Jump to content

DivyaKambhatla

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, Sir, as suggested , a. Uninstalled ComboFix using the ComboFix /Uninstall method. (got a pop up that combofix has been uninstalled). b. Changed the IE settings to as they have been asked to. c. Updated my AntiVirus Software d. Windows Firewall Enabled e. plugin M86 SecureBrowsing installed for chrome. Was unable to do it for Firefox 8.0.1 due to non compatibility. f. Changed my Passwords. I did not receive even a single notification from MBAM about any Malicious IP Blocks . Thank You so much.. My heartfelt Thanks to You and your team for all the help and guidance that you'll provided. Will always keep in mind to follow the guidelines you have provided. Sincerely, Divya.
  2. Hi, I have uninstalled conduit engine,ask.com, UTorrent and its toolbars and even Skype (and its associated toolbars). There has been no notification from MBAM for the past 20minutes. However, Will continue to monitor for any more notifications from MBAM for any malicious IP access block. Thank You Sir.
  3. Hi, Just wanted to add: Now i am getting notifications from MBAM about incoming access from a site 222.189.238.115 being blocked. The process being shown as "svchost.exe". Am not sure if this is anything malicious and if so why is this happening.. Thanks and Regards.
  4. Hi Sir, As suggested, I downloaded and ran the Combofix. Please find below the log of the same. ComboFix 11-11-20.01 - divya 20-11-2011 21:18:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1975 [GMT 5.5:30] Running from: c:\users\divya\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\MP3 Rocket Toolbar\mp3Rockettb.dll c:\windows\s.bat . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_COMSysApp . . ((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 ))))))))))))))))))))))))))))))) . . 2011-11-20 15:53 . 2011-11-20 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-18 18:50 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{532F2320-30A3-4EF3-924F-C7FD9E516754}\mpengine.dll 2011-11-18 18:32 . 2011-11-18 18:32 -------- d-----w- c:\windows\system32\Macromed 2011-11-12 07:12 . 2011-11-12 07:12 -------- d-----w- c:\users\divya\AppData\Roaming\Malwarebytes 2011-11-12 07:11 . 2011-11-12 07:11 -------- d-----w- c:\programdata\Malwarebytes 2011-11-12 07:11 . 2011-08-31 11:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-12 07:11 . 2011-11-12 07:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-09 08:39 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 08:39 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 08:17 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 08:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-10-23 15:38 . 2011-10-23 15:38 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 18:32 . 2011-05-29 05:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 16:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-10-15 16:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-09-06 20:45 . 2011-02-22 18:19 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2011-02-22 18:19 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-09-06 20:45 . 2011-02-22 18:19 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-05-11 16:48 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:38 . 2011-02-22 18:19 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2011-02-22 18:19 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2011-02-22 18:19 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2011-02-22 18:19 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2011-02-22 18:19 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-27 05:37 . 2011-10-12 16:26 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-12 16:26 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-12 16:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-12 16:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-23 15:50 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-04 39408] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576] "UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-07-15 273544] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176] R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Change Modem Device Service;Change Modem Device Service;c:\windows\SysWOW64\ChgService.exe [2010-03-19 135168] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe [2011-03-10 221696] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP . Contents of the 'Scheduled Tasks' folder . 2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 21:02] . 2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 21:02] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2010-08-20 02:03 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800] "combofix"="c:\combofix\CF25405.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Jardinains! - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1411117413-128677964-1662928230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1411117413-128677964-1662928230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2011-11-20 21:30:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-20 16:00 . Pre-Run: 235,552,387,072 bytes free Post-Run: 236,076,097,536 bytes free . - - End Of File - - EB91127156988CF41841C6220D19E318 Behavior of the system right now: No Problems have been encountered so far. The Notification from MBAM about blocking access to 208.87.149.250 continue to occur. Thanks and Regards.
