Jump to content

Waz4liverpool

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Reputation

0 Neutral

About Waz4liverpool

  • Birthday 11/14/1993

Profile Information

  • Location
    Bangladesh
  1. Thanks for your feedback but i think the problem is with my ISP cause i used a different connection and it worked. so i guess thats that.
  2. Hi, I have been unable to to play games or use apps in facebook and other sites. I am able to browse fine, watch videos fine but only when i start playing a flash game/app it says im unble to connect. So i am wondering if it perhaps is due to a malware issue. Heres the HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:09:00 ?.?, on 2013/12/31 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe C:\Program Files\Avro Keyboard\Avro Keyboard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 13095 bytes Thanks!
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01 Ran by Arif (administrator) on 03-08-2013 20:16:00 Running from C:\Documents and Settings\Arif\My Documents\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe () C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe (TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe () C:\Program Files\Hotspot Shield\bin\hsswd.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe (OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe () C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005 -04-11] (ATI Technologies, Inc.) HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] (TOSHIBA) HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [118784 2005-04-11] (TOSHIBA Corporation) HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA) HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0 \Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [] - [x] HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation) HKLM\...\Run: [TPSMain] - C:\Windows\system32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013 -04-05] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] (TOSHIBA) HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] (OmicronLab) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-09] (Google Inc.) HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.) HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.) HKCU\...\Policies\system: [EnableProfileQuota] 1 MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exe MountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exe MountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe MountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exe HKU\Administrator\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04- 11] (TOSHIBA) HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04- 11] (TOSHIBA) HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) Lsa: [Notification Packages] scecli omchomos.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p= {searchTerms} SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90- 8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p= {searchTerms} SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870- 4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32 \dla\tfswshx.dll (Sonic Solutions) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E- 1719D1177202/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a- UNO1/GAME_UNO1.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ipp - No CLSID Value - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1 \MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1 \MSGRAP~1.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 103.15.164.21 Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 103.15.164.22 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ} {google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter} {google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter} client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey= {google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0 CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1 \Temp\cghopidkpepfbblompnklhpbbpanocha.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] () R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.) R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] () R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation) R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA Corp.) R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [241664 2009-07-16] () S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek Semiconductor Corp.) R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, Inc.) R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation) R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] () R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation) R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] () R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI) R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] () S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation) R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc) R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation) R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft Corporation) U3 a4xaete0; C:\Windows\System32\Drivers\a4xaete0.sys [0 ] (Microsoft