Jump to content

Recommended Posts

Hello, 

I recently plugged in my usb drive into my computer and suddenly found my files on the usb to have changed: the folders turned to shortcuts and the files turned unreadable. I scanned and removed what was found and thought thats that. Then today i plugged in another usb saved some files and removed it, i realized i forgot one file and so plugged it back in and somehow the files got corrupted again! So i figured my computer might also be infected.

 

Here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:41:02 ?.?, on 2013/07/16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5034589-69F6-448F-9EB0-63BA2F34919F}: NameServer = 103.15.164.21 8.8.8.8
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 13653 bytes
 

I also tried to use bit defender's immuniser on the 1st infected usb and it could do it giving me this log:

[16-7-2013  15:3] Immunizer started
[16-7-2013  15:3] BDMetrics Loaded Successfully
[16-7-2013  15:3] Config loaded successfully
[16-7-2013  15:3] Current Number of Immunized Devices = 1
[16-7-2013  15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.dir. Err = 5
[16-7-2013  15:3] directory removed: \\?\F:\autorun.inf\bdsanitize1.dir.
[16-7-2013  15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.file. Err = 5
[16-7-2013  15:3] File removed: \\?\F:\autorun.inf\bdsanitize1.file.
[16-7-2013  15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.file. Err = 5
[16-7-2013  15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.file.
[16-7-2013  15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file. Err = 5
[16-7-2013  15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file.
[16-7-2013  15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file. Err = 5
[16-7-2013  15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file.
[16-7-2013  15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir. Err = 5
[16-7-2013  15:3] directory removed: \\?\F:\autorun.inf\bdsanitize2.dir.
[16-7-2013  15:3] directory removed: \\?\F:\autorun.inf.
[16-7-2013  15:3] Could not lock Fat32 volume: F: ,error = 0x5
[16-7-2013  15:3] Could not unlock Fat32 volume: F: ,error = 0x9E
[16-7-2013  15:3] Could not immunize drive F:
 
Thanks for taking the time to read this, any help will be appreciated.
 
 

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

Link to post
Share on other sites

Hi again,

 

Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013
Ran by Arif (administrator) on 26-07-2013 20:41:33
Running from C:\Documents and Settings\Arif\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
() C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
(OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-04-11] (ATI Technologies, Inc.)
HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] (TOSHIBA)
HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [118784 2005-04-11] (TOSHIBA Corporation)
HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [TPSMain] - C:\Windows\System32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] (TOSHIBA)
HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] (OmicronLab)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-09] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.)
HKCU\...\Policies\system: [EnableProfileQuota] 1
MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exe
MountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exe
MountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe
MountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04-11] (TOSHIBA)
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli omchomos.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value - 
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 103.15.164.22
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1\Temp\cghopidkpepfbblompnklhpbbpanocha.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR StartMenuInternet: Google Chrome - "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
 
========================== Services (Whitelisted) =================
 
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] ()
R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA Corp.)
R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [241664 2009-07-16] ()
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek Semiconductor Corp.)
R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, Inc.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] ()
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation)
R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)
R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation)
R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft Corporation)
U3 afqr7qic; C:\Windows\System32\Drivers\afqr7qic.sys [0 ] (Microsoft Corporation)
S4 IntelIde; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST
2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp
2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk
2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log
2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log
2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-15 17:33 - 2013-07-18 13:08 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob
2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log
2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log
 
