Jump to content

akrishna

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I keep getting a message that pops up on the side that says "malaware successfully blocked potentially malicious website." I got this before and I got rid of it. and Now it's back again. Down below I posted some information. I attached the DDS file, attact.txt file, OTL file, along with the malaware bytes scan log. if I am missing something, please let me know and I will respond as fast as I can. Thanks . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27 Run by apoorva at 0:42:14 on 2012-03-07 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6051.2300 [GMT -8:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -netsvcs C:\windows\system32\conhost.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\WINDOWS\System32\StikyNot.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\conhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\windows\system32\DllHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\apoorva\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\apoorva\AppData\Local\Temp\{8BCCD2E2-FC82-452D-BA1E-712D911E8CEA}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{4425245E-106E-4F4F-BEF7-ED311700C3EE} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869} : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869}\25563625F6F6D675966496 : DhcpNameServer = 208.67.222.222 208.67.220.220 24.205.224.36 TCP: Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869}\35F6E69702850756279616 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{D0C132D4-686E-469A-96A8-306B52A0D869}\B6E6967686473796E6E6 : DhcpNameServer = 192.168.1.1 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: CrossRider: {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll BHO-X64: CrossRider - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\j7mzfjop.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120305.001\IDSviA64.sys [2012-3-5 488568] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-12 89600] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-12 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652872] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-2-10 138248] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-12 1692480] R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-12 2655768] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?] R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-7 138360] R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-9 136176] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-9 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-07 08:15:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6517039F-F091-40CF-9616-1D1FF23FEE42}\offreg.dll 2012-03-07 07:51:22 20480 ----a-w- C:\windows\svchost.exe 2012-03-07 07:48:55 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\64BD.tmp 2012-03-07 07:48:55 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\64AC.tmp 2012-03-06 21:18:51 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6517039F-F091-40CF-9616-1D1FF23FEE42}\mpengine.dll 2012-03-05 01:02:57 -------- d-----w- C:\Program Files\CCleaner 2012-03-02 03:51:51 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-02-22 20:48:29 -------- d-----w- C:\Users\apoorva\AppData\Local\{7C4930A0-96F1-4675-8575-EA153344605B} 2012-02-22 20:48:29 -------- d-----w- C:\Users\apoorva\AppData\Local\{482E1074-F7DE-4C59-8ECF-89CC7C301569} 2012-02-17 05:44:00 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-16 18:50:14 -------- d-----w- C:\Users\apoorva\AppData\Local\NPE 2012-02-16 18:28:40 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-16 18:28:40 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-16 18:28:39 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-16 18:28:39 478208 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-16 18:28:37 3143168 ----a-w- C:\windows\System32\win32k.sys 2012-02-16 18:28:34 499200 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-16 18:28:28 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-16 18:28:28 634368 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-16 05:09:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\65D.tmp 2012-02-16 05:09:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\64C.tmp 2012-02-14 03:20:03 -------- d-----w- C:\Program Files\Dell Support Center 2012-02-12 11:38:14 -------- d-----w- C:\Users\apoorva\AppData\Local\ElevatedDiagnostics 2012-02-10 23:41:10 -------- d-----w- C:\Users\apoorva\AppData\Local\CrashDumps 2012-02-10 23:21:31 405624 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\symnets.sys 2012-02-10 23:21:30 738936 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\srtsp64.sys 2012-02-10 23:21:30 451192 ----a-r- C:\windows\System32\drivers\NISx64\1305000.091\symds64.sys 2012-02-10 23:21:30 37496 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\srtspx64.sys 2012-02-10 23:21:30 190072 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\ironx64.sys 2012-02-10 23:21:30 167048 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys 2012-02-10 23:21:30 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\symefa64.sys 2012-02-10 23:21:11 -------- d-----w- C:\windows\System32\drivers\NISx64\1305000.091 2012-02-09 08:40:04 -------- d-----w- C:\Program Files (x86)\Atari . ==================== Find3M ==================== . 2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-02-10 23:21:37 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-01-11 01:42:37 103784 ----a-w- C:\Users\apoorva\GoToAssistDownloadHelper.exe 2012-01-04 00:48:42 354176 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-12-11 14:48:45 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2011-12-11 14:48:45 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2011-12-10 21:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys . ============= FINISH: 0:45:19.88 =============== Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.07.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 apoorva :: APOORVA-PC [administrator] Protection: Enabled 3/7/2012 1:20:27 AM mbam-log-2012-03-07 (01-23-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193189 Time elapsed: 2 minute(s), 33 second(s) Memory Processes Detected: 1 C:\WINDOWS\svchost.exe (Trojan.Agent) -> 5060 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken. (end) Attach.txt DDS-1.txt mbam-log-2012-03-07 (01-20-27).txt mbam-log-2012-03-07 (01-23-13).txt OTL.Txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.