Waz4liverpool's Content - Malwarebytes Forums

Apps and games on facebook + other sites does not load

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Thanks for your feedback but i think the problem is with my ISP cause i used a different connection and it worked. so i guess thats that.

Apps and games on facebook + other sites does not load

Waz4liverpool posted a topic in Resolved Malware Removal Logs

Hi, I have been unable to to play games or use apps in facebook and other sites. I am able to browse fine, watch videos fine but only when i start playing a flash game/app it says im unble to connect. So i am wondering if it perhaps is due to a malware issue. Heres the HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:09:00 ?.?, on 2013/12/31 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe C:\Program Files\Avro Keyboard\Avro Keyboard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 13095 bytes Thanks!

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01 Ran by Arif (administrator) on 03-08-2013 20:16:00 Running from C:\Documents and Settings\Arif\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe () C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe (TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe () C:\Program Files\Hotspot Shield\bin\hsswd.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe (OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe () C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005 -04-11] (ATI Technologies, Inc.) HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] (TOSHIBA) HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [118784 2005-04-11] (TOSHIBA Corporation) HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA) HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0 \Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [] - [x] HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation) HKLM\...\Run: [TPSMain] - C:\Windows\system32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013 -04-05] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] (TOSHIBA) HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] (OmicronLab) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-09] (Google Inc.) HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.) HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.) HKCU\...\Policies\system: [EnableProfileQuota] 1 MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exe MountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exe MountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe HKU\Administrator\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04- 11] (TOSHIBA) HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04- 11] (TOSHIBA) HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) Lsa: [Notification Packages] scecli omchomos.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p= {searchTerms} SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p= {searchTerms} SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870- 4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32 \dla\tfswshx.dll (Sonic Solutions) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E- 1719D1177202/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a- UNO1/GAME_UNO1.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ipp - No CLSID Value - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1 \MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1 \MSGRAP~1.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 103.15.164.21 Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 103.15.164.22 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ} {google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter} {google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter} client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey= {google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0 CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1 \Temp\cghopidkpepfbblompnklhpbbpanocha.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] () R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.) R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] () R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation) R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA Corp.) R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [241664 2009-07-16] () S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek Semiconductor Corp.) R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, Inc.) R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation) R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] () R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation) R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] () R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI) R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] () S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation) R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc) R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation) R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft Corporation) U3 a4xaete0; C:\Windows\System32\Drivers\a4xaete0.sys [0 ] (Microsoft Corporation) S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google Chrome.lnk 2013-07-29 13:30 - 2013-07-29 13:49 - 00000000 ____D C:\Combofix 2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 09:44 - 2013-07-28 09:48 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-28 09:44 - 2005-09-05 14:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\MSN Search Toolbar 2013-07-28 09:44 - 2005-09-05 14:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec 2013-07-28 09:44 - 2005-09-05 12:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sonic 2013-07-28 09:44 - 2005-09-05 12:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\toshiba 2013-07-28 09:44 - 2005-09-05 12:01 - 00000000 ____D C:\Documents and Settings\Administrator\WINDOWS 2013-07-28 09:44 - 2005-09-02 15:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020} 2013-07-28 09:43 - 2013-07-28 09:46 - 00000000 ____D C:\Documents and Settings\Administrator 2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty of Asian and Middle Eastern Studies General Information Job Vacancies.mht 2013-07-26 21:05 - 2013-07-28 13:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST 2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp 2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk 2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log 2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log 2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-15 17:33 - 2013-07-31 08:54 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob 2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log 2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log ==================== One Month Modified Files and Folders ======= 2013-08-03 20:15 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-08-03 20:07 - 2005-09-02 15:27 - 01083553 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-03 20:06 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1 -5-21-36152136-1858269472-3594936982-1007.job 2013-08-03 20:06 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-03 20:06 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-03 20:05 - 2013-04-18 20:26 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982 -1007.job 2013-08-03 20:05 - 2013-04-18 20:15 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982- 1007.job 2013-08-03 20:05 - 2012-04-29 16:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-03 20:05 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-03 18:26 - 2005-09-02 15:31 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-03 17:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1- 5-21-36152136-1858269472-3594936982-1007UA.job 2013-08-03 17:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS -1-5-21-36152136-1858269472-3594936982-1007UA.job 2013-08-03 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS -1-5-21-36152136-1858269472-3594936982-1007Core.job 2013-08-03 17:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-08-03 17:35 - 2010-07-23 22:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-03 17:25 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini 2013-08-03 17:14 - 2009-07-23 15:39 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job 2013-08-03 10:51 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and Settings\Arif\Desktop\Microsoft Office Word 2003.lnk 2013-08-03 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1 -5-21-36152136-1858269472-3594936982-1007Core.job 2013-08-02 11:40 - 2013-04-18 20:26 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472- 3594936982-1007.job 2013-08-02 11:37 - 2013-04-18 20:15 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982- 1007.job 2013-07-31 23:56 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\new research 2013-07-31 23:52 - 2008-06-17 13:17 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\allmb8 2013-07-31 08:54 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob 2013-07-31 08:35 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Poems 2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google Chrome.lnk 2013-07-28 13:27 - 2013-07-26 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-28 09:48 - 2013-07-28 09:44 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 09:46 - 2013-07-28 09:43 - 00000000 ____D C:\Documents and Settings\Administrator 2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty of Asian and Middle Eastern Studies General Information Job Vacancies.mht 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST 2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log 2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\indo - iran book bombay 2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif 2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump 2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp 2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472- 3594936982-1007.job 2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts 2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My Documents\Shafaq 2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk 2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log 2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log 2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log 2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log 2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates 2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva 2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Bangladesh history of 2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo Files to move or delete: ==================== C:\Documents and Settings\All Users\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Thanks