Corporation) S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google Chrome.lnk 2013-07-29 13:30 - 2013-07-29 13:49 - 00000000 ____D C:\Combofix 2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 09:44 - 2013-07-28 09:48 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-28 09:44 - 2005-09-05 14:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\MSN Search Toolbar 2013-07-28 09:44 - 2005-09-05 14:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec 2013-07-28 09:44 - 2005-09-05 12:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sonic 2013-07-28 09:44 - 2005-09-05 12:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\toshiba 2013-07-28 09:44 - 2005-09-05 12:01 - 00000000 ____D C:\Documents and Settings\Administrator\WINDOWS 2013-07-28 09:44 - 2005-09-02 15:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020} 2013-07-28 09:43 - 2013-07-28 09:46 - 00000000 ____D C:\Documents and Settings\Administrator 2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty of Asian and Middle Eastern Studies General Information Job Vacancies.mht 2013-07-26 21:05 - 2013-07-28 13:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST 2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp 2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk 2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log 2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log 2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-15 17:33 - 2013-07-31 08:54 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob 2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log 2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log ==================== One Month Modified Files and Folders ======= 2013-08-03 20:15 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-08-03 20:07 - 2005-09-02 15:27 - 01083553 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-03 20:06 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1 -5-21-36152136-1858269472-3594936982-1007.job 2013-08-03 20:06 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-03 20:06 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-03 20:05 - 2013-04-18 20:26 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982 -1007.job 2013-08-03 20:05 - 2013-04-18 20:15 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982- 1007.job 2013-08-03 20:05 - 2012-04-29 16:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-03 20:05 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-03 18:26 - 2005-09-02 15:31 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-03 17:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1- 5-21-36152136-1858269472-3594936982-1007UA.job 2013-08-03 17:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS -1-5-21-36152136-1858269472-3594936982-1007UA.job 2013-08-03 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS -1-5-21-36152136-1858269472-3594936982-1007Core.job 2013-08-03 17:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-08-03 17:35 - 2010-07-23 22:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-03 17:25 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini 2013-08-03 17:14 - 2009-07-23 15:39 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job 2013-08-03 10:51 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and Settings\Arif\Desktop\Microsoft Office Word 2003.lnk 2013-08-03 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1 -5-21-36152136-1858269472-3594936982-1007Core.job 2013-08-02 11:40 - 2013-04-18 20:26 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472- 3594936982-1007.job 2013-08-02 11:37 - 2013-04-18 20:15 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982- 1007.job 2013-07-31 23:56 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\new research 2013-07-31 23:52 - 2008-06-17 13:17 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\allmb8 2013-07-31 08:54 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob 2013-07-31 08:35 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Poems 2013-07-31 00:49 - 2013-07-31 00:49 - 00002289 _____ C:\Documents and Settings\Arif\Desktop\Google Chrome.lnk 2013-07-28 13:27 - 2013-07-26 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-28 09:48 - 2013-07-28 09:44 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-28 09:46 - 2013-07-28 09:46 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 09:46 - 2013-07-28 09:43 - 00000000 ____D C:\Documents and Settings\Administrator 2013-07-27 02:17 - 2013-07-27 02:17 - 00052206 _____ C:\Documents and Settings\Arif\Desktop\Faculty of Asian and Middle Eastern Studies General Information Job Vacancies.mht 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST 2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log 2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\indo - iran book bombay 2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif 2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump 2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp 2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472- 3594936982-1007.job 2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts 2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My Documents\Shafaq 2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk 2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log 2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log 2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log 2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log 2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log 2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates 2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva 2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Bangladesh history of 2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo Files to move or delete: ==================== C:\Documents and Settings\All Users\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Thanks
