Jump to content

king303

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by king303

  1. king303
    Hi Elise, Thanks for your response, I do not have access to disable McAfee on my laptop and there by unable to install ComboFix. please advise if there is any other work around. Thanks very much.
  2. king303
    Hi Folks, I am using Win7 and was hit by happli redirect, since then malwarebytes on my system is not working. I had cleaned my laptop using other anti spyware and it fixed happli. however malwarebytes is unable to perform scan and exits in few minutes when i try to scan. I have already retried uninstalling and installing malware bytes on machine but it still exits during scan. As read in forum I am attaching the DDS and Attach log. please advise if you need any further information. Thanks in advance for your assitance. ************DDS.Log************** . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Run by asingh at 23:30:08 on 2012-05-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5973 [GMT -7:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\windows\system32\crypserv.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\windows\system32\CxAudMsg64.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\DLP\Agent\fcags.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe C:\windows\system32\mfevtps.exe C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\windows\SysWOW64\SAsrv.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\McAfee\DLP\Agent\fcagswd.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskhost.exe C:\Program Files\McAfee\DLP\Agent\fcag.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE C:\windows\Explorer.EXE C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe C:\windows\system32\wbem\unsecapp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Windows\SysWOW64\rundll32.exe C:\windows\system32\rundll32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\SysWOW64\RunDll32.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files (x86)\McAfee\Common Framework\McTray.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.oracle.com/index.htm uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;<local> mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO: BargainMatch Extension: {a1f60e28-5d50-447b-b4d9-3b4ab0d674e7} - C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES dRunOnce: [iPCConfig] C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe /SS=YES StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 1 (0x1) IE: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll/content|js|bargainmatchoptions.hta IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oracleoutsourcing.com\dnsh8j Trusted Zone: oraclevpn.com\myaccess Trusted Zone: oracle.com\login Trusted Zone: oraclecorp.com\global-ebusiness Trusted Zone: oraclecorp.com\global-erp Trusted Zone: oraclecorp.com\global-hrms Trusted Zone: oraclecorp.com\global-service Trusted Zone: oraclevpn.com\myaccess DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercall.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{4F6DDEC7-1A70-44AB-9A01-182CD865B854} : DhcpNameServer = 130.35.249.52 130.35.249.41 192.135.82.132 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\169627C696E6B6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\25F697723702E4564777F627B6 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\2616C616B627963786E616E2233303 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\36C6561627D27657563747 : DhcpNameServer = 148.87.1.22 148.87.112.101 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\44271696E6F6 : DhcpNameServer = 68.87.76.182 68.87.78.134 TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\D44434 : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO-X64: Fantapper - No File BHO-X64: BargainMatch Extension: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll BHO-X64: BargainMatchExtension - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll BHO-X64: NetAssistantBHO - No File BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll/content|js|bargainmatchoptions.hta IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\asingh\AppData\Roaming\Mozilla\Firefox\Profiles\jbngptf4.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.oracle.com/site/nasc FF - prefs.js: network.proxy.type - 2 FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 4aa93d11-10ec-4b0e-bd56-106eafa1ffac FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals, . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\windows\system32\DRIVERS\DzHDD64.sys --> C:\windows\system32\DRIVERS\DzHDD64.sys [?] R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2008-8-13 60128] R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176] R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176] R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096] R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160] R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312] R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-10-12 15688] R1 hdlpflt;hdlpflt;C:\windows\system32\DRIVERS\hdlpflt.sys --> C:\windows\system32\DRIVERS\hdlpflt.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\windows\system32\DRIVERS\smiifx64.sys --> C:\windows\system32\DRIVERS\smiifx64.sys [?] R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2010-10-12 58184] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2010-10-12 23368] R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2010-10-12 15688] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\system32\DRIVERS\CipcCdp.sys --> C:\windows\system32\DRIVERS\CipcCdp.sys [?] R2 CxAudMsg;Conexant Audio Message Service;C:\windows\system32\CxAudMsg64.exe --> C:\windows\system32\CxAudMsg64.exe [?] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-4-15 39840] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-6 40808] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-30 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-6 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-30 133992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] R2 McAfeeDLPAgentService;McAfee DLP Agent Service;C:\Program Files\McAfee\DLP\Agent\fcags.exe [2011-4-10 8445248] R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-10-22 181480] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-10-22 66880] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe --> C:\windows\system32\mfevtps.exe [?] R2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848] R2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016] R2 risdxc;risdxc;C:\windows\system32\DRIVERS\risdxc64.sys --> C:\windows\system32\DRIVERS\risdxc64.sys [?] R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-11-30 446592] R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080] R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-11-30 446800] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-30 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-30 142696] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2656280] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-6-10 641464] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?] R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] R3 hdlpctrl;hdlpctrl;C:\windows\system32\drivers\hdlpctrl.sys --> C:\windows\system32\drivers\hdlpctrl.sys [?] R3 hdlpdbk;hdlpdbk;C:\windows\system32\drivers\hdlpdbk.sys --> C:\windows\system32\drivers\hdlpdbk.sys [?] R3 hdlpevnt;hdlpevnt;C:\windows\system32\drivers\hdlpevnt.sys --> C:\windows\system32\drivers\hdlpevnt.sys [?] R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?] R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?] R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] R3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\system32\drivers\mfesmfk.sys --> C:\windows\system32\drivers\mfesmfk.