August 3, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

HI, after installing combofix, the pc was acting up so used system restore. Posting new FRST log next.

August 3, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Nope, same result this time.

July 30, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Well I tried running combofix but after stage 50 there is a blue screen error. Mind you, this computer is quite old and perhaps cant handle combofix!

July 29, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Okay did it and it worked! Here's the log: Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.28.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode)Internet Explorer 8.0.6001.18702Arif :: YOUR-29A661D26E [administrator] 2013/07/28 09:53:16 ق.ظmbar-log-2013-07-28 (09-53-16).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPKernel memory modifications detected. Deep Anti-Rootkit Scan engaged.Objects scanned: 245235Time elapsed: 3 hour(s), 29 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)

July 28, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Never really used safe mode before. Need instructions please.

July 27, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Hi, There was a problem with the malwarebyte anti rootkit tool. After the second stage it crashes. I ran it twice and it happened again. In the mbar folder there was only a system-log.txt file which i have attached as asked. system-log.txt Thanks!

July 26, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

And here is the Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2013Ran by Arif at 2013-07-26 20:42:57Running from C:\Documents and Settings\Arif\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe Acrobat 9 Pro (Version: 9.5.5)Adobe Acrobat 9.5.5 - CPSID_83708Adobe Flash Player 10 Plugin (Version: 10.2.152.32)Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)Adobe Reader X (10.1.7) MUI (Version: 10.1.7)Adobe Shockwave Player 11.6 (Version: 11.6.0.626)Any Video Converter 3.2.5Atheros Wireless LAN MiniPCI card DriverATI - Software Uninstall Utility (Version: 6.14.10.1012)ATI Control Panel (Version: 6.14.10.5145)ATI Display Driver (Version: 8.122.1-050411a-023226C-Toshiba)Avro Keyboard 3.1.0 (Version: Avro Keyboard 3.1.0)BufferChm (Version: 53.0.13.000)Canon Camera Access Library (Version: 8.4.0.1)Canon Camera Support Core Library (Version: 7.3.1.6)Canon G.726 WMP-Decoder (Version: 1.1.0.4)CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)Canon Utilities CameraWindow (Version: 7.1.0.2)Canon Utilities CameraWindow DC (Version: 7.1.0.7)Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)Canon Utilities EOS Utility (Version: 1.1.0.8)Canon Utilities MyCamera (Version: 6.4.0.5)Canon Utilities MyCamera DC (Version: 7.0.1.8)Canon Utilities PhotoStitch (Version: 3.1.21.45)Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)CCleaner (Version: 4.01)CD/DVD Drive Acoustic Silencer (Version: 1.00.008)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)Critical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolder (Version: 1.00.0000)Destinations (Version: 53.0.13.000)DeviceFunctionQFolder (Version: 1.00.0000)DeviceManagementQFolder (Version: 1.00.0000)DivX Setup (Version: 1.0.2.23)eSupportQFolder (Version: 1.00.0000)Facebook Video Calling 1.2.0.287 (Version: 1.2.287)Football Manager 2009 (Version: 9.0.0.0)Google Chrome (HKCU Version: 28.0.1500.72)Google Toolbar for Internet Explorer (Version: 1.0.0)Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)Google Update Helper (Version: 1.3.21.153)Grameenphone Internet (Version: 13.001.08.05.344)HijackThis 2.0.2 (Version: 2.0.2)Hotspot Shield 2.92 (Version: 2.92)HP Deskjet 3900 series (Version: 5.0)HP Extended Capabilities 5.0 (Version: 5.0)HP Image Zone Express (Version: 1.5.1.29)HP Imaging Device Functions 5.0 (Version: 5.0)HP Software Update (Version: 3.0.5.001)HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)HPDeskjet3900Series (Version: 1.00.0000)HPProductAssistant (Version: 53.0.13.000)Imikimi PluginInterActual PlayerInterVideo WinDVD Creator 2 (Version: 2.0.14.368)InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.475)ISScript (Version: 3.00.185)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Junk Mail filter update (Version: 14.0.8089.726)Macromedia Flash Player (Version: 7.0.19.0)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)MarketResearch (Version: 53.0.13.000)MediaKeyMicrosoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice Guard (Version: 2.0.48.0)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office OneNote 2003 (Version: 11.0.8173.0)Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Works (Version: 08.04.0623)MSNMSN Search Toolbar (Version: 02.05.0000.1082)MSVCRT (Version: 