »

here the log of eset online scanner:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13374684db68ff41b27f827ba3c4f4e7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-02 11:53:25
# local_time=2012-04-02 04:23:25 (+0330, Iran Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 11238347 33829987 0 0
# compatibility_mode=5893 16776574 100 94 42218502 84992983 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=143071
# found=5
# cleaned=5
# scan_time=5662
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Software\Antivirus\ESET.Smart.Security.v5.0.95.0-x86_www.asandownload.com.zip   MSIL/HackAV.J application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Software\office 2010\Image.iso   Win32/HackKMS.A application (deleted (after the next restart) - quarantined)   00000000000000000000000000000000   C
C:\Users\Dell\Desktop\u1103.exe   Win32/UltraReach application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

majik280 · « **Reply #14 on:** April 02, 2012, 06:25:20 AM »

Dear Dove
I did every thing you said in earlier posts. but the problem seems exist. there is a lock shape in some folders such "document and settings" and "system recovery. i can't enter these folders with the massage: "ACCESS IS DENIED"

[year+ old attachment deleted by admin]

Computer Hope Forum

News:

Author Topic: how can I get rid of sality.nba?? (Read 15674 times)

majik280

how can I get rid of sality.nba??

SuperDave

Re: how can I get rid of sality.nba??

Darthgumby

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

SuperDave

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

SuperDave

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

SuperDave

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??

majik280

Re: how can I get rid of sality.nba??