  4. HI, after installing combofix, the pc was acting up so used system restore. Posting new FRST log next.
  5. Well I tried running combofix but after stage 50 there is a blue screen error. Mind you, this computer is quite old and perhaps cant handle combofix!
  6. Okay did it and it worked! Here's the log: Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.28.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode)Internet Explorer 8.0.6001.18702Arif :: YOUR-29A661D26E [administrator] 2013/07/28 09:53:16 ق.ظmbar-log-2013-07-28 (09-53-16).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPKernel memory modifications detected. Deep Anti-Rootkit Scan engaged.Objects scanned: 245235Time elapsed: 3 hour(s), 29 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
  7. Hi, There was a problem with the malwarebyte anti rootkit tool. After the second stage it crashes. I ran it twice and it happened again. In the mbar folder there was only a system-log.txt file which i have attached as asked. system-log.txt Thanks!
  8. And here is the Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2013Ran by Arif at 2013-07-26 20:42:57Running from C:\Documents and Settings\Arif\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe Acrobat 9 Pro (Version: 9.5.5)Adobe Acrobat 9.5.5 - CPSID_83708Adobe Flash Player 10 Plugin (Version: 10.2.152.32)Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)Adobe Reader X (10.1.7) MUI (Version: 10.1.7)Adobe Shockwave Player 11.6 (Version: 11.6.0.626)Any Video Converter 3.2.5Atheros Wireless LAN MiniPCI card DriverATI - Software Uninstall Utility (Version: 6.14.10.1012)ATI Control Panel (Version: 6.14.10.5145)ATI Display Driver (Version: 8.122.1-050411a-023226C-Toshiba)Avro Keyboard 3.1.0 (Version: Avro Keyboard 3.1.0)BufferChm (Version: 53.0.13.000)Canon Camera Access Library (Version: 8.4.0.1)Canon Camera Support Core Library (Version: 7.3.1.6)Canon G.726 WMP-Decoder (Version: 1.1.0.4)CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.5.0.3)Canon Internet Library for ZoomBrowser EX (Version: 1.6.1.6)Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)Canon Utilities CameraWindow (Version: 7.1.0.2)Canon Utilities CameraWindow DC (Version: 7.1.0.7)Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)Canon Utilities EOS Utility (Version: 1.1.0.8)Canon Utilities MyCamera (Version: 6.4.0.5)Canon Utilities MyCamera DC (Version: 7.0.1.8)Canon Utilities PhotoStitch (Version: 3.1.21.45)Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)CCleaner (Version: 4.01)CD/DVD Drive Acoustic Silencer (Version: 1.00.008)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)Critical Update for Windows Media Player 11 (KB959772)CustomerResearchQFolder (Version: 1.00.0000)Destinations (Version: 53.0.13.000)DeviceFunctionQFolder (Version: 1.00.0000)DeviceManagementQFolder (Version: 1.00.0000)DivX Setup (Version: 1.0.2.23)eSupportQFolder (Version: 1.00.0000)Facebook Video Calling 1.2.0.287 (Version: 1.2.287)Football Manager 2009 (Version: 9.0.0.0)Google Chrome (HKCU Version: 28.0.1500.72)Google Toolbar for Internet Explorer (Version: 1.0.0)Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)Google Update Helper (Version: 1.3.21.153)Grameenphone Internet (Version: 13.001.08.05.344)HijackThis 2.0.2 (Version: 2.0.2)Hotspot Shield 2.92 (Version: 2.92)HP Deskjet 3900 series (Version: 5.0)HP Extended Capabilities 5.0 (Version: 5.0)HP Image Zone Express (Version: 1.5.1.29)HP Imaging Device Functions 5.0 (Version: 5.0)HP Software Update (Version: 3.0.5.001)HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)HPDeskjet3900Series (Version: 1.00.0000)HPProductAssistant (Version: 53.0.13.000)Imikimi PluginInterActual PlayerInterVideo WinDVD Creator 2 (Version: 2.0.14.368)InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.475)ISScript (Version: 3.00.185)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Junk Mail filter update (Version: 14.0.8089.726)Macromedia Flash Player (Version: 7.0.19.0)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)MarketResearch (Version: 53.0.13.000)MediaKeyMicrosoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice Guard (Version: 2.0.48.0)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office OneNote 2003 (Version: 11.0.8173.0)Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Works (Version: 08.04.0623)MSNMSN Search Toolbar (Version: 02.05.0000.1082)MSVCRT (Version: 14.0.1468.721)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Need For Speed Hot Pursuit 2neroxml (Version: 1.0.0)PC Connectivity Solution (Version: 8.15.0.0)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)Realtek