Jump to content

mathimuthu

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mathimuthu

    Mr Charlie greatly helped me get rid of all the malwares from my laptop through his wonderful guidance. I appreciate his timely response to all my concerns.

  2. mathimuthu
    Sounds great! I think the laptop is running smoothly and I don't see any issue at this time. I appreciate your timely help.
  3. mathimuthu
    Here is the SecurityCheck report. Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 TuneUp Utilities Language Pack (en-US) CCleaner COMODO System Cleaner Java Web Start Java DB 10.5.3.0 Java 6 Update 29 Java SE Development Kit 6 Update 18 Java 2 Runtime Environment, SE v1.4.1_07 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader X (10.1.4) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  4. mathimuthu
    Here is the MBAM Quick Scan report. Let me know, if everything is alright now. FYI...it looks after cleaning and restart, now MBAM has enabled both Filesystem and malicious website protections. Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.11.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mathi :: MATHI-LAPTOP [administrator] Protection: Enabled 10/11/2012 6:26:17 PM mbam-log-2012-10-11 (18-26-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254925 Time elapsed: 16 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. mathimuthu
    Here is the combofix scan report. ComboFix 12-10-11.03 - Mathi 10/11/2012 16:30:21.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.989 [GMT -4:00] Running from: c:\users\Mathi\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Mathi\GoToAssistDownloadHelper.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\FlashPlayerInstaller.exe c:\windows\system32\ndisapi.dll . . ((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 ))))))))))))))))))))))))))))))) . . 2012-10-10 23:07 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 23:07 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 23:05 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 23:05 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 01:22 . 2012-10-10 01:22 -------- d-----w- c:\users\Mathi\AppData\Roaming\Malwarebytes 2012-10-10 01:21 . 2012-10-10 01:21 -------- d-----w- c:\programdata\Malwarebytes 2012-10-10 01:21 . 2012-10-10 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-10 01:21 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-03 10:13 . 2012-10-03 10:13 -------- d--h--w- c:\programdata\Common Files 2012-10-03 09:44 . 2012-10-03 09:44 -------- d-----w- c:\users\Mathi\AppData\Roaming\TuneUp Software 2012-10-03 09:42 . 2012-10-09 14:19 -------- d-----w- c:\program files\TuneUp Utilities 2012 2012-10-03 09:39 . 2012-10-09 14:19 -------- d-----w- c:\programdata\TuneUp Software 2012-10-02 23:01 . 2012-10-02 23:02 -------- d-----w- c:\program files\FileASSASSIN 2012-10-01 23:56 . 2012-10-03 02:03 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009 2012-09-25 23:59 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-12 10:36 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 10:36 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 10:36 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2012-09-12 10:36 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 10:36 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 10:36 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 10:36 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-31 10:52 . 2012-04-13 10:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-31 10:52 . 2011-10-01 21:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-18 17:47 . 