Jump to content

Mahmoud_K

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks So Much For the Help ... Really Appreciate it

  2. Thanks MrC So Much For your help i appreciate it .. I updated the avast the new version has a software updater which updated all those .. i installed the new windows updates .. removed Combofix and all others .. i`ll try to be extra extra careful next time Again thanks for the help and this amazing site. One Last Question is my system safe now to make financial transactions ... as i stopped all my transactions since i got infected.?
  3. <p>Hey MrC here are the Logs,</p> <p> </p> <p><strong>AdwCleaner :</strong></p> <p> </p> <p> </p> <div># AdwCleaner v2.113 - Logfile created 03/03/2013 at 18:18:06</div> <div># Updated 23/02/2013 by Xplode</div> <div># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)</div> <div># User : MaHMooD - MAHMOOD-PC</div> <div># Boot Mode : Normal</div> <div># Running from : C:\Users\MaHMooD\Desktop\adwcleaner.exe</div> <div># Option [Delete]</div> <div> </div> <div> </div> <div>***** [services] *****</div> <div> </div> <div> </div> <div>***** [Files / Folders] *****</div> <div> </div> <div>File Deleted : C:\user.js</div> <div>Folder Deleted : C:\ProgramData\APN</div> <div>Folder Deleted : C:\ProgramData\Partner</div> <div>Folder Deleted : C:\Users\MaHMooD\AppData\Local\APN</div> <div>Folder Deleted : C:\Users\MaHMooD\AppData\Roaming\OpenCandy</div> <div> </div> <div>***** [Registry] *****</div> <div> </div> <div>Key Deleted : HKCU\Software\Softonic</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}</div> <div>Key Deleted : HKLM\SOFTWARE\Software</div> <div> </div> <div>***** [internet Browsers] *****</div> <div> </div> <div>-\\ Internet Explorer v9.0.8112.16455</div> <div> </div> <div>[OK] Registry is clean.</div> <div> </div> <div>-\\ Google Chrome v25.0.1364.97</div> <div> </div> <div>File : C:\Users\MaHMooD\AppData\Local\Google\Chrome\User Data\Default\Preferences</div> <div> </div> <div>[OK] File is clean.</div> <div> </div> <div>*************************</div> <div> </div> <div>AdwCleaner[R1].txt - [1405 octets] - [03/03/2013 04:21:23]</div> <div>AdwCleaner[R2].txt - [1465 octets] - [03/03/2013 18:17:47]</div> <div>AdwCleaner[s1].txt - [1418 octets] - [03/03/2013 18:18:06]</div> <div> </div> <div>########## EOF - C:\AdwCleaner[s1].txt - [1478 octets] ##########</div> <div> </div> <div><strong>Security Check:</strong></div> <div> </div> <div> Results of screen317's Security Check version 0.99.60 </div> <div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div>avast! Internet Security </div> <div> Antivirus up to date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Java 6 Update 39 </div> <div> Java 7 Update 7 </div> <div> Java version out of Date! </div> <div> Adobe Reader 10.1.6 Adobe Reader out of Date! </div> <div> Google Chrome 24.0.1312.57 </div> <div> Google Chrome 25.0.1364.97 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> TOSHIBA TOSHIBA Online Product Information TOPI.exe </div> <div> AVAST Software Avast AvastSvc.exe </div> <div> AVAST Software Avast AvastUI.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 1% </div> <div>````````````````````End of Log`````````````````````` </div> <div> </div> <div> </div>
  4. Here is the Log File Contents # AdwCleaner v2.113 - Logfile created 03/03/2013 at 04:21:23 # Updated 23/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : MaHMooD - MAHMOOD-PC # Boot Mode : Normal # Running from : C:\Users\MaHMooD\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\user.js Folder Found : C:\ProgramData\APN Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\MaHMooD\AppData\Local\APN Folder Found : C:\Users\MaHMooD\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\MaHMooD\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1278 octets] - [03/03/2013 04:21:23] ########## EOF - C:\AdwCleaner[R1].txt - [1338 octets] ########## And i looked at the log nothing important that i need to keep
  5. Combofix finished, Widnows update and firewall are working fine now .. ComboFix.txt
  6. Hello MrC, Thanks For your Reply, I Followed the Steps above.. you can find the files attached there are two mbar log files first scan and second scan after cleanup the second scan did not show any threats. Internet access Ok Windows Update : Automatic Update Seems Fine but the check updates service is down and says need to restart to work, tried that still not working. Windows Firewall : Gives me an error when i try to turn it on or change any settings i took a screen shot you can find it in the attachments. Again thanks so much for your help. system-log.txt mbar-log-2013-03-02 (23-15-34).txt mbar-log-2013-03-02 (23-41-42).txt
  7. Hey guys, i have a Malware don`t know where i got it .. as i have avast internet security .. anyways .. i read a post here earlier regarding zeroaccess and i`m following the steps there i downloaded RogueKiller and made a scan .. and here is the log. DDS LOG DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2 Run by MaHMooD at 21:59:31 on 2013-03-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.4004.1718 [GMT 3:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe C:\windows\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\windows\system32\svchost.exe -k iissvcs C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Athan] C:\Program Files (x86)\Athan\Athan.exe mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" mRunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\MaHMooD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{638B952C-FF54-4F24-9311-C8DD2CE67F73} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{8ECAFFA1-82F2-4649-8835-FFE82EDC5737} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293} : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293}\26162715 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293}\2616271535748414 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293}\44F647025676970747 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293}\54C4351495544413 : DHCPNameServer = 192.168.100.1 198.41.0.4 TCP: Interfaces\{97A8ECA4-5404-4526-8849-335695CFD293}\B4F6572716 : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-12-23 