AC'97 AudioREALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.60)RealUpgrade 1.1 (Version: 1.1.0)Recuva (Version: 1.43)SA30xx Device Manager (Version: 1.2.0.1100)SA30xx Media Converter (Version: 1.1.5.1007)SAMSUNG CDMA Modem Driver SetSAMSUNG Mobile Composite Device SoftwareSamsung Mobile Modem Device SoftwareSAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver SoftwareSAMSUNG Mobile USB Modem ^^SAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSamsung New PC Studio (Version: 1.00.0000)Samsung PC Studio (Version: 3.0.0.60404)Samsung PC Studio 3 (Version: 3.0.0.80104)Samsung PC Studio 3 (Version: 3.2.3.90502)Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000)Samsung Samples Installer (Version: 1.00.0000)SAMSUNG USB Mobile Device SoftwareSamsungConnectivityCableDriver (Version: 6.83.6.2.1)Segoe UI (Version: 14.0.4327.805)SolutionCenter (Version: 50.0.152.000)Sonic DLA (Version: 4.98)Sonic RecordNow! (Version: 7.31)Status (Version: 53.0.13.000)swMSM (Version: 12.0.0.1)Synaptics Pointing Device Driver (Version: 7.12.4.0)T-Mobile Mobile Broadband Manager (Version: 1.0.0.2)T-Mobile PC Suite V6.3.16TOSHIBA AssistTOSHIBA ConfigFree (Version: 5.50.12)TOSHIBA Hotkey Utility (Version: 1.00.03KA)TOSHIBA Manuals (Version: 7.01)TOSHIBA PC Diagnostic ToolTOSHIBA Power Saver (Version: 7.03.06.I)TOSHIBA Software Modem (Version: 2.1.51 (SM2151ALD05))TOSHIBA TouchPad ON/Off Utility (Version: 1.00.03KA)TOSHIBA Utilities (Version: 1.00.06KA)TOSHIBA Virtual SoundTOSHIBA Zooming UtilityTouch and LaunchTrayApp (Version: 53.0.13.000)Unlocker 1.9.0 (Version: 1.9.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)Update for Windows Internet Explorer 8 (KB972636) (Version: 1)Update for Windows Internet Explorer 8 (KB976662) (Version: 1)Update for Windows Internet Explorer 8 (KB976749) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2492386) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2641690) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB951072-v2) (Version: 2)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB955839) (Version: 1)Update for Windows XP (KB961503) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB971737) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)VLC media player 2.0.6 (Version: 2.0.6)WebFldrs XP (Version: 9.50.7523)WebReg (Version: 53.0.13.000)Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7 (Version: 20070813.185237)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Live Call (Version: 14.0.8064.0206)Windows Live Communications Platform (Version: 14.0.8098.930)Windows Live Essentials (Version: 14.0.8089.0726)Windows Live Essentials (Version: 14.0.8089.726)Windows Live Mail (Version: 14.0.8089.0726)Windows Live Messenger (Version: 14.0.8089.0726)Windows Live OneCare safety scannerWindows Live Sign-in Assistant (Version: 5.000.818.5)Windows Live Upload Tool (Version: 14.0.8014.1029)Windows Media Format 11 runtimeWindows XP Service Pack 3 (Version: 20080414.031525)Yahoo! Search ProtectionYahoo! Software Update ==================== Restore Points ========================= 04-05-2013 12:34:12 Current04-05-2013 12:34:20 Software Distribution Service 3.004-05-2013 12:34:25 Software Distribution Service 3.004-05-2013 12:34:29 Software Distribution Service 3.010-06-2013 10:47:27 Software Distribution Service 3.010-06-2013 10:47:27 Software Distribution Service 3.010-06-2013 10:47:27 System Checkpoint10-06-2013 10:47:26 Software Distribution Service 3.010-06-2013 10:47:26 System Checkpoint10-06-2013 10:47:26 System Checkpoint10-06-2013 10:47:25 System Checkpoint10-06-2013 10:47:25 Software Distribution Service 3.010-06-2013 10:47:25 Software Distribution Service 3.010-06-2013 10:47:24 System Checkpoint10-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:23 Software Distribution Service 3.010-06-2013 10:47:22 Software Distribution Service 3.010-06-2013 10:47:22 Software Distribution Service 3.010-06-2013 10:47:21 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 System Checkpoint10-06-2013 10:47:20 Software Distribution Service 3.010-06-2013 10:47:20 Software Distribution Service 3.009-06-2013 12:37:33 Software Distribution Service 3.010-06-2013 17:21:32 Software Distribution Service 3.013-06-2013 01:20:37 Software Distribution Service 3.019-06-2013 06:06:45 Software Distribution Service 3.019-06-2013 06:27:15 Software Distribution Service 3.021-06-2013 02:51:20 Software Distribution Service 3.021-06-2013 16:07:39 Software Distribution Service 3.022-06-2013 07:45:17 Software Distribution Service 3.022-06-2013 08:50:26 Removed Java 7 Update 2122-06-2013 08:51:15 Installed Java 7 Update 2524-06-2013 12:32:50 Software Distribution Service 3.011-07-2013 23:03:14 System Checkpoint14-07-2013 05:41:26 Software Distribution Service 3.014-07-2013 05:54:06 Software Distribution Service 3.014-07-2013 18:19:47 Software Distribution Service 3.014-07-2013 18:46:46 Software Distribution Service 3.015-07-2013 12:06:58 Software Distribution Service 3.016-07-2013 03:34:01 Software Distribution Service 3.016-07-2013 06:58:08 Software Distribution Service 3.016-07-2013 07:08:23 Software Distribution Service 3.017-07-2013 18:41:03 Software Distribution Service 3.018-07-2013 12:37:48 Software Distribution Service 3.018-07-2013 13:38:05 Software Distribution Service 3.019-07-2013 13:50:48 Software Distribution Service 3.021-07-2013 04:09:21 Software Distribution Service 3.021-07-2013 11:50:07 Software Distribution Service 3.022-07-2013 18:23:22 Software Distribution Service 3.023-07-2013 12:45:15 Software Distribution Service 3.024-07-2013 12:21:50 Software Distribution Service 3.025-07-2013 14:04:46 Software Distribution Service 3.026-07-2013 08:24:27 Software Distribution Service 3.026-07-2013 11:40:09 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2005-09-02 14:13 - 2004-08-04 18:00 - 00000709 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job => C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\system32\OOBE\oobebaln.