==================== One Month Modified Files and Folders =======
 
2013-07-26 20:42 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST
2013-07-26 20:39 - 2009-07-23 15:39 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job
2013-07-26 20:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job
2013-07-26 20:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-26 20:35 - 2010-07-23 22:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 20:34 - 2005-09-02 15:27 - 01410518 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-26 20:33 - 2013-04-18 20:26 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-26 20:33 - 2013-04-18 20:15 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-26 20:33 - 2012-04-29 16:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 20:33 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-26 20:32 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-26 20:32 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-26 20:31 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-26 20:30 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini
2013-07-26 20:30 - 2005-09-02 15:31 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-26 20:21 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif\desktop
2013-07-26 19:56 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and Settings\Arif\Desktop\Microsoft Office Word 2003.lnk
2013-07-26 19:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job
2013-07-26 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job
2013-07-26 16:21 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Poems
2013-07-26 11:40 - 2013-04-18 20:26 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-26 11:37 - 2013-04-18 20:15 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log
2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\indo - iran book bombay
2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif
2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp
2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-18 13:08 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob
2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job
2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts
2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My Documents\Shafaq
2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk
2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log
2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log
2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log
2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log
2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log
2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log
2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-16 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job
2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva
2013-07-13 04:00 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\new research
2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Bangladesh history of
2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo
2013-07-03 13:21 - 2005-09-02 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Desktop
2013-07-02 16:08 - 2005-09-02 14:13 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

And here is the Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2013
Ran by Arif at 2013-07-26 20:42:57
Running from C:\Documents and Settings\Arif\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Adobe Acrobat 9 Pro (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Any Video Converter 3.2.5
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.122.1-050411a-023226C-Toshiba)
Avro Keyboard 3.1.0 (Version: Avro Keyboard 3.1.0)
BufferChm (Version: 53.0.13.000)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CCleaner (Version: 4.01)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Setup (Version: 1.0.2.23)
eSupportQFolder (Version: 1.00.0000)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Football Manager 2009 (Version: 9.0.0.0)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Grameenphone Internet (Version: 13.001.08.05.344)
HijackThis 2.0.2 (Version: 2.0.2)
Hotspot Shield 2.92 (Version: 2.92)
HP Deskjet 3900 series (Version: 5.0)
HP Extended Capabilities 5.0 (Version: 5.0)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HPDeskjet3900Series (Version: 1.00.0000)
HPProductAssistant (Version: 53.0.13.000)
Imikimi Plugin
InterActual Player
InterVideo WinDVD Creator 2 (Version: 2.0.14.368)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.475)
ISScript (Version: 3.00.185)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8089.726)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 53.0.13.000)
MediaKey
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office OneNote 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
MSN
MSN Search Toolbar (Version: 02.05.0000.1082)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Need For Speed Hot Pursuit 2
neroxml (Version: 1.0.0)
PC Connectivity Solution (Version: 8.15.0.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.60)
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.43)
SA30xx Device Manager (Version: 1.2.0.1100)
SA30xx Media Converter (Version: 1.1.5.1007)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
Samsung PC Studio (Version: 3.0.0.60404)
Samsung PC Studio 3 (Version: 3.0.0.80104)
Samsung PC Studio 3 (Version: 3.2.3.90502)
Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)
Samsung Samples Installer (Version: 1.00.0000)
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Segoe UI (Version: 14.0.4327.805)
SolutionCenter (Version: 50.0.152.000)
Sonic DLA (Version: 4.98)
Sonic RecordNow! (Version: 7.31)
Status (Version: 53.0.13.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 7.12.4.0)
T-Mobile Mobile Broadband Manager (Version: 1.0.0.2)
T-Mobile PC Suite V6.3.16
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.50.12)
TOSHIBA Hotkey Utility (Version: 1.00.03KA)
TOSHIBA Manuals (Version: 7.01)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.03.06.I)
TOSHIBA Software Modem (Version: 2.1.51 (SM2151ALD05))
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.03KA)
TOSHIBA Utilities (Version: 1.00.06KA)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TrayApp (Version: 53.0.13.000)
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.6 (Version: 2.0.6)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Search Protection
Yahoo! Software Update
 