22664] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-23 1025880] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-23 377992] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-4-1 283200] R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\windows\System32\drivers\hssdrv6.sys [2013-2-12 42184] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-12-23 33472] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-23 80888] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-7 44808] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-2-13 536360] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-2-13 389928] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-2-6 1809920] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-4-11 204304] R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-4-8 624856] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-8 2849120] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-6 2656280] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384] R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248] R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264] R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2010-10-18 42096] R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-2-6 20592] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-6 38096] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-1-5 42328] R3 teamviewervpn;TeamViewer VPN Adapter;C:\windows\System32\drivers\teamviewervpn.sys [2012-11-8 35112] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-6 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-2 65408] S0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-2 177672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2013-1-23 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2012-9-25 36928] S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2010-1-19 55184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-6 247400] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 VBoxUSB;VirtualBox USB;C:\windows\System32\drivers\VBoxUSB.sys [2012-10-26 105816] S3 vpcuxd;USB Virtualization Stub Service;C:\windows\System32\drivers\vpcuxd.sys [2012-5-3 16384] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2011-12-16 14464] S3 WMSVC;Web Management Service;C:\windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-03-02 18:09:10 -------- d-----w- C:\_OTL 2013-03-02 13:49:17 65408 ----a-w- C:\windows\System32\drivers\aswRvrt.sys 2013-03-02 13:49:17 177672 ----a-w- C:\windows\System32\drivers\aswVmm.sys 2013-02-24 18:35:02 -------- d-----w- C:\Program Files (x86)\VIO Player 2013-02-24 18:32:21 -------- d-----w- C:\ProgramData\APN 2013-02-15 19:49:20 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll 2013-02-15 19:49:19 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2013-02-15 19:49:19 126312 ----a-w- C:\windows\System32\GEARAspi64.dll 2013-02-15 19:47:37 -------- d-----w- C:\Program Files\iPod 2013-02-15 19:47:35 -------- d-----w- C:\Program Files\iTunes 2013-02-15 19:47:35 -------- d-----w- C:\Program Files (x86)\iTunes 2013-02-15 19:43:50 -------- d-----w- C:\Program Files\Bonjour 2013-02-12 20:51:52 42184 ----a-w- C:\windows\System32\drivers\hssdrv6.sys 2013-02-06 19:49:42 -------- d-----w- C:\Users\MaHMooD\AppData\Roaming\DVD Flick 2013-02-06 19:48:52 609824 ----a-w- C:\windows\SysWow64\comctl32.ocx 2013-02-06 19:48:52 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll 2013-02-06 19:48:52 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx 2013-02-06 19:48:52 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx 2013-02-06 19:48:52 164144 ----a-w- C:\windows\SysWow64\comct232.ocx 2013-02-06 19:48:36 -------- d-----w- C:\Program Files (x86)\DVD Flick . ==================== Find3M ==================== . 2013-02-28 19:22:08 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-28 19:22:08 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-02-28 08:36:33 71064 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2013-02-28 08:36:33 1025880 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2013-02-28 08:36:32 80888 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2013-02-28 08:36:32 22664 ----a-w- C:\windows\System32\drivers\aswKbd.sys 2013-02-28 08:36:07 41664 ----a-w- C:\windows\avastSS.scr 2013-01-05 03:48:36 42328 ----a-w- C:\windows\System32\drivers\taphss6.sys . ============= FINISH: 22:00:40.08 =============== Attach.txt LOG . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30-Mar-12 11:23:59 PM System Uptime: 01-Mar-13 6:40:12 AM (40 hours ago) . Motherboard: TOSHIBA | | PWWHA Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 110 GiB total, 5.28 GiB free. D: is CDROM () E: is FIXED (NTFS) - 342 GiB total, 94.765 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0002 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0002 Service: VBoxNetAdp . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة بريد Windows Live AC3Filter 2.5b Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.5) MUI Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Application Support Apple Mobile Device Support Apple Software Update Athan Basic 4.2 Atheros Bluetooth Filter Driver Package Atheros Driver Installation Program Audacity 2.0 avast! Internet Security Bejeweled 2 Deluxe Bejeweled 3 BitComet 1.32 Bluetooth Stack for Windows by Toshiba Bonjour Caesar 3 Chicken Invaders 3 - Revenge of the Yolk Chuzzle Deluxe Contrôle ActiveX Windows Live Mesh pour connexions à distance Controlo ActiveX do Windows Live Mesh para Ligaç?es Remotas CoolPack Crystal Reports for Visual Studio D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dotfuscator Software Services - Community Edition DVD Flick 1.3.0.7 Easy Drive Data Recovery Easy GIF Animator 5.3 FATE Final Drive: Nitro Galeria de Fotografias do Windows Live Galerie de photos Windows Live Google Chrome Google Update Helper Graboid Video 3.41 Graboid Video 3.41 Setup High-Definition Video Playback Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054) Hotspot Shield 2.87 Insaniquarium Deluxe InstallShield 2012 Spring Limited Edition Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IPTInstaller iTunes Java 7 Update 7 Java Auto Updater Java SE Development Kit 7 