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/26/2013 08:37:14 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80072ee7. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7 Error: (07/26/2013 06:01:05 PM) (Source: Application Error) (User: )Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wzcsvc.dll, version 5.1.2600.5512, fault address 0x0002d3ae.Processing media-specific event for [svchost.exe!ws!] Error: (07/25/2013 07:55:58 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. Error: (07/25/2013 07:55:52 PM) (Source: Application Hang) (User: )Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/24/2013 11:37:07 AM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/23/2013 02:37:16 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/22/2013 02:37:32 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/21/2013 02:37:17 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/20/2013 02:37:26 PM) (Source: Google Update) (User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/18/2013 07:15:43 PM) (Source: Application Hang) (User: )Description: Fault bucket 1180947459. System errors:=============Error: (07/26/2013 08:26:41 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (07/26/2013 05:43:45 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/25/2013 04:45:27 PM) (Source: DCOM) (User: YOUR-29A661D26E)Description: The server {022105BD-948A-40C9-AB42-A3300DDF097F} did not register with DCOM within the required timeout. Error: (07/25/2013 08:29:39 AM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.75 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 08:26:23 PM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.27 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 06:25:45 PM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/24/2013 04:48:03 PM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.35 on theNetwork Card with network address 00A0D12A9B91. Error: (07/24/2013 02:13:31 AM) (Source: 0) (User: )Description: \Device\Harddisk0\D Error: (07/24/2013 00:12:24 AM) (Source: Dhcp) (User: )Description: Your computer has lost the lease to its IP address 172.16.93.60 on theNetwork Card with network address 00A0D12A9B91. Error: (07/23/2013 03:33:40 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. Microsoft Office Sessions:=========================Error: (07/26/2013 08:37:14 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80072ee7. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying WinHTTP.Send request returned 0x80072ee7. Http status code 0.trying CUP:iexplore.Send request returned 0x80004005. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80072ee7 Error: (07/26/2013 06:01:05 PM) (Source: Application Error)(User: )Description: svchost.exe5.1.2600.5512wzcsvc.dll5.1.2600.55120002d3ae Error: (07/25/2013 07:55:58 PM) (Source: Application Hang)(User: )Description: 1180947459 Error: (07/25/2013 07:55:52 PM) (Source: Application Hang)(User: )Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (07/24/2013 11:37:07 AM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/23/2013 02:37:16 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/22/2013 02:37:32 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/21/2013 02:37:17 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/20/2013 02:37:26 PM) (Source: Google Update)(User: YOUR-29A661D26E)Description: Network Request Error.Error: 0x80040801. Http status code: 0.Url=https://www.facebook.com/omaha/update.phpTrying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=IE, direct connection.trying CUP:WinHTTP.Send request returned 0x80040801. Http status code 0.trying WinHTTP.Send request returned 0x80040801. Http status code 0.trying CUP:iexplore.Send request returned 0x80040801. Http status code 0.Trying config: source=auto, wpad=1, script=.trying CUP:WinHTTP.Send request returned 0x80040801 Error: (07/18/2013 07:15:43 PM) (Source: Application Hang)(User: )Description: 1180947459 ==================== Memory info =========================== Percentage of memory in use: 44%Total physical RAM: 958.23 MBAvailable physical RAM: 527.11 MBTotal Pagefile: 2315.11 MBAvailable Pagefile: 1996.57 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1938.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.89 GB) (Free:10.17 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 56 GB) (Disk ID: F269E16D)Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Downloading Malwarebytes anti rootkit now, will post soon.Thanks!