 
==================== Restore Points  =========================
 
04-05-2013 12:34:12 Current
04-05-2013 12:34:20 Software Distribution Service 3.0
04-05-2013 12:34:25 Software Distribution Service 3.0
04-05-2013 12:34:29 Software Distribution Service 3.0
10-06-2013 10:47:27 Software Distribution Service 3.0
10-06-2013 10:47:27 Software Distribution Service 3.0
10-06-2013 10:47:27 System Checkpoint
10-06-2013 10:47:26 Software Distribution Service 3.0
10-06-2013 10:47:26 System Checkpoint
10-06-2013 10:47:26 System Checkpoint
10-06-2013 10:47:25 System Checkpoint
10-06-2013 10:47:25 Software Distribution Service 3.0
10-06-2013 10:47:25 Software Distribution Service 3.0
10-06-2013 10:47:24 System Checkpoint
10-06-2013 10:47:23 Software Distribution Service 3.0
10-06-2013 10:47:23 Software Distribution Service 3.0
10-06-2013 10:47:23 Software Distribution Service 3.0
10-06-2013 10:47:23 Software Distribution Service 3.0
10-06-2013 10:47:22 Software Distribution Service 3.0
10-06-2013 10:47:22 Software Distribution Service 3.0
10-06-2013 10:47:21 Software Distribution Service 3.0
10-06-2013 10:47:20 Software Distribution Service 3.0
10-06-2013 10:47:20 Software Distribution Service 3.0
10-06-2013 10:47:20 System Checkpoint
10-06-2013 10:47:20 Software Distribution Service 3.0
10-06-2013 10:47:20 Software Distribution Service 3.0
09-06-2013 12:37:33 Software Distribution Service 3.0
10-06-2013 17:21:32 Software Distribution Service 3.0
13-06-2013 01:20:37 Software Distribution Service 3.0
19-06-2013 06:06:45 Software Distribution Service 3.0
19-06-2013 06:27:15 Software Distribution Service 3.0
21-06-2013 02:51:20 Software Distribution Service 3.0
21-06-2013 16:07:39 Software Distribution Service 3.0
22-06-2013 07:45:17 Software Distribution Service 3.0
22-06-2013 08:50:26 Removed Java 7 Update 21
22-06-2013 08:51:15 Installed Java 7 Update 25
24-06-2013 12:32:50 Software Distribution Service 3.0
11-07-2013 23:03:14 System Checkpoint
14-07-2013 05:41:26 Software Distribution Service 3.0
14-07-2013 05:54:06 Software Distribution Service 3.0
14-07-2013 18:19:47 Software Distribution Service 3.0
14-07-2013 18:46:46 Software Distribution Service 3.0
15-07-2013 12:06:58 Software Distribution Service 3.0
16-07-2013 03:34:01 Software Distribution Service 3.0
16-07-2013 06:58:08 Software Distribution Service 3.0
16-07-2013 07:08:23 Software Distribution Service 3.0
17-07-2013 18:41:03 Software Distribution Service 3.0
18-07-2013 12:37:48 Software Distribution Service 3.0
18-07-2013 13:38:05 Software Distribution Service 3.0
19-07-2013 13:50:48 Software Distribution Service 3.0
21-07-2013 04:09:21 Software Distribution Service 3.0
21-07-2013 11:50:07 Software Distribution Service 3.0
22-07-2013 18:23:22 Software Distribution Service 3.0
23-07-2013 12:45:15 Software Distribution Service 3.0
24-07-2013 12:21:50 Software Distribution Service 3.0
25-07-2013 14:04:46 Software Distribution Service 3.0
26-07-2013 08:24:27 Software Distribution Service 3.0
26-07-2013 11:40:09 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2005-09-02 14:13 - 2004-08-04 18:00 - 00000709 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\system32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2013 08:37:14 PM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (07/26/2013 06:01:05 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wzcsvc.dll, version 5.1.2600.5512, fault address 0x0002d3ae.
Processing media-specific event for [svchost.exe!ws!]
 
Error: (07/25/2013 07:55:58 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
Error: (07/25/2013 07:55:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/24/2013 11:37:07 AM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/23/2013 02:37:16 PM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/22/2013 02:37:32 PM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/21/2013 02:37:17 PM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/20/2013 02:37:26 PM) (Source: Google Update) (User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/18/2013 07:15:43 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
 
System errors:
=============
Error: (07/26/2013 08:26:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
 
Error: (07/26/2013 05:43:45 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (07/25/2013 04:45:27 PM) (Source: DCOM) (User: YOUR-29A661D26E)
Description: The server {022105BD-948A-40C9-AB42-A3300DDF097F} did not register with DCOM within the required timeout.
 