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?] R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808] R3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-9-6 478056] S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-6 89152] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-6 175168] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 hdlpnetf;hdlpnetf;C:\windows\system32\drivers\hdlpnetf.sys --> C:\windows\system32\drivers\hdlpnetf.sys [?] . =============== Created Last 30 ================ . 2012-05-10 06:08:59 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll 2012-05-10 06:08:59 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll 2012-05-03 16:40:34 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-05-03 16:40:32 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDE367E5-7D4E-4339-A6B3-565182D98944}\mpengine.dll 2012-04-19 18:11:11 -------- d---a-w- C:\Users\asingh\AppData\Roaming\.purple.bak.1 2012-04-19 18:10:51 -------- d-----w- C:\Program Files (x86)\Pidgin 2012-04-14 19:41:53 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-14 19:41:52 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-14 19:41:52 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-14 19:41:50 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-14 19:41:50 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-14 19:41:50 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-14 19:41:50 172544 ----a-w- C:\windows\SysWow64\wintrust.dll . ==================== Find3M ==================== . 2012-05-03 07:17:08 143008 ----a-w- C:\windows\SysWow64\KevlarSigs.dll 2012-04-09 22:50:47 736494 ----a-w- C:\windows\SysWow64\PacesetterFY12-Cloud.scr 2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-03-29 06:26:29 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-29 06:26:29 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-24 17:36:50 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll . ============= FINISH: 23:33:19.03 =============== ***********Attach.Log****************** . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/7/2011 4:46:06 AM System Uptime: 5/9/2012 11:08:32 PM (0 hours ago) . Motherboard: LENOVO | | 2537R84 Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 49.59 GiB free. D: is FIXED (NTFS) - 189 GiB total, 171.833 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0001 Service: CVirtA . ==== System Restore Points =================== . RP63: 4/23/2012 5:35:03 PM - Scheduled Checkpoint RP64: 5/1/2012 1:39:06 PM - Scheduled Checkpoint RP65: 5/8/2012 6:45:07 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe Flash Player 10 Plugin Adobe Reader X (10.1.2) Adobe SVG Viewer 3.0 Advanced Outlook Password Recovery (remove only) BargainMatch IE-Extension version 1.0.1.1142 Cisco AnyConnect VPN Client Cisco IP Communicator Cisco VPN Client 5.0.07.0290 Cisco WebEx Meetings Compare It! Fantapper Player FileZilla Client 3.5.2 Freeze.com NetAssistant GoToMeeting 4.8.0.723 GTK+ Runtime 2.14.7 rev a (remove only) Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.0.74.0 Intel® Management Engine Components Intel® Processor Graphics Java Auto Updater Java™ 6 Update 24 Lenovo Patch Utility Lenovo Screen Reading Optimizer Malwarebytes Anti-Malware version 1.61.0.1400 McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Endpoint Encryption for Files and Folders McAfee Endpoint Encryption for PC McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Visio Viewer 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visio Viewer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 11.0 (x86 en-US) Mozilla Thunderbird (3.1.7) NetAssistant Nucleus Kernel Outlook Password Recovery ver 10.08.01 NX Client for Windows 3.5.0-7 Oracle Beehive Conferencing Oracle Beehive Extensions for Outlook Oracle Beehive for Outlook Oracle Data Protection 1.8.0.0 Oracle Online Assistance Oracle Open Office 3.3 Oracle Web Conferencing Console Pacesetter Spheres Screensaver Pidgin prerequisite PrimoPDF Projette PuTTY .60 with WinSCP4 RealPlayer Enterprise RICOH_Media_Driver_v2.14.18.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition System Update ThinkPad Power Manager Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) . ==== Event Viewer Messages From Past Week ======== . 5/9/2012 11:09:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 5/9/2012 11:08:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 5/9/2012 11:08:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 5/9/2012 11:00:47 AM, Error: Schannel [36887] - The following fatal alert was received: 47. 5/3/2012 1:54:19 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 552. 5/3/2012 1:54:19 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ldap.gdns.oraclecorp.com. The SSL connection request has failed. The attached data contains the server certificate. 5/2/2012 6:16:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ASKHURAN-E4310 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F6DDEC7-1A70-44AB-9A01-182CD865B854}. The master browser is stopping or an election is being forced. 5/2/2012 1:14:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADMIN-US that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F6DDEC7-1A70-44AB-9A01-182CD865B854}. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  3. king303
    yes I had happili virus and cleaned it using super antispyware...however everytime i run super antispyware...i see multiple tracking adware. also my IE is behaving weird and not loading images. Macfee full scan does not detect anything. I want scan with malware bytes but its existing....there are no errors or logs .it just exits in middle... please advise.
  4. king303
    hi folks, while trying to perform any scan malware bytes window closes by itself during scan in few minutes. I m running currently Malware bytes 1.61.0.1400 version. please advise... thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.