2012-08-15 10:57 2345984 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Mathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-06-09 3215360] "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-07 109336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2009-05-26 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-26 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-26 88608] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784] "LanLight"="c:\program files\LanLights\LanLights.exe" [2009-08-01 487424] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . c:\users\Mathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Mathi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-07-24 23:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-09 17:33 1949480 ----a-w- c:\program files\Apricorn\EZ Gig II\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apricorn Scheduler Service] 2007-10-09 17:24 148712 ----a-w- c:\program files\Common Files\Apricorn\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZGigMonitor.exe] 2007-10-09 17:20 1169264 ----a-w- c:\program files\Apricorn\EZ Gig II\EZGigMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-09 02:47 135664 ----atw- c:\users\Mathi\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] 2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 Splunkd;Splunkd;c:\program files\Splunk\bin\splunkd.exe service [x] R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [x] R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [x] R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x] R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 DmDocbroker;Documentum Docbroker Service Docbroker;c:\documentum\product\6.5\bin\dmdocbroker.exe -init_file c:\documentum\dba\Docbroker.ini [x] R3 DmMethodServer;Documentum Java Method Server;c:\program files\Documentum\tools\javaServiceWrapper\3.2.0\bin\dctmservice.exe [x] R3 DmServerusdocbase;Documentum Docbase Service usdocbase;c:\documentum\product\6.5\bin\documentum.exe [x] R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x] R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x] R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x] R3 OracleDBConsoleusdocu;OracleDBConsoleusdocu;c:\app\Mathi\product\11.1.0\db_1\bin\nmesrvc.exe [x] R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Mathi\product\11.1.0\db_1\BIN\TNSLSNR [x] R3 OracleServiceUSDOCU;OracleServiceUSDOCU;c:\app\mathi\product\11.1.0\db_1\bin\ORACLE.EXE USDOCU [x] R3 OracleVssWriterUSDOCU;Oracle USDOCU VSS Writer Service;c:\app\Mathi\product\11.1.0\db_1\bin\OraVSSW.exe USDOCU [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [x] R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [x] R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [x] R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [x] R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x] R3 splunkdrv-win6;splunkdrv-win6;c:\program files\Splunk\bin\splunkdrv-win6.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 Tomcat6;Apache Tomcat;c:\tomcat\bin\tomcat6.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x] R4 OracleJobSchedulerUSDOCU;OracleJobSchedulerUSDOCU;c:\app\mathi\product\11.1.0\db_1\Bin\extjob.exe USDOCU [x] S0 CFRPD;CFRPD;c:\windows\System32\drivers\cfrpd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS [x] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121010.001\IDSvix86.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 hMailServer;hMailServer;c:\program files\hMailServer\Bin\hMailServer.exe RunAsService [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [x] S2 Splunkweb;Splunkweb;c:\program files\Splunk\bin\PythonService.exe [x] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [x] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder . 2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356986936-1437951809-4015158600-1001Core.job - c:\users\Mathi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 02:47] . 2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356986936-1437951809-4015158600-1001UA.job - c:\users\Mathi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 02:47] . 