Error: (07/25/2013 08:29:39 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.16.93.75 on the
Network Card with network address 00A0D12A9B91.
 
Error: (07/24/2013 08:26:23 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.16.93.27 on the
Network Card with network address 00A0D12A9B91.
 
Error: (07/24/2013 06:25:45 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (07/24/2013 04:48:03 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.16.93.35 on the
Network Card with network address 00A0D12A9B91.
 
Error: (07/24/2013 02:13:31 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (07/24/2013 00:12:24 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.16.93.60 on the
Network Card with network address 00A0D12A9B91.
 
Error: (07/23/2013 03:33:40 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2013 08:37:14 PM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (07/26/2013 06:01:05 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512wzcsvc.dll5.1.2600.55120002d3ae
 
Error: (07/25/2013 07:55:58 PM) (Source: Application Hang)(User: )
Description: 1180947459
 
Error: (07/25/2013 07:55:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (07/24/2013 11:37:07 AM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/23/2013 02:37:16 PM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/22/2013 02:37:32 PM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/21/2013 02:37:17 PM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/20/2013 02:37:26 PM) (Source: Google Update)(User: YOUR-29A661D26E)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (07/18/2013 07:15:43 PM) (Source: Application Hang)(User: )
Description: 1180947459
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 958.23 MB
Available physical RAM: 527.11 MB
Total Pagefile: 2315.11 MB
Available Pagefile: 1996.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.89 GB) (Free:10.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 56 GB) (Disk ID: F269E16D)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Downloading Malwarebytes anti rootkit now, will post soon.
Thanks! 
Link to post
Share on other sites

Now reboot into Safe Mode.

This can be done tapping the F8 key as soon as you start your computer

You will be brought to a menu where you can choose to boot into safe mode.

Make sure you choose the option without networking support.

Please see here for additional details.

Link to post
Share on other sites

Okay did it  and it worked! 

 

Here's the log:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.28.01
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Arif :: YOUR-29A661D26E [administrator]
 
2013/07/28 09:53:16 ق.ظ
mbar-log-2013-07-28 (09-53-16).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 245235
Time elapsed: 3 hour(s), 29 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01

Ran by Arif (administrator) on 03-08-2013 20:16:00

Running from C:\Documents and Settings\Arif\My Documents\Downloads

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

() C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

(TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe

() C:\Program Files\Hotspot Shield\bin\hsswd.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe

(OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

() C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe

(Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005

 

-04-11] (ATI Technologies, Inc.)

HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] 

 

(TOSHIBA)

HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA 

 

Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe 

 

[118784 2005-04-11] (TOSHIBA Corporation)

HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] 

 

(TOSHIBA)

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0

 

\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 

 

2013-05-08] (Adobe Systems Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] 

 

(Microsoft Corporation)

HKLM\...\Run: [TPSMain] - C:\Windows\system32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013

 

-04-05] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] 

 

(RealNetworks, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe 

 

[253816 2013-03-12] (Oracle Corporation)

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] 

 

(TOSHIBA)

HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] 

 

(OmicronLab)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 

 

2008-04-09] (Google Inc.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.)

HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.)