  5. Hi Sir, Please find the requested details below: 1. MBAM Scan Results as on Nov 19th 2011. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8189 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 19-11-2011 21:35:33 mbam-log-2011-11-19 (21-35-33).txt Scan type: Quick scan Objects scanned: 167795 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 2. how your computer behaves at the moment Computer behaving normally after installing MBAM except for pop ups from MBAM every 15 mins about blocking access to a potentially malicious site with IP address 208.87.149.250. Before installing MBAM, i was unable to connect to any site( including google and yahoo) and a DNS Look Up failed error message was being thrown (when i was very well being able to connect the previous day). Latest Protection Log from MBAM. 00:01:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49389, Process: avastsvc.exe) 00:01:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49390, Process: avastsvc.exe) 00:02:12 divya MESSAGE Scheduled update executed successfully 00:02:56 divya MESSAGE IP Protection stopped 00:02:58 divya MESSAGE Database updated successfully 00:02:59 divya MESSAGE IP Protection started successfully 00:16:13 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49509, Process: avastsvc.exe) 00:16:13 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49510, Process: avastsvc.exe) 00:31:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50320, Process: avastsvc.exe) 00:31:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50321, Process: avastsvc.exe) 00:46:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51103, Process: avastsvc.exe) 00:46:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51104, Process: avastsvc.exe) 18:10:55 divya MESSAGE Protection started successfully 18:10:59 divya MESSAGE IP Protection started successfully 18:11:54 divya ERROR Scheduled update failed: No address found failed with error code 11004 18:53:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49402, Process: avastsvc.exe) 18:53:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49403, Process: avastsvc.exe) 19:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50457, Process: avastsvc.exe) 19:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50458, Process: avastsvc.exe) 19:38:15 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50529, Process: avastsvc.exe) 19:38:15 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50530, Process: avastsvc.exe) 19:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50594, Process: avastsvc.exe) 19:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50595, Process: avastsvc.exe) 20:08:12 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50680, Process: avastsvc.exe) 20:08:12 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50681, Process: avastsvc.exe) 20:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50739, Process: avastsvc.exe) 20:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50740, Process: avastsvc.exe) 20:38:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50805, Process: avastsvc.exe) 20:38:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50806, Process: avastsvc.exe) 20:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51187, Process: avastsvc.exe) 20:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51188, Process: avastsvc.exe) 21:23:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51552, Process: avastsvc.exe) 21:23:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51553, Process: avastsvc.exe) 21:38:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51661, Process: avastsvc.exe) 21:38:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51662, Process: avastsvc.exe) 3. The Logs from DDS Run - namely DDS.txt and Attach.txt DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by divya at 21:31:27 on 2011-11-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1832 [GMT 5.5:30] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\SysWOW64\ChgService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\rundll32.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\USB Camera\VM331_STI.EXE C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Windows NT\Accessories\wordpad.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Mp3Rocket Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300b} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll BHO-X64: scriptproxy - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Mp3Rocket Toolbar: {4C350B19-6CA1-4569-B14C-296D8D65300B} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL" TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p= FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\divya\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768] R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2010-11-3 135168] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-12 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-15 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-15 245352] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-1-15 149032] R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;C:\Program Files (x86)\MP3 