2012-10-11 c:\windows\Tasks\NTSPServMng.job - c:\program files\ONKYO\Net-Tune Central\NTSPServMng.exe [2004-09-14 16:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 192.168.1.10:9000 uInternet Settings,ProxyOverride = local;<local>;*.local IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Trusted Zone: mathim TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3A8E00BA-E916-450F-828F-E193D15F45C5}: NameServer = 8.8.8.8,8.8.4.4 DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://mathim/pwa/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://mathim/pwa/_layouts/pwa/objects/pjclient.cab DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxp://www.dishonline.com/widevine/installer/WidevineMediaTransformer.exe . . ------- File Associations ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . SafeBoot-27534571.sys MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe MSConfigStartUp-RDVCHG - c:\program files\Sprint\Sprint SmartView\RDVCHG.exe MSConfigStartUp-Sprint SmartView - c:\program files\Sprint\Sprint SmartView\SprintSV.exe AddRemove-2216625484.www.bigflix.com - c:\program files\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleOraDb11g_home1TNSListener] "ImagePath"="c:\app\Mathi\product\11.1.0\db_1\BIN\TNSLSNR " . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(692) c:\windows\system32\relog_ap.DLL . - - - - - - - > 'Explorer.exe'(2988) c:\users\Mathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\btncopy.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\ONKYO\Net-Tune Central\WinLibMgrTsvV.exe c:\program files\ONKYO\Net-Tune Central\WinNTSPDV.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\hMailServer\Bin\hMailServer.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\stacsv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\conhost.exe c:\program files\Windows Sidebar\Sidebar.exe . ************************************************************************** . Completion time: 2012-10-11 17:07:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-11 21:07 . Pre-Run: 63,398,084,608 bytes free Post-Run: 63,077,113,856 bytes free . - - End Of File - - 1DD3BDE8A86E3CAD2C67FB7F7B285ED4
  6. mathimuthu
    Please find the TDSSKiller report attached. Thanks, TDSSKiller.2.8.10.0_11.10.2012_12.37.33_log.txt TDSSKiller.2.8.10.0_11.10.2012_12.52.09_log.txt
  7. mathimuthu
    I ran the roguekiller scan and here is the report. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Mathi [Admin rights] Mode : Scan -- Date : 10/11/2012 10:55:24 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [RUN][ROGUE ST] HKLM\[...]\RunOnce : 1 (C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Mathi\AppData\Local\Temp\IHU5C5D.tmp.exe -> FOUND [TASK][PREVRUN] {9D572C61-298C-41C0-A3AE-CBFE04CE24CE} : C:\Windows\System32\pcalua.exe -a D:\Setup.exe -d D:\ -> FOUND [TASK][PREVRUN] {BEDFC64D-0199-4DB9-A422-FFDC30DEFA3A} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\CVSNT\cvsnt.cpl" -> FOUND [TASK][PREVRUN] {D713499B-47B3-4637-BA67-B4AF3F1A5F70} : C:\Windows\System32\pcalua.exe -a C:\eclipse-jee-galileo-SR1-win32\eclipse\eclipse.exe -d C:\eclipse-jee-galileo-SR1-win32\eclipse -> FOUND [TASK][PREVRUN] {DF56C319-C255-4124-A3FA-1D33EC6004B3} : C:\Windows\System32\pcalua.exe -a J:\run.exe -d J:\ -> FOUND [TASK][PREVRUN] {FB331EA0-68E1-4897-9C72-D29C9BB440CF} : C:\Windows\System32\pcalua.exe -a "C:\Users\Mathi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CDQTZL1\LogitechHarmonyRemote7.7.0-WIN-x86.exe" -d C:\Users\Mathi\Desktop -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.1.10:9000) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] L : C:\Windows\Installer\{4c867b91-2a4e-3ae7-9045-143216b3dc6b}\L --> FOUND [ZeroAccess][FILE] @ : C:\Windows\system32\config\systemprofile\Local Settings\Application Data\{4c867b91-2a4e-3ae7-9045-143216b3dc6b}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\system32\config\systemprofile\Local Settings\Application Data\{4c867b91-2a4e-3ae7-9045-143216b3dc6b}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\system32\config\systemprofile\Local Settings\Application Data\{4c867b91-2a4e-3ae7-9045-143216b3dc6b}\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x83528C99 -> HOOKED (Unknown @ 0x87460108) SSDT[14] : NtAlertThread @ 0x8347BBE0 -> HOOKED (Unknown @ 0x874601E8) SSDT[19] : NtAllocateVirtualMemory @ 0x83474BEC -> HOOKED (Unknown @ 0x87460AE0) SSDT[22] : NtAlpcConnectPort @ 0x834C044E -> HOOKED (Unknown @ 0x86C54F20) SSDT[43] : NtAssignProcessToJobObject @ 0x83449FEE -> HOOKED (Unknown @ 0x86B418B0) SSDT[74] : NtCreateMutant @ 