HKCU\...\Policies\system: [EnableProfileQuota] 1

MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exe

MountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exe

MountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe

MountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe

HKU\Administrator\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04-

 

11] (TOSHIBA)

HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft 

 

Corporation)

HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04-

 

11] (TOSHIBA)

HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft 

 

Corporation)

Lsa: [Notification Packages] scecli omchomos.dll

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = 

 

http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File

SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = 

 


 

p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-

 

8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

 

http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 

 


 

{searchTerms}

SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = 

 


 

p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-

 

8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = 

 


SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = 

SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = 

 


 

p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-

 

8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = 

 


 

{searchTerms}

SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = 

 


BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common 

 

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-

 

4C09146192CA} - C:\Documents and Settings\All Users\Application 

 

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32

 

\dla\tfswshx.dll (Sonic Solutions)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

 

Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program 

 

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program 

 

Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program 

 

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program 

 

Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN 

 

Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 

 

Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common 

 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program 

 

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common 

 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program 

 

Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File

Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File

Toolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program 

 

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program 

 

Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common 

 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} 

 


DPF: {17492023-C23A-453E-A040-C7C580BBF700} 

 


 

1719D1177202/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} 

 


DPF: {233C1507-6A77-46A4-9443-F871F945D258} 

 


DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} 

 


DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-

 

UNO1/GAME_UNO1.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} 

 


DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} 

 


DPF: {BD393C14-72AD-4790-A095-76522973D6B8} 

 


DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} 

 


DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} 

 


DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ipp - No CLSID Value - 

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1

 

\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft 

 

Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1

 

\MSGRAP~1.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 103.15.164.21

Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 

 

103.15.164.22

 

Chrome: 

=======



CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}

 

{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}

 

{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}

 

client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey=

 

{google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe 

 

Systems Inc.)

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft 

 

Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media 

 

Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft 

 

Corporation)

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and 

 

Settings\All Users\Application 

 

Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, 

 

Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All 

 

Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 

 

(RealNetworks, Inc.)

CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle 

 

Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program 

 

Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll 

 

(RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll 

 

(RealPlayer)

CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe 

 

Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle 

 

Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft 

 

Corporation)

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 

 

Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User 

 

Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0

CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application 

 

Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application 

 

Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User 

 

Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0

CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1

 

\Temp\cghopidkpepfbblompnklhpbbpanocha.crx

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All 

 

Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Arif\Local Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)

R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe 

 

[229376 2010-05-08] ()

R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.)

R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.)

S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] ()

R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] 

 

(Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] 

 

(Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft 

 

Corporation)

R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)

R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA 

 

Corp.)

R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe 

 

[241664 2009-07-16] ()

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program 

 

Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

 

==================== Drivers (Whitelisted) ====================

 

R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek 

 

Semiconductor Corp.)

R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, 

 

Inc.)

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft 

 

Corporation)

R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)

R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()

R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes 

 

Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft 

 

Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)

R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.)

R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)

R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)

R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)

R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor 

 

Corporation                           )

S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor 

 

Corporation)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] ()

R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)

S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)

S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI)

S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI)

R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)

R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] ()

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation)

R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)

R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)

R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)

R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)

R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)

R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)

R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)

R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)

R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)

R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)

R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation)

R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft 

 

Corporation)

U3 a4xaete0; C:\Windows\System32\Drivers\a4xaete0.sys [0 ] (Microsoft Corporation)

S4 IntelIde; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google 

 

Chrome.lnk

2013-07-29 13:30 - 2013-07-29 13:49 - 00000000 ____D C:\Combofix

2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and 

 

Settings\Administrator\IETldCache

2013-07-28 09:44 - 2013-07-28 09:48 - 00000178 ___SH C:\Documents and 

 

Settings\Administrator\ntuser.ini

2013-07-28 09:44 - 2005-09-05 14:49 - 00000000 ____D C:\Documents and 

 

Settings\Administrator\Application Data\MSN Search Toolbar

2013-07-28 09:44 - 2005-09-05 14:38 - 00000000 ____D C:\Documents and 

 

Settings\Administrator\Application Data\Symantec

2013-07-28 09:44 - 2005-09-05 12:35 - 00000000 ____D C:\Documents and 

 

Settings\Administrator\Application Data\Sonic

2013-07-28 09:44 - 2005-09-05 12:07 - 00000000 ____D C:\Documents and 

 

Settings\Administrator\Application Data\toshiba

2013-07-28 09:44 - 2005-09-05 12:01 - 00000000 ____D C:\Documents and 

 

Settings\Administrator\WINDOWS

2013-07-28 09:44 - 2005-09-02 15:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local 

