Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads sounds constantly running in the background


  • This topic is locked This topic is locked
9 replies to this topic

#1 rehman.alpha

rehman.alpha

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 06 January 2014 - 09:23 PM

Background ads sounds keep running on my laptop. The ads start about a minute after windows starts and keep running, sometimes even two, three or four ad sounds run simultaneously. I have tried various solutions given at this forum as well as many other forums but to no avail. I initially posted my problem at http://www.bleepingcomputer.com/forums/t/519885/background-ad-sounds-keep-running-on-my-laptop/ and got some help from Broni. As per his advice, I ran the DDS and created the logs which are attached.Attached File  dds.txt   10.06KB   0 downloadsAttached File  attach.txt   6.75KB   0 downloads

 

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 07 January 2014 - 05:02 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 rehman.alpha

rehman.alpha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 07 January 2014 - 02:14 PM

Hi Georgi

Thank you so very much for the help.

I have followed the steps as suggested. The logs are given below:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014

Ran by KASHIF SEHER (administrator) on KASHIFSEHER-PC on 07-01-2014 13:07:24
Running from C:\Users\KASHIF SEHER\Desktop
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKCU\...\Run: [uTorrent] - C:\Users\KASHIF SEHER\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-15] (BitTorrent Inc.)
HKCU\...\Run: [SSync] - C:\Users\KASHIF SEHER\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKCU\...\Run: [DataMgr] - C:\Users\KASHIF SEHER\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-10-09] (HTTO Group, Ltd.)
HKCU\...\Run: [OMESupervisor] - C:\Users\KASHIF SEHER\AppData\Local\omesuperv.exe
HKCU\...\Run: [SCheck] - C:\Users\KASHIF SEHER\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKCU\...\Run: [Snoozer] - C:\Users\KASHIF SEHER\AppData\Roaming\Snz\Snz.exe [1209625 2013-12-24] ()
HKCU\...\Run: [Intermediate] - C:\Users\KASHIF SEHER\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wisersearch.com/?channel=en
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8BC2105F593CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {32377DCC-9783-4CAF-B2A0-CFE202073718} URL = 
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://wisersearch.com/search.php?channel=en&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://wisersearch.com/search.php?channel=en&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (New Tab) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0
CHR Extension: (Google Search) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (findr-) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ediokgmgdgljankdgmhboimegljmnbld\10.23.0.822_0
CHR Extension: (OfferMosquito) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\1.2_0
CHR Extension: (Connect DLC 5) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.26.0.540_0
CHR Extension: (Google Wallet) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\KASHIF SEHER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\KASHIF~1\AppData\Local\newhb2.crx
CHR HKLM\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\KASHIF SEHER\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx
CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\KASHIF SEHER\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
========================== Services (Whitelisted) =================
 