  9. Hi again, Here is the FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013Ran by Arif (administrator) on 26-07-2013 20:41:33Running from C:\Documents and Settings\Arif\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe() C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe() C:\Program Files\Hotspot Shield\bin\hsswd.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe() C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe(TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe(OmicronLab) C:\Program Files\Avro Keyboard\Avro Keyboard.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-04-11] (ATI Technologies, Inc.)HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [339968 2005-04-25] (TOSHIBA)HKLM\...\Run: [Tvs] - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [73728 2005-04-05] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [118784 2005-04-11] (TOSHIBA Corporation)HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077327 2004-11-17] (TOSHIBA)HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [] - [x]HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [TPSMain] - C:\Windows\System32\TPSMain.exe [266240 2005-01-21] (TOSHIBA Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2013-04-20] (RealNetworks, Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-11] (TOSHIBA)HKCU\...\Run: [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe [1773568 2006-02-21] (OmicronLab)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-04-09] (Google Inc.)HKCU\...\Run: [Google Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-07-23] (Google Inc.)HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-25] (Facebook Inc.)HKCU\...\Policies\system: [EnableProfileQuota] 1MountPoints2: {1ef80836-6c0c-11e0-a7e7-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {25363094-9801-11e0-a883-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {4090a784-9806-11e0-a885-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {4fa7c8be-f075-11dd-a82d-00a0d12a9b91} - I:\laucher.exeMountPoints2: {911c1754-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {911c1756-9808-11e0-a886-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d3-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d6-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {b712c0d8-7c49-11e0-a835-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {ee57da36-3d2d-11e2-aa95-00a0d12a9b91} - F:\Data\setup.exeMountPoints2: {ee90bffa-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exeMountPoints2: {ee90bffd-6a6a-11e0-a7e0-00a0d12a9b91} - F:\AutoRun.exeHKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2005-04-11] (TOSHIBA)HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)Lsa: [Notification Packages] scecli omchomos.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comURLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No FileSearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {AF990B71-13E6-459F-9B61-15237CC10D95} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm073^YY^bd&si=pconverter&ptb=8C8CDC7C-6260-4119-9F90-8EE934F5D131&ind=2013062022&n=77fce386&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - {FB4261CE-DE74-4F17-AEC6-4E42DA8130F5} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileToolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileToolbar: HKCU -MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll (Microsoft Corporation)Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cabDPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.cortona3d.com/bin/cortvrml.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeDPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: ipp - No CLSID Value - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msdaipp - No CLSID Value - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Tcpip\..\Interfaces\{E5034589-69F6-448F-9EB0-63BA2F34919F}: [NameServer]103.15.164.21 103.15.164.22 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No FileCHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No FileCHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No FileCHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No FileCHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CHR Plugin: (Google Update) - C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No FileCHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Entanglement) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0CHR Extension: (YouTube Downloader) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0CHR Extension: (Poppit) - C:\DOCUME~1\Arif\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0CHR HKLM\...\Chrome\Extension: [cghopidkpepfbblompnklhpbbpanocha] - C:\DOCUME~1\Arif\LOCALS~1\Temp\cghopidkpepfbblompnklhpbbpanocha.crxCHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crxCHR StartMenuInternet: Google Chrome - "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" ========================== Services (Whitelisted) ================= R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-05-08] ()R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [564008 2013-04-18] (AnchorFree Inc.)R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [454952 2013-04-18] (AnchorFree Inc.)S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-18] ()R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-18] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34816 2005-04-25] (TOSHIBA Corp.)R2 UI Assistant Service; C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [241664 2009-07-16] ()S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2314560 2005-03-26] (Realtek Semiconductor Corp.)R3 AR5211; C:\Windows\System32\DRIVERS\SHP5211.sys [488992 2006-03-22] (Atheros Communications, Inc.)R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-04-12] (ATI Technologies Inc.)