 

Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}

2013-07-28 09:43 - 2013-07-28 09:46 - 00000000 ____D C:\Documents and Settings\Administrator

2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty 

 

of Asian and Middle Eastern Studies  General Information  Job Vacancies.mht

2013-07-26 21:05 - 2013-07-28 13:27 - 00000000 ____D C:\Documents and Settings\All Users\Application 

 

Data\Malwarebytes' Anti-Malware (portable)

2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST

2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp

2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe 

 

Acrobat 9 Pro.lnk

2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log

2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$

2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log

2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$

2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log

2013-07-15 17:33 - 2013-07-31 08:54 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\dekstob

2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log

2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log

 

==================== One Month Modified Files and Folders =======

 

2013-08-03 20:15 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware 

 

Scheduled Scan.job

2013-08-03 20:07 - 2005-09-02 15:27 - 01083553 _____ C:\WINDOWS\WindowsUpdate.log

2013-08-03 20:06 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1

 

-5-21-36152136-1858269472-3594936982-1007.job

2013-08-03 20:06 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-08-03 20:06 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-08-03 20:05 - 2013-04-18 20:26 - 00000298 _____ 

 

C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982

 

-1007.job

2013-08-03 20:05 - 2013-04-18 20:15 - 00000276 _____ 

 

C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-

 

1007.job

2013-08-03 20:05 - 2012-04-29 16:20 - 00000882 _____ 

 

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-03 20:05 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-08-03 18:26 - 2005-09-02 15:31 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt

2013-08-03 17:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-

 

5-21-36152136-1858269472-3594936982-1007UA.job

2013-08-03 17:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS

 

-1-5-21-36152136-1858269472-3594936982-1007UA.job

2013-08-03 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS

 

-1-5-21-36152136-1858269472-3594936982-1007Core.job

2013-08-03 17:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player 

 

Updater.job

2013-08-03 17:35 - 2010-07-23 22:46 - 00000886 _____ 

 

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-03 17:25 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini

2013-08-03 17:14 - 2009-07-23 15:39 - 00000420 ____H 

 

C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job

2013-08-03 10:51 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and 

 

Settings\Arif\Desktop\Microsoft Office Word 2003.lnk

2013-08-03 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1

 

-5-21-36152136-1858269472-3594936982-1007Core.job

2013-08-02 11:40 - 2013-04-18 20:26 - 00000306 _____ 

 

C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-

 

3594936982-1007.job

2013-08-02 11:37 - 2013-04-18 20:15 - 00000284 _____ 

 

C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-

 

1007.job

2013-07-31 23:56 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\new research

2013-07-31 23:52 - 2008-06-17 13:17 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\allmb8

2013-07-31 08:54 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\dekstob

2013-07-31 08:35 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\Poems

2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google 

 

Chrome.lnk

2013-07-28 13:27 - 2013-07-26 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application 

 

Data\Malwarebytes' Anti-Malware (portable)

2013-07-28 09:48 - 2013-07-28 09:44 - 00000178 ___SH C:\Documents and 

 

Settings\Administrator\ntuser.ini

2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and 

 

Settings\Administrator\IETldCache

2013-07-28 09:46 - 2013-07-28 09:43 - 00000000 ____D C:\Documents and Settings\Administrator

2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty 

 

of Asian and Middle Eastern Studies  General Information  Job Vacancies.mht

2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST

2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log

2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\indo - iran book bombay

2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif

2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump

2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp

2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ 

 

C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-

 

3594936982-1007.job

2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused 

 

Desktop Shortcuts

2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My 

 

Documents\Shafaq

2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif

2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe 

 

Acrobat 9 Pro.lnk

2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log

2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log

2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$

2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log

2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK

2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log

2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$

2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log

2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log

2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log

2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates

2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer

2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva

2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My 

 

Documents\Bangladesh history of

2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo

 

Files to move or delete:

====================

C:\Documents and Settings\All Users\hash.dat

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Thanks

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.