Rocket Toolbar\Mp3RocketSvc.exe [2011-3-10 221696] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-20 2320920] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176] S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\windows\system32\DRIVERS\cmnsusbser.sys --> C:\windows\system32\DRIVERS\cmnsusbser.sys [?] S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176] S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-20 509192] S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-20 579400] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-12 07:12:05 -------- d-----w- C:\Users\divya\AppData\Roaming\Malwarebytes 2011-11-12 07:11:56 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-12 07:11:53 25416 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-11-12 07:11:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-11 16:06:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\offreg.dll 2011-11-11 16:06:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\mpengine.dll 2011-11-09 08:39:41 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-09 08:39:37 3144704 ----a-w- C:\windows\System32\win32k.sys 2011-11-09 08:17:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 08:17:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-10-23 15:38:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-10-16 13:25:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2011-10-15 16:28:00 -------- d-----w- C:\windows\System32\SPReview 2011-10-15 16:26:24 -------- d-----w- C:\windows\System32\EventProviders . ==================== Find3M ==================== . 2011-10-19 13:41:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 16:40:34 152576 ----a-w- C:\windows\SysWow64\msclmd.dll 2011-10-15 16:40:33 175616 ----a-w- C:\windows\System32\msclmd.dll 2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr 2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll 2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll 2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax 2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll 2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax . ============= FINISH: 21:33:02.90 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 26-09-2010 13:05:53 System Uptime: 13-11-2011 20:06:00 (1 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 219.757 GiB free. D: is FIXED (NTFS) - 29 GiB total, 22.019 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000 Service: . ==== System Restore Points =================== . RP134: 21-10-2011 20:53:22 - Windows Update RP135: 23-10-2011 21:04:00 - Windows Update RP136: 23-10-2011 21:06:00 - Windows Update RP137: 23-10-2011 22:43:01 - Windows Update RP138: 27-10-2011 01:04:54 - Windows Update RP139: 01-11-2011 22:11:55 - Windows Update RP140: 05-11-2011 12:45:59 - Windows Update RP141: 09-11-2011 14:14:49 - Windows Update RP142: 09-11-2011 15:21:12 - Windows Update RP143: 10-11-2011 01:01:22 - Windows Update RP144: 12-11-2011 01:01:16 - Windows Update RP145: 12-11-2011 22:59:50 - Windows Update . ==== Installed Programs ====================== . µTorrent Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 Ask Toolbar avast! Free Antivirus Bing Bar Bing Bar Platform Capitel Connect 2.2.8.3.2.102.2 Conduit Engine CyberLink YouCam D3DX10 Energy Management GeoVid Flash Player Google Chrome Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Jardinains! Java Auto Updater Java 6 Update 26 Junk Mail filter update Lenovo DirectShare Lenovo EasyCamera Lenovo OneKey Recovery Lenovo ReadyComm 5 Lenovo ReadyComm 5.0 Service Lenovo_Wireless_Driver Malwarebytes' Anti-Malware version 1.51.2.1300 McAfee AntiVirus Plus Mesh Runtime Messenger Companion Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 7.0.1 (x86 en-US) MP3 Rocket MP3 Rocket Toolbar MSVCRT MSVCRT_amd64 Onekey Theater ooVoo Pocket Tanks 1.00b Power2Go RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Skype Toolbars Skype™ 5.1 TextPad 5 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) uTorrentBar Toolbar VeriFace VLC media player 1.1.9 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Yahoo! BrowserPlus 2.9.8 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 13-11-2011 20:09:06, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified. 13-11-2011 20:05:27, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running. 13-11-2011 20:05:27, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 13-11-2011 20:05:27, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: A system shutdown is in progress. 13-11-2011 20:05:27, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: A system shutdown is in progress. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File =========================== Awaiting your suggestions. Thank You.
  6. Hi, I had provided the DDS Logs as suggested but no one has responded as to what i need to do/proceed to stop the specified ip access to my system. Please suggest. Regards and Thanks in advance.
  7. Hi, Its working when i followed the steps you suggested. I have run the DDS and have created a new post at http://forums.malwarebytes.org/index.php?showtopic=99751 as suggested. Thanks for all the help.