0x8345B2B2 -> HOOKED (Unknown @ 0x86B41E58) SSDT[86] : NtCreateSymbolicLinkObject @ 0x8344C911 -> HOOKED (Unknown @ 0x86B415D0) SSDT[87] : NtCreateThread @ 0x83526ECA -> HOOKED (Unknown @ 0x87460F28) SSDT[88] : NtCreateThreadEx @ 0x834BB36B -> HOOKED (Unknown @ 0x86B416C0) SSDT[96] : NtDebugActiveProcess @ 0x834F8D9A -> HOOKED (Unknown @ 0x86B41990) SSDT[111] : NtDuplicateObject @ 0x8347C67A -> HOOKED (Unknown @ 0x87460C70) SSDT[131] : NtFreeVirtualMemory @ 0x83302AEC -> HOOKED (Unknown @ 0x874608F8) SSDT[145] : NtImpersonateAnonymousToken @ 0x834408E0 -> HOOKED (Unknown @ 0x86B41F48) SSDT[147] : NtImpersonateThread @ 0x834C484C -> HOOKED (Unknown @ 0x86B41008) SSDT[155] : NtLoadDriver @ 0x83410C20 -> HOOKED (Unknown @ 0x86C5F450) SSDT[168] : NtMapViewOfSection @ 0x83491532 -> HOOKED (Unknown @ 0x87460818) SSDT[177] : NtOpenEvent @ 0x8345ACAE -> HOOKED (Unknown @ 0x86B41D78) SSDT[190] : NtOpenProcess @ 0x8345CAF8 -> HOOKED (Unknown @ 0x87460E10) SSDT[191] : NtOpenProcessToken @ 0x834AF23F -> HOOKED (Unknown @ 0x87460BB0) SSDT[194] : NtOpenSection @ 0x834B48BB -> HOOKED (Unknown @ 0x86B41BB8) SSDT[198] : NtOpenThread @ 0x834A8FC3 -> HOOKED (Unknown @ 0x87460D40) SSDT[215] : NtProtectVirtualMemory @ 0x8348D5A1 -> HOOKED (Unknown @ 0x86B417C0) SSDT[304] : NtResumeThread @ 0x834BB592 -> HOOKED (Unknown @ 0x874602C8) SSDT[316] : NtSetContextThread @ 0x83528745 -> HOOKED (Unknown @ 0x87460568) SSDT[333] : NtSetInformationProcess @ 0x8348378D -> HOOKED (Unknown @ 0x87460648) SSDT[350] : NtSetSystemInformation @ 0x8349929A -> HOOKED (Unknown @ 0x86B41A70) SSDT[366] : NtSuspendProcess @ 0x83528BD3 -> HOOKED (Unknown @ 0x86B41C98) SSDT[367] : NtSuspendThread @ 0x834E0085 -> HOOKED (Unknown @ 0x874603A8) SSDT[370] : NtTerminateProcess @ 0x834A5BFB -> HOOKED (Unknown @ 0x87460008) SSDT[371] : NtTerminateThread @ 0x834C3584 -> HOOKED (Unknown @ 0x87460488) SSDT[385] : NtUnmapViewOfSection @ 0x834AF87A -> HOOKED (Unknown @ 0x87460738) SSDT[399] : NtWriteVirtualMemory @ 0x834AA958 -> HOOKED (Unknown @ 0x874609C8) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x8932D568) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87472C60) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x87471528) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x8936F410) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x891EB920) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x87592FC0) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x866DDC60) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x866DDB90) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x8937B6D8) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8938B418) ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BJKT-00F4T0 ATA Device +++++ --- User --- [MBR] b2882a9ef64ae1a58c0aa7f61d802cbf [bSP] 73cac833f12030dc01ecd6104c9c4c5d : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. mathimuthu
    I recently bought Malwarebytes Anti-Malware PRO and installed in my laptop. However, the icon is grey and I could not enable malicious website protection. I used "mbam-clean.exe" and restarted my laptop, but still I can't enable the protection. My laptop was infected a couple of times earlier and I cleaned with Anti-Malware PRO, which indicated the malwares had been quarentined and deleted. I also recently scanned my system and there were no malwares at all. I have attach.txt and dds.txt added to this forum. Please help me to remove any malware residues from my laptop and enable the full protection. Thanks in advance. CheckResults.txt DDS.txt Attach.txt
  9. mathimuthu
    I recently bought Malwarebytes Anti-Malware Pro and installed in my laptop. However, the protection is only partially enabled and I can't add malicious website blocking component. Based on the feedback in the forum, I used "mbam-clean.exe", uninstalled the software and restarted the laptop. Still I can't enable malicious website blocking protection. I ran dds.com/dds.scr and included the requested files for your reference. I appreciate your help. Thanks in advance. Attach.txt CheckResults.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.