Update 4 (64-bit) Java 6 Update 31 (64-bit) Java 6 Update 33 Java 7 Update 4 (64-bit) JavaFX 2.1.0 (64-bit) JavaFX 2.1.0 SDK (64-bit) Junk Mail filter update K-Lite Codec Pack 8.9.2 (Full) Mark of the Ninja Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Access database engine 2010 (English) Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Help Viewer 1.0 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 IntelliTrace Collection (x64) Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Performance Collection Tools - ENU Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Visual Studio Macro Tools MP3jam 1.0.0.0 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MySQL Connector/ODBC 3.51 Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero Kwik Media Nero Multimedia Suite 10 Essentials Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update NeroKwikMedia Help (CHM) Nitro Reader 2 Notepad++ OpenOffice.org 3.3 Oracle VM VirtualBox 4.2.4 Pandora Service PC Connectivity Solution PDF Settings Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader SAP Crystal Reports, version for Visual Studio 2010 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489) Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) Skype™ 6.1 Slingo Deluxe Sniper Elite: Berlin 1945 Sql Server Customer Experience Improvement Program Synaptics Pointing Device Driver TeamViewer 7 The KMPlayer (remove only) TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Installer for WildTangent Games App Utility Common Driver Uzak Ba?lant?lar ?çin Windows Live Mesh ActiveX Denetimi VIO Player version 1.0.1 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.1 VST Bridge 1.1 WD Drive Utilities WD Security WD SES Driver Setup WD SmartWare Web Deployment Tool Wedding Dash 2 - Rings Around the World WildTangent Games WildTangent Games App (Toshiba Games) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Foto?raf Galerisi Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (64-bit) Zuma Deluxe معرض صور Windows Live . ==== Event Viewer Messages From Past Week ======== . 28-Feb-13 1:46:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 27-Feb-13 5:36:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service. 27-Feb-13 10:52:56 PM, Error: Service Control Manager [7001] - The WDFME service depends on the WDRules service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 27-Feb-13 10:52:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WDRules service to connect. 27-Feb-13 10:52:53 PM, Error: Service Control Manager [7000] - The WDRules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 27-Feb-13 10:52:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff900c3e94000, 0x0000000000000001, 0xfffff960000b23b4, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022713-53040-01. 27-Feb-13 10:51:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 27-Feb-13 10:51:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 27-Feb-13 10:51:40 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 27-Feb-13 10:51:37 PM, Error: EventLog [6008] - The previous system shutdown at 10:49:07 م on ‏27/‏02/‏2013 was unexpected. 25-Feb-13 1:38:28 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-24-D6-7A-68-52. Network operations on this system may be disrupted as a result. 02-Mar-13 8:30:01 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 02-Mar-13 8:30:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 02-Mar-13 8:29:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer7 service. 02-Mar-13 8:29:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 02-Mar-13 6:31:30 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 02-Mar-13 5:57:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 02-Mar-13 12:01:22 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 1C-B0-94-B3-84-60. Network operations on this system may be disrupted as a result. 01-Mar-13 10:07:11 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 01-Mar-13 10:06:59 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 01-Mar-13 10:06:51 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. . ==== End Of File =========================== RogueKiller LOG RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MaHMooD [Admin rights] Mode : Scan -- Date : 03/02/2013 21:37:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND [susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe [-] --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++ --- User --- [MBR] 9635bdefa5d76b496f08607e58c4beb3 [bSP] c1bab54c5f69f6f9777100e87eaf85a8 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112743 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 233971712 | Size: 350001 Mo 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 950773760 | Size: 12695 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03022013_02d2137.txt >> RKreport[1]_S_03022013_02d2137.txt didn`t want to continue until i get a professional opinion .. to know if i continue with the fix or do another steps.
  8. Sorry i Opened the Wrong Section ... i`ll post it in the malware removal section
  9. Hey guys, i have a Malware don`t know where i got it .. as i have avast internet security .. anyways .. i read a post here earlier regarding zeroaccess and i`m following the steps there i downloaded RogueKiller and made a scan .. and here is the log. RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MaHMooD [Admin rights] Mode : Scan -- Date : 03/02/2013 21:37:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND [susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe [-] --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++ --- User --- [MBR] 9635bdefa5d76b496f08607e58c4beb3 [bSP] c1bab54c5f69f6f9777100e87eaf85a8 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112743 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 233971712 | Size: 350001 Mo 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 950773760 | Size: 12695 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03022013_02d2137.txt >> RKreport[1]_S_03022013_02d2137.txt didn`t want to continue until i get a professional opinion .. to know if i continue with the fix or do another steps. Thanks in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.