14.0.1468.721)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Need For Speed Hot Pursuit 2neroxml (Version: 1.0.0)PC Connectivity Solution (Version: 8.15.0.0)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)Realtek AC'97 AudioREALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.60)RealUpgrade 1.1 (Version: 1.1.0)Recuva (Version: 1.43)SA30xx Device Manager (Version: 1.2.0.1100)SA30xx Media Converter (Version: 1.1.5.1007)SAMSUNG CDMA Modem Driver SetSAMSUNG Mobile Composite Device SoftwareSamsung Mobile Modem Device SoftwareSAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver SoftwareSAMSUNG Mobile USB Modem ^^SAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSamsung New PC Studio (Version: 1.00.0000)Samsung PC Studio (Version: 3.0.0.60404)Samsung PC Studio 3 (Version: 3.0.0.80104)Samsung PC Studio 3 (Version: 3.2.3.90502)Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)Samsung Samples Installer (Version: 1.00.0000)SAMSUNG USB Mobile Device SoftwareSamsungConnectivityCableDriver (Version: 6.83.6.2.1)Segoe UI (Version: 14.0.4327.805)SolutionCenter (Version: 50.0.152.000)Sonic DLA (Version: 4.98)Sonic RecordNow! (Version: 7.31)Status (Version: 53.0.13.000)swMSM (Version: 12.0.0.1)Synaptics Pointing Device Driver (Version: 7.12.4.0)T-Mobile Mobile Broadband Manager (Version: 1.0.0.2)T-Mobile PC Suite V6.3.16TOSHIBA AssistTOSHIBA ConfigFree (Version: 5.50.12)TOSHIBA Hotkey Utility (Version: 1.00.03KA)TOSHIBA Manuals (Version: 7.01)TOSHIBA PC Diagnostic ToolTOSHIBA Power Saver (Version: 7.03.06.I)TOSHIBA Software Modem (Version: 2.1.51 (SM2151ALD05))TOSHIBA TouchPad ON/Off Utility (Version: 1.00.03KA)TOSHIBA Utilities (Version: 1.00.06KA)TOSHIBA Virtual SoundTOSHIBA Zooming UtilityTouch and LaunchTrayApp (Version: 53.0.13.000)Unlocker 1.9.0 (Version: 1.9.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)Update for Windows Internet Explorer 8 (KB972636) (Version: 1)Update for Windows Internet Explorer 8 (KB976662) (Version: 1)Update for Windows Internet Explorer 8 (KB976749) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2492386) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB951072-v2) (Version: 2)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB955839) (Version: 1)Update for Windows XP (KB961503) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB971737) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)VLC media player 2.0.6 (Version: 2.0.6)WebFldrs XP (Version: 9.50.7523)WebReg (Version: 53.0.13.000)Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7 (Version: 20070813.185237)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Live Call (Version: 14.0.8064.0206)Windows Live Communications Platform (Version: 14.0.8098.930)Windows Live Essentials (Version: 14.0.8089.0726)Windows Live Essentials (Version: 14.0.8089.726)Windows Live Mail (Version: 14.0.8089.0726)Windows Live Messenger (Version: 14.0.8089.0726)Windows Live OneCare safety scannerWindows Live Sign-in Assistant (Version: 5.000.818.5)Windows Live Upload Tool (Version: 14.0.8014.1029)Windows Media Format 11 runtimeWindows XP Service Pack 3 (Version: 20080414.031525)Yahoo! Search ProtectionYahoo! Software Update ==================== Restore Points ========================= 04-05-2013 12:34:12 Current04-05-2013 12:34:20 Software Distribution Service 3.004-05-2013 12:34:25 Software Distribution Service 3.004-05-2013 12:34:29 Software Distribution Service 3.010-06-2013 10:47:27 Software Distribution Service 3.010-06-2013 10:47:27 Software Distribution Service 3.010-06-2013 10:47:27 System Checkpoint10-06-2013 10:47:26 Software Distribution Service 3.010-06-2013 10:47:26 System Checkpoint10-06-2013 10:47:26 System Checkpoint10-06-2013 10:47:25 System Checkpoint10-06-2013 10:47:25 Software Distribution Service 3.010-06-2013 10:47:25 Software Distribution Service 3.010-06-2013 10:47:24 System Checkpoint10-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:22 Software Distribution Service 3.010-06-2013 10:47:22 Software Distribution Service 3.010-06-2013 10:47:21 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 System Checkpoint10-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.009-06-2013 12:37:33 Software Distribution Service 3.010-06-2013 17:21:32 Software Distribution Service 3.013-06-2013 01:20:37 Software Distribution Service 3.019-06-2013 06:06:45 Software Distribution Service 3.019-06-2013 06:27:15 Software Distribution Service 3.021-06-2013 02:51:20 Software Distribution Service 3.021-06-2013 16:07:39 Software Distribution Service 3.022-06-2013 07:45:17 Software Distribution Service 3.022-06-2013 08:50:26 Removed Java 7 Update 2122-06-2013 08:51:15 Installed Java 7 Update 2524-06-2013 12:32:50 Software Distribution Service 3.011-07-2013 23:03:14 System Checkpoint14-07-2013 