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions)R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [83968 2004-07-09] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-30] (TOSHIBA Corporation.)R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)R3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-03] (Realtek Semiconductor Corporation )S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [10880 2004-07-09] (Microsoft Corporation)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-21] ()R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions)S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [8336 2005-08-30] (MCCI)S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [94000 2005-08-30] (MCCI)R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions)R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-16] ()S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [14976 2004-07-09] (Microsoft Corporation)R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions)R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions)R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions)R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions)R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions)R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions)R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions)R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions)R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions)R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [4992 2005-03-15] (Toshiba Corporation)R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [29056 2005-04-15] (TOSHIBA Corporation)S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [18688 2004-07-09] (Microsoft Corporation)U3 afqr7qic; C:\Windows\System32\Drivers\afqr7qic.sys [0 ] (Microsoft Corporation)S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST2013-07-18 20:42 - 2013-07-18 20:41 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp2013-07-18 19:38 - 2013-07-18 19:43 - 00000000 ____D C:\WINDOWS\system32\MRT2013-07-16 10:53 - 2013-07-16 10:54 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk2013-07-16 10:20 - 2013-07-16 10:21 - 00012142 _____ C:\WINDOWS\KB2834904.log2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$2013-07-16 10:14 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-07-16 09:41 - 2013-07-16 09:54 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log2013-07-15 17:33 - 2013-07-18 13:08 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob2013-07-14 23:16 - 2013-07-16 10:15 - 00137686 _____ C:\WINDOWS\KB2845187.log2013-07-14 22:52 - 2013-07-16 10:16 - 00140018 _____ C:\WINDOWS\KB2850851.log ==================== One Month Modified Files and Folders ======= 2013-07-26 20:42 - 2013-02-28 21:46 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\FRST2013-07-26 20:39 - 2009-07-23 15:39 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{50E60FEF-33EF-4CD1-A83F-C60CDEE3E24C}.job2013-07-26 20:37 - 2012-11-25 17:32 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job2013-07-26 20:35 - 2013-04-18 16:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2013-07-26 20:35 - 2010-07-23 22:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-07-26 20:34 - 2005-09-02 15:27 - 01410518 _____ C:\WINDOWS\WindowsUpdate.log2013-07-26 20:33 - 2013-04-18 20:26 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:33 - 2013-04-18 20:15 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:33 - 2012-04-29 16:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-07-26 20:33 - 2010-08-17 02:52 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 20:32 - 2005-09-02 16:23 - 00000159 _____ C:\WINDOWS\wiadebug.log2013-07-26 20:32 - 2005-09-02 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log2013-07-26 20:31 - 2005-09-02 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-07-26 20:30 - 2006-03-17 17:26 - 00000278 ___SH C:\Documents and Settings\Arif\ntuser.ini2013-07-26 20:30 - 2005-09-02 15:31 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt2013-07-26 20:21 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif\desktop2013-07-26 19:56 - 2006-03-17 23:52 - 00002497 _____ C:\Documents and Settings\Arif\Desktop\Microsoft Office Word 2003.lnk2013-07-26 19:44 - 2010-07-24 20:21 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007UA.job2013-07-26 17:37 - 2012-11-25 17:32 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job2013-07-26 16:21 - 2007-08-11 17:04 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Poems2013-07-26 11:40 - 2013-04-18 20:26 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-26 11:37 - 2013-04-18 20:15 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-25 20:14 - 2013-05-21 09:25 - 00022230 _____ C:\WINDOWS\setupapi.log2013-07-24 23:44 - 2013-06-04 14:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\indo - iran book bombay2013-07-22 03:07 - 2006-03-17 17:26 - 00000000 ____D C:\Documents and Settings\Arif2013-07-18 20:42 - 2006-10-03 22:04 - 00000000 ____D C:\WINDOWS\Minidump2013-07-18 20:41 - 2013-07-18 20:42 - 00114688 _____ C:\WINDOWS\Minidump\Mini071813-01.dmp2013-07-18 19:43 - 2013-07-18 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT2013-07-18 13:08 - 2013-07-15 17:33 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\dekstob2013-07-18 04:46 - 2005-09-02 15:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-07-17 17:08 - 2013-04-18 17:08 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-36152136-1858269472-3594936982-1007.job2013-07-16 15:41 - 2006-04-20 16:31 - 00000000 ____D C:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts2013-07-16 15:04 - 2008-02-11 08:32 - 00000000 ___RD C:\Documents and Settings\Arif\My Documents\Shafaq2013-07-16 13:00 - 2011-08-25 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-16 13:00 - 2011-04-23 20:19 - 00001945 _____ C:\WINDOWS\epplauncher.mif2013-07-16 10:54 - 2013-07-16 10:53 - 00002311 _____ C:\Documents and Settings\Arif\Desktop\Adobe Acrobat 9 Pro.lnk2013-07-16 10:49 - 2005-09-02 16:19 - 00731608 _____ C:\WINDOWS\system32\FNTCACHE.DAT2013-07-16 10:21 - 2013-07-16 10:20 - 00012142 _____ C:\WINDOWS\KB2834904.log2013-07-16 10:21 - 2013-05-21 09:25 - 00068013 _____ C:\WINDOWS\FaxSetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00032516 _____ C:\WINDOWS\ocgen.log2013-07-16 10:21 - 2013-05-21 09:25 - 00025949 _____ C:\WINDOWS\tsoc.log2013-07-16 10:21 - 2013-05-21 09:25 - 00022664 _____ C:\WINDOWS\comsetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00013749 _____ C:\WINDOWS\ntdtcsetup.log2013-07-16 10:21 - 2013-05-21 09:25 - 00010798 _____ C:\WINDOWS\iis6.log2013-07-16 10:21 - 2013-05-21 09:25 - 00003762 _____ C:\WINDOWS\ocmsn.log2013-07-16 10:21 - 2013-05-21 09:25 - 00003399 _____ C:\WINDOWS\msgsocm.log2013-07-16 10:21 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.log2013-07-16 10:20 - 2013-07-16 10:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$2013-07-16 10:18 - 2013-07-16 10:18 - 00012169 _____ C:\WINDOWS\KB2834886.log2013-07-16 10:18 - 2013-07-16 10:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$2013-07-16 10:18 - 2013-05-21 09:25 - 00001374 _____ C:\WINDOWS\imsins.BAK2013-07-16 10:16 - 2013-07-14 22:52 - 00140018 _____ C:\WINDOWS\KB2850851.log2013-07-16 10:15 - 2013-07-16 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$2013-07-16 10:15 - 2013-07-16 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$2013-07-16 10:15 - 2013-07-14 23:16 - 00137686 _____ C:\WINDOWS\KB2845187.log2013-07-16 10:12 - 2005-09-02 16:20 - 00507034 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-07-16 09:54 - 2013-07-16 09:41 - 00013885 _____ C:\WINDOWS\KB2846071-IE8.log2013-07-16 09:53 - 2013-05-21 09:32 - 00009048 _____ C:\WINDOWS\updspapi.log2013-07-16 09:51 - 2009-07-23 01:19 - 00000000 ____D C:\WINDOWS\ie8updates2013-07-16 09:44 - 2010-07-24 20:21 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-36152136-1858269472-3594936982-1007Core.job2013-07-15 17:23 - 2009-03-14 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-15 00:48 - 2009-07-14 01:02 - 00000000 ____D C:\WINDOWS\system32\XPSViewer2013-07-14 23:09 - 2012-08-19 14:31 - 00000000 ____D C:\Program Files\Recuva2013-07-13 04:00 - 2011-08-16 03:02 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\new research2013-07-13 00:18 - 2013-05-28 21:56 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\Bangladesh history of2013-07-13 00:16 - 2011-07-21 08:40 - 00000000 ____D C:\Documents and Settings\Arif\My Documents\ngo2013-07-03 13:21 - 2005-09-02 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Desktop2013-07-02 16:08 - 2005-09-02 14:13 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  10. Hi Psychotic, thans for your assistance. Unfortunately DDS runs for over 10 mins and then crashes. GMER (even the randomized one) causes a blue screen error whenever i run it. Something must be wrong right? thanks
  11. Hello, I recently plugged in my usb drive into my computer and suddenly found my files on the usb to have changed: the folders turned to shortcuts and the files turned unreadable. I scanned and removed what was found and thought thats that. Then today i plugged in another usb saved some files and removed it, i realized i forgot one file and so plugged it back in and somehow the files got corrupted again! So i figured my computer might also be infected. Here's the hijackthis log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 03:41:02 ?.?, on 2013/07/16Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Real\RealPlayer\update\realsched.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeC:\Program Files\Avro Keyboard\Avro Keyboard.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\FsUsbExService.ExeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%sR3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllO2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E5034589-69F6-448F-9EB0-63BA2F34919F}: NameServer = 103.15.164.21 8.8.8.8O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.ExeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exeO23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeO23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXEO23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeO23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe --End of file - 13653 bytes I also tried to use bit defender's immuniser on the 1st infected usb and it could do it giving me this log: [16-7-2013 15:3] Immunizer started[16-7-2013 15:3] BDMetrics Loaded Successfully[16-7-2013 15:3] Config loaded successfully[16-7-2013 15:3] Current Number of Immunized Devices = 1[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize1.dir.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize2.dir.[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf.[16-7-2013 15:3] Could not lock Fat32 volume: F: ,error = 0x5[16-7-2013 15:3] Could not unlock Fat32 volume: F: ,error = 0x9E[16-7-2013 15:3] Could not immunize drive F: Thanks for taking the time to read this, any help will be appreciated.
  12. Thank you very much Mr C for restoring my pc back to good health. In future I will definitely be more than happy to receive your help again!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.