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1751656 2011-01-13] (Realsil Microelectronics Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [250984 2011-01-12] (Realtek Semiconductor Corp.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-07 13:07 - 2014-01-07 13:07 - 00008722 _____ C:\Users\KASHIF SEHER\Desktop\FRST.txt
2014-01-07 12:56 - 2014-01-07 12:55 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Desktop\FRST.exe
2014-01-07 12:54 - 2014-01-07 12:55 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Downloads\FRST (1).exe
2014-01-06 20:16 - 2014-01-06 20:17 - 00010297 _____ C:\Users\KASHIF SEHER\Desktop\dds.txt
2014-01-06 20:16 - 2014-01-06 20:17 - 00006914 _____ C:\Users\KASHIF SEHER\Desktop\attach.txt
2014-01-06 20:09 - 2014-01-06 20:09 - 00688992 ____R (Swearware) C:\Users\KASHIF SEHER\Downloads\dds.com
2014-01-06 19:24 - 2014-01-06 19:37 - 00001870 _____ C:\Users\KASHIF SEHER\Desktop\Rkill.txt
2014-01-06 19:22 - 2014-01-06 19:21 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\KASHIF SEHER\Desktop\rkill.exe
2014-01-06 19:19 - 2014-01-06 19:21 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\KASHIF SEHER\Downloads\rkill.exe
2014-01-06 17:45 - 2014-01-06 17:45 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\SUPERAntiSpyware.com
2014-01-06 17:43 - 2014-01-06 17:44 - 29302160 _____ (SUPERAntiSpyware) C:\Users\KASHIF SEHER\Downloads\SUPERAntiSpywarePro.exe
2014-01-06 17:37 - 2014-01-06 17:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\KASHIF SEHER\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-06 15:52 - 2014-01-06 15:52 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Malwarebytes
2014-01-06 15:51 - 2014-01-06 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-06 15:48 - 2014-01-06 15:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\KASHIF SEHER\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 14:08 - 2014-01-06 14:09 - 00000747 _____ C:\Users\KASHIF SEHER\Downloads\fixlist.txt
2014-01-06 13:56 - 2014-01-06 13:56 - 00000000 ____D C:\FRST
2014-01-06 13:52 - 2014-01-06 13:53 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Downloads\FRST.exe
2014-01-06 13:45 - 2014-01-07 08:37 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-06 12:48 - 2014-01-06 12:48 - 00010652 _____ C:\ComboFix.txt
2014-01-06 12:02 - 2014-01-06 12:48 - 00000000 ____D C:\Qoobox
2014-01-06 12:02 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 12:02 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 12:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 12:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 12:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 12:02 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 12:02 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 12:02 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 12:01 - 2014-01-06 12:24 - 00000000 ____D C:\Windows\erdnt
2014-01-06 11:54 - 2014-01-06 11:57 - 05160001 _____ (Swearware) C:\Users\KASHIF SEHER\Downloads\ComboFix.exe
2014-01-06 11:37 - 2014-01-07 08:37 - 00000616 _____ C:\Windows\setupact.log
2014-01-06 11:37 - 2014-01-06 17:30 - 00005996 _____ C:\Windows\PFRO.log
2014-01-06 11:37 - 2014-01-06 11:37 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 11:25 - 2014-01-06 11:25 - 00002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-06 11:23 - 2014-01-07 12:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 11:23 - 2014-01-07 11:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 11:23 - 2014-01-06 11:25 - 00000000 ____D C:\Program Files\Google
2014-01-06 10:55 - 2014-01-06 11:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-04 19:34 - 2014-01-04 19:58 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Troy (2004)
2014-01-04 19:34 - 2014-01-04 19:34 - 00016052 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mr.and.mrs.smith.2005.720p.brrip.x264.750mb.yify.torrent
2014-01-04 19:33 - 2014-01-04 19:33 - 00016794 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]troy.2004.directors.cut.720p.800mb.yify.torrent
2014-01-04 19:31 - 2014-01-04 19:36 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Gladiator EXTENDED REMASTERED (2000)
2014-01-04 19:27 - 2014-01-04 19:29 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\The Ghost and the Darkness
2014-01-04 19:25 - 2014-01-04 19:25 - 00012292 _____ C:\Users\KASHIF SEHER\Downloads\3fbfacc87cc7108b60bb64d5c3a38fbb8226b21e.torrent
2014-01-04 19:22 - 2014-01-04 19:24 - 00064072 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]the.ghost.and.the.darkness.1996.michael.douglas.val.kilmer.torrent