05:41:26 Software Distribution Service 3.014-07-2013 05:54:06 Software Distribution Service 3.014-07-2013 18:19:47 Software Distribution Service 3.014-07-2013 18:46:46 Software Distribution Service 3.015-07-2013 12:06:58 Software Distribution Service 3.016-07-2013 03:34:01 Software Distribution Service 3.016-07-2013 06:58:08 Software Distribution Service 3.016-07-2013 07:08:23 Software Distribution Service 3.017-07-2013 18:41:03 Software Distribution Service 3.018-07-2013 12:37:48 Software Distribution Service 3.018-07-2013 13:38:05 Software Distribution Service 3.019-07-2013 13:50:48 Software Distribution Service 3.021-07-2013 04:09:21 Software Distribution Service 3.021-07-2013 11:50:07 Software Distribution Service 3.022-07-2013 18:23:22 Software Distribution Service 3.023-07-2013 12:45:15 Software Distribution Service 3.024-07-2013 12:21:50 Software Distribution Service 3.025-07-2013 14:04:46 Software Distribution Service 3.026-07-2013 08:24:27 Software Distribution Service 3.026-07-2013 11:40:09 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2005-09-02 14:13 - 2004-08-04 18:00 - 00000709 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\system32\OOBE\oobebaln.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/26/2013 08:37:14 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80072ee7. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7 Error: (07/26/2013 06:01:05 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wzcsvc.dll, version 5.1.2600.5512, fault address 0x0002d3ae.Processing media-specific event for [svchost.exe!ws!] Error: (07/25/2013 07:55:58 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. Error: (07/25/2013 07:55:52 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/24/2013 11:37:07 AM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/23/2013 02:37:16 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/22/2013 02:37:32 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/21/2013 02:37:17 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/20/2013 02:37:26 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/18/2013 07:15:43 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. System errors:=============Error: (07/26/2013 08:26:41 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (07/26/2013 05:43:45 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/25/2013 04:45:27 PM) (Source: DCOM) (User: YOUR-29A661D26E)Description: The server {022105BD-948A-40C9-AB42-A3300DDF097F} did not register with DCOM within the required timeout. Error: (07/25/2013 08:29:39 AM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.75 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 08:26:23 PM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.27 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 06:25:45 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/24/2013 04:48:03 PM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.35 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 02:13:31 AM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/24/2013 00:12:24 AM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.60 on theNetwork Card with network address 00A0D12A9B91. Error: (07/23/2013 03:33:40 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. Microsoft Office Sessions:=========================Error: (07/26/2013 08:37:14 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80072ee7. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7 Error: (07/26/2013 06:01:05 PM) (Source: Application Error)(User: )Description: svchost.exe5.1.2600.5512wzcsvc.dll5.1.2600.55120002d3ae Error: (07/25/2013 07:55:58 PM) (Source: Application Hang)(User: )Description: 1180947459 Error: (07/25/2013 07:55:52 PM) (Source: Application Hang)(User: )Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (07/24/2013 11:37:07 AM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/23/2013 02:37:16 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/22/2013 02:37:32 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/21/2013 02:37:17 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/20/2013 02:37:26 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/18/2013 07:15:43 PM) (Source: Application Hang)(User: )Description: 1180947459 ==================== Memory info =========================== Percentage of memory in use: 44%Total physical RAM: 958.23 MBAvailable physical RAM: 527.11 MBTotal Pagefile: 2315.11 MBAvailable Pagefile: 1996.57 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1938.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.89 GB) (Free:10.17 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 56 GB) (Disk ID: F269E16D)Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Downloading Malwarebytes anti rootkit now, will post soon.Thanks!