  8. Hi As suggested, i downloaded and run the DDS file. The run generated two logs , one being DDS.txt and the second Attach.txt, both of which have been attached. Please suggest how i could proceed in this regard. Thanks for all your help.DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by divya at 21:31:27 on 2011-11-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1832 [GMT 5.5:30] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\SysWOW64\ChgService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\rundll32.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\USB Camera\VM331_STI.EXE C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Windows NT\Accessories\wordpad.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Mp3Rocket Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300b} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll BHO-X64: scriptproxy - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Mp3Rocket Toolbar: {4C350B19-6CA1-4569-B14C-296D8D65300B} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL" TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p= FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\divya\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768] R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2010-11-3 135168] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-12 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-15 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-15 245352] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-1-15 149032] R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;C:\Program Files (x86)\MP3 Rocket Toolbar\Mp3RocketSvc.exe [2011-3-10 221696] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-20 2320920] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176] S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\windows\system32\DRIVERS\cmnsusbser.sys --> C:\windows\system32\DRIVERS\cmnsusbser.sys [?] S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176] S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-20 509192] S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-20 579400] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-12 07:12:05 -------- d-----w- C:\Users\divya\AppData\Roaming\Malwarebytes 2011-11-12 07:11:56 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-12 07:11:53 25416 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-11-12 07:11:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-11 16:06:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\offreg.dll 2011-11-11 16:06:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\mpengine.dll 2011-11-09 08:39:41 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-11-09 08:39:37 3144704 ----a-w- C:\windows\System32\win32k.sys 2011-11-09 08:17:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 08:17:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-10-23 15:38:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-10-16 13:25:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2011-10-15 16:28:00 -------- d-----w- C:\windows\System32\SPReview 2011-10-15 16:26:24 -------- d-----w- C:\windows\System32\EventProviders . ==================== Find3M ==================== . 2011-10-19 13:41:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-15 16:40:34 152576 ----a-w- C:\windows\SysWow64\msclmd.dll 2011-10-15 16:40:33 175616 ----a-w- C:\windows\System32\msclmd.dll 2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr 2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll 2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll 2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll 2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll 2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax 2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll 2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax . ============= FINISH: 21:33:02.90 =============== Attach.txt
  9. Hi, I have been suggested to go through the steps listed at http://forums.malwarebytes.org/index.php?showtopic=9573 in response to my request for help in an earlier post of mine. But , i see that the DDS link that listed in the suggested forum is not working and is leading to a blank page. Please suggest the exact link that has to be accessed. Thanks in advance.
  10. Hello, I am a new user of Malware Bytes Anti Malware and i came to know about MBAM from mozilla forums. I was experiencing problems in accessing sites like yahoo and google from both mozilla and chrome and the message "DNS lookup failed was being displayed". I went through different forums and i decided to try out MBAM to fish out any infections in my system. I have Avast antivirus installed in my system and a scan from both of these ( Avast and MBAM) revealed zero virus and infections in my system. However, i constantly keep getting a pop up from MBAM about access to one partiular IP address 208.87.149.250 being blocked by MBAM and the Process Initiator being Avastsvc.exe (used by Avast Antivirus Sofware). I have gone through the MBAM forums and understand that it is infact some other process that is trying to provide access to this particular IP but Windows portrays it as Avast . So, as sugggested (Section G of http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100), I installed the TCPView to know which is the process which is actually initiating the hit to this IP but i see that the TCPView does not show 208.87.149.250 anywhere or at anytime in the list of remote addresses (or maybe i am missing it.. ) I did a google search for this IP and I see that this IP is regitered to a particular FreeLook Incorporation from NA and is BlackListed and is also said to be noted for DNS Infiltration and spamming. Please find below the log file of MBAM in my system. 14:18:05 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52322, Process: avastsvc.exe) 14:18:06 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52323, Process: avastsvc.exe) 14:33:08 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52960, Process: avastsvc.exe) 14:33:08 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52961, Process: avastsvc.exe) 16:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 53616, Process: avastsvc.exe) 16:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 53617, Process: avastsvc.exe) 16:29:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54280, Process: avastsvc.exe) 16:29:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54281, Process: avastsvc.exe) 16:44:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54399, Process: avastsvc.exe) 16:44:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54400, Process: avastsvc.exe) 16:59:58 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54624, Process: avastsvc.exe) 16:59:58 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54625, Process: avastsvc.exe) 17:11:28 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54791, Process: avastsvc.exe) 17:11:28 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54792, Process: avastsvc.exe) 17:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54953, Process: avastsvc.exe) 17:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54954, Process: avastsvc.exe) 17:29:55 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 55085, Process: avastsvc.exe) 17:29:55 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 55086, Process: avastsvc.exe) Could you please suggest what can i do to stop this IP from accessing my machine and how i could know which is the particular process which is supporting access to this IP from my system? Pleaseee Helpp..
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.