2014-01-04 11:43 - 2014-01-04 11:43 - 02294160 _____ C:\Users\KASHIF SEHER\Downloads\avira_free_antivirus_EN.exe
2014-01-03 18:21 - 2014-01-03 18:22 - 00016968 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]dum.maaro.dum.2011.hindi.dvdrip.720p.ali.baloch.silver.rg.torrent
2014-01-03 10:56 - 2014-01-03 10:56 - 00028672 _____ C:\Windows\system32\ppzzn.rqi
2014-01-03 10:46 - 2014-01-07 12:38 - 00000083 _____ C:\Windows\system32\jbii.gfs
2014-01-03 10:46 - 2014-01-03 10:56 - 00000098 _____ C:\Windows\system32\oldk.koj
2014-01-03 10:46 - 2014-01-03 10:46 - 00000064 _____ C:\Windows\system32\mldj.jkt
2014-01-03 10:29 - 2014-01-03 10:30 - 00101213 ____S C:\Windows\system32\ypsio.dav
2014-01-02 19:52 - 2014-01-05 19:36 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Race 2 2013 Hindi 720p DvDRip CharmeLeon SilverRG
2014-01-02 19:52 - 2014-01-02 19:52 - 00016260 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]housefull.2.dvdscr.xvid.1cdrip.ddr.torrent
2014-01-02 19:50 - 2014-01-02 19:50 - 00011607 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]race.2.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent
2014-01-02 19:48 - 2014-01-02 19:48 - 00015671 _____ C:\Users\KASHIF SEHER\Downloads\Once.Upon.Ay.Time.in.Mumbai.Dobaara.-.DVDScr.-.XviD.-.1xCD.torrent
2014-01-02 19:46 - 2014-01-02 19:47 - 00017188 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]go.goa.gone.2013.hindi.720p.hdrip.mp4.x264.hon3y.torrent
2014-01-01 11:21 - 2014-01-01 11:21 - 00020057 _____ C:\Users\KASHIF SEHER\Downloads\RockStar+2011+Pre-DvDRip+XviD+AC3+%5BxRG%5D.torrent
2013-12-30 19:20 - 2013-12-31 19:32 - 00004608 _____ C:\Users\KASHIF SEHER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-28 20:33 - 2013-12-28 20:33 - 00020644 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]krish.3.2013.scrrip.x264.team.ddh.rg.torrent
2013-12-28 20:29 - 2013-12-28 20:30 - 00015032 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mere.dost.picture.abhi.baki.hai.2012.dvdrip.1cd.xvid.esub.ddr.torrent
2013-12-28 20:26 - 2013-12-28 20:27 - 00057439 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]be.careful.2011.hindi.1cd.dvdrip.xvid.mastitorrents.torrent
2013-12-28 20:24 - 2013-12-28 20:24 - 00014834 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]hello.hum.lallann.bol.rahe.hain.2010.hindi.1cd.dvdrip.x264.e.torrent
2013-12-28 20:18 - 2013-12-28 20:18 - 00020543 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]garam.masala.2005.hindi.720p.dvdrip.charmeleon.silver.rg.torrent
2013-12-25 12:33 - 2013-12-25 12:34 - 05424217 _____ C:\Users\KASHIF SEHER\Downloads\Attachments_20131225.zip
2013-12-24 18:43 - 2013-12-24 18:43 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Snz
2013-12-23 18:28 - 2013-12-23 18:28 - 00016489 _____ C:\Users\KASHIF SEHER\Downloads\London+Paris+New+York+%282012%29+DVDRip+720p+x264+AAC-Ameet6233.torrent
2013-12-23 18:26 - 2013-12-23 18:26 - 00018043 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mission.impossible.ghost.protocol.2011.720p.brrip.850mb.yify.torrent
2013-12-23 18:25 - 2013-12-23 18:25 - 00017965 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]anchorman.the.legend.of.ron.burgundy.2004.unrated.720p.hdrip.h264.aac.rarbg.torrent
2013-12-23 14:21 - 2013-12-23 14:21 - 00010787 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]eyes.wide.shut.1999.720p.brrip.x264.yify.torrent
2013-12-20 10:37 - 2013-12-20 10:37 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\SCheck
2013-12-20 00:30 - 2013-12-20 00:30 - 00019585 _____ C:\Users\KASHIF SEHER\Downloads\Agent+Vinod+2012+Hindi+DVDRip+XviD+E-SuB+xRG.torrent
2013-12-16 21:52 - 2013-12-16 21:52 - 00056769 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]satyagraha.2013.dvdscr.xvid.mp3.1cd.exclusive.torrent
2013-12-16 21:50 - 2013-12-16 21:50 - 00020169 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]aashiqui.2.2013.hindi.dvdrip.720p.mp4.x264.hon3y.torrent
2013-12-13 18:25 - 2013-12-13 18:25 - 00028836 _____ C:\Users\KASHIF SEHER\Downloads\Special+26+%282013%29+Hindi+DVDScr+XviD+-+Exclusive.torrent
2013-12-13 18:21 - 2013-12-13 18:21 - 00020604 _____ C:\Users\KASHIF SEHER\Downloads\Matru+Ki+Bijlee+Ka+Mandola+2013+Hindi+720p+DvDrip+x264...Hon3y.torrent
2013-12-13 18:18 - 2013-12-13 18:18 - 00020784 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]lootera.2013.hindi.dvdrip.720p.x264.5.1.manudil.silverrg.torrent
2013-12-13 18:13 - 2013-12-13 18:13 - 00014970 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]phata.poster.nikla.hero.2013.hindi.mc.dvdscr.1cd.x264.aac.hon3y.torrent
2013-12-08 09:07 - 2013-12-08 09:07 - 00041984 _____ C:\Users\KASHIF SEHER\Downloads\Awais Statisitcs.xls
 