July 26, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Hi again, Here is the FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013Ran by Arif (administrator) on 26-07-2013 20:41:33Running from C:\Documents and Settings\Arif\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe() C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe() C:\Program Files\Hotspot Shield\bin\hsswd.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe() C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe(TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe(OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-04-11] (ATI Technologies, Inc.)HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] (TOSHIBA)HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [118784 2005-04-11] (TOSHIBA Corporation)HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA)HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [] - [x]HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [TPSMain] - C:\Windows\System32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] (RealNetworks, Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] (TOSHIBA)HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] (OmicronLab)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-09] (Google Inc.)HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.)HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.)HKCU\...\Policies\system: [EnableProfileQuota] 1MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exeMountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exeMountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exeHKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04-11] (TOSHIBA)HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)Lsa: [Notification Packages] scecli omchomos.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comURLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No FileSearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileToolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileToolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cabDPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeDPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: ipp - No CLSID Value - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msdaipp - No CLSID Value - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 103.15.164.22 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No FileCHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No FileCHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No FileCHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No FileCHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No FileCHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1\Temp\cghopidkpepfbblompnklhpbbpanocha.crxCHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crxCHR StartMenuInternet: Google Chrome - "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" ========================== Services (Whitelisted) ================= R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] ()R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.)R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.)S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] ()R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA Corp.)R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [241664 2009-07-16] ()S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek Semiconductor Corp.)R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, Inc.)R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.)R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor Corporation )S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] ()R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI)S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI)R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] ()S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation)R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation)R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation)S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft Corporation)U3 afqr7qic; C:\Windows\System32\Drivers\afqr7qic.sys [0 ] (Microsoft Corporation)S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log2013-07-15 17:33 - 2013-07-18 13:08 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log ==================== One Month Modified Files and Folders ======= 2013-07-26 20:42 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST2013-07-26 20:39 - 2009-07-23 15:39 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job2013-07-26 20:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job2013-07-26 20:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2013-07-26 20:35 - 2010-07-23 22:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-07-26 20:34 - 2005-09-02 15:27 - 01410518 _____ C:\WINDOWS\WindowsUpdate.log2013-07-26 20:33 - 2013-04-18 20:26 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:33 - 2013-04-18 20:15 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:33 - 2012-04-29 16:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-07-26 20:33 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:32 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-07-26 20:32 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-07-26 20:31 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-07-26 20:30 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini2013-07-26 20:30 - 2005-09-02 15:31 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt2013-07-26 20:21 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif\desktop2013-07-26 19:56 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and Settings\Arif\Desktop\Microsoft Office Word 2003.lnk2013-07-26 19:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job2013-07-26 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job2013-07-26 16:21 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Poems2013-07-26 11:40 - 2013-04-18 20:26 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 11:37 - 2013-04-18 20:15 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\indo - iran book bombay2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT2013-07-18 13:08 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My Documents\Shafaq2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates2013-07-16 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva2013-07-13 04:00 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\new research2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Bangladesh history of2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo2013-07-03 13:21 - 2005-09-02 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Desktop2013-07-02 16:08 - 2005-09-02 14:13 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

July 26, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Ok

July 26, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Hi Psychotic, thans for your assistance. Unfortunately DDS runs for over 10 mins and then crashes. GMER (even the randomized one) causes a blue screen error whenever i run it. Something must be wrong right? thanks

July 19, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Am i infected?

Waz4liverpool posted a topic in Resolved Malware Removal Logs

Hello, I recently plugged in my usb drive into my computer and suddenly found my files on the usb to have changed: the folders turned to shortcuts and the files turned unreadable. I scanned and removed what was found and thought thats that. Then today i plugged in another usb saved some files and removed it, i realized i forgot one file and so plugged it back in and somehow the files got corrupted again! So i figured my computer might also be infected. Here's the hijackthis log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 03:41:02 ?.?, on 2013/07/16Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Real\RealPlayer\update\realsched.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeC:\Program Files\Avro Keyboard\Avro Keyboard.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\FsUsbExService.ExeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%sR3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllO2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E5034589-69F6-448F-9EB0-63BA2F34919F}: NameServer = 103.15.164.21 8.8.8.8O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.ExeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exeO23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeO23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXEO23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeO23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe --End of file - 13653 bytes I also tried to use bit defender's immuniser on the 1st infected usb and it could do it giving me this log: [16-7-2013 15:3] Immunizer started[16-7-2013 15:3] BDMetrics Loaded Successfully[16-7-2013 15:3] Config loaded successfully[16-7-2013 15:3] Current Number of Immunized Devices = 1[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize1.dir.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize2.dir.[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf.[16-7-2013 15:3] Could not lock Fat32 volume: F: ,error = 0x5[16-7-2013 15:3] Could not unlock Fat32 volume: F: ,error = 0x9E[16-7-2013 15:3] Could not immunize drive F: Thanks for taking the time to read this, any help will be appreciated.

July 16, 2013
24 replies
- usb
- folders change to shortcut
- (and 2 more)
  Tagged with:

Waz4liverpool

MrCharlie

Thank you very much Mr C for restoring my pc back to good health. In future I will definitely be more than happy to receive your help again!

April 16, 2013

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

And here is the Security Check log: Results of screen317's Security Check version 0.99.62 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 31 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.1.53.64 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Thanks again.

April 16, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Here is the log of adwcleaner: # AdwCleaner v2.200 - Logfile created 04/15/2013 at 19:16:32 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : currys - YOUR-70ACE488F7 # Boot Mode : Normal # Running from : C:\Documents and Settings\currys\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Hotspot Shield Deleted on reboot : C:\Program Files\Hotspot Shield File Deleted : C:\END Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield Folder Deleted : C:\Documents and Settings\currys\Application Data\Hotspot Shield Folder Deleted : C:\Documents and Settings\currys\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\currys\Application Data\Toolbar4 Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\Hotspot_Shield Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\OpenCandy Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Hotspot_Shield ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Hotspot_Shield Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SBConvert Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SpeedBit Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Hotspot_Shield Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24166B1B-917C-400B-8028-B02C6242A3F3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3941415-CA5C-4F79-8BC0-311E652D643F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Hotspot_Shield Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar Key Deleted : HKLM\Software\SpeedBit Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v18.0.1025.142 File : C:\Documents and Settings\currys\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [5762 octets] - [15/04/2013 19:16:32] ########## EOF - C:\AdwCleaner[s1].txt - [5822 octets] ########## Will post back with the security check soon. Thanks.

April 16, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Ok.

April 15, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

So what's the next step?

April 15, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Ok, i do have the installation files, so yes i can re-install in again in future If I need to.

April 15, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Here's the adwcleaner report: AdwCleanerR1.txt I had a look through and Hotspot Shield is something i would like to keep and everything else can go. And can you tell me what conduit is? Thanks.

April 15, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Ok, downloading the adwcleaner now and will post with log soon.

April 15, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Thank you for your help.

April 13, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Ran MBAM and here's the report: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 currys :: YOUR-70ACE488F7 [administrator] Protection: Enabled 13/04/2013 20:15:19 mbam-log-2013-04-13 (20-15-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 248047 Time elapsed: 24 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The computer looks to be ok now.

April 13, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

PUM.WLoad - Help!

Waz4liverpool replied to Waz4liverpool's topic in Resolved Malware Removal Logs

Sorry about the last post, lost internet connectivity for a second as i pressed 'post'.

April 13, 2013
24 replies
- load
- PUM.WLoad
- (and 3 more)
  Tagged with:

Events

Profiles

Forums

Everything posted by Waz4liverpool

Important Information