==================== One Month Modified Files and Folders =======
 
2014-01-07 13:07 - 2014-01-07 13:07 - 00008722 _____ C:\Users\KASHIF SEHER\Desktop\FRST.txt
2014-01-07 12:58 - 2013-06-04 03:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 12:55 - 2014-01-07 12:56 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Desktop\FRST.exe
2014-01-07 12:55 - 2014-01-07 12:54 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Downloads\FRST (1).exe
2014-01-07 12:38 - 2014-01-03 10:46 - 00000083 _____ C:\Windows\system32\jbii.gfs
2014-01-07 12:34 - 2014-01-06 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 11:41 - 2013-05-23 22:08 - 01147876 _____ C:\Windows\WindowsUpdate.log
2014-01-07 11:38 - 2013-05-23 11:25 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Skype
2014-01-07 11:37 - 2013-10-03 09:21 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\uTorrent
2014-01-07 11:34 - 2014-01-06 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 08:50 - 2009-07-13 22:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 08:50 - 2009-07-13 22:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 08:37 - 2014-01-06 13:45 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-07 08:37 - 2014-01-06 11:37 - 00000616 _____ C:\Windows\setupact.log
2014-01-07 08:37 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 20:17 - 2014-01-06 20:16 - 00010297 _____ C:\Users\KASHIF SEHER\Desktop\dds.txt
2014-01-06 20:17 - 2014-01-06 20:16 - 00006914 _____ C:\Users\KASHIF SEHER\Desktop\attach.txt
2014-01-06 20:09 - 2014-01-06 20:09 - 00688992 ____R (Swearware) C:\Users\KASHIF SEHER\Downloads\dds.com
2014-01-06 19:37 - 2014-01-06 19:24 - 00001870 _____ C:\Users\KASHIF SEHER\Desktop\Rkill.txt
2014-01-06 19:21 - 2014-01-06 19:22 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\KASHIF SEHER\Desktop\rkill.exe
2014-01-06 19:21 - 2014-01-06 19:19 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\KASHIF SEHER\Downloads\rkill.exe
2014-01-06 17:45 - 2014-01-06 17:45 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\SUPERAntiSpyware.com
2014-01-06 17:44 - 2014-01-06 17:43 - 29302160 _____ (SUPERAntiSpyware) C:\Users\KASHIF SEHER\Downloads\SUPERAntiSpywarePro.exe
2014-01-06 17:38 - 2014-01-06 17:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\KASHIF SEHER\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-06 17:30 - 2014-01-06 11:37 - 00005996 _____ C:\Windows\PFRO.log
2014-01-06 17:17 - 2013-11-15 22:44 - 00000000 ____D C:\Program Files\Level Quality Watcher
2014-01-06 17:17 - 2013-11-15 21:37 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Local\ext_offermosquito
2014-01-06 17:17 - 2013-11-15 21:27 - 00000000 ____D C:\ProgramData\Conduit
2014-01-06 17:17 - 2013-10-01 23:21 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\DigitalSite
2014-01-06 15:52 - 2014-01-06 15:52 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Malwarebytes
2014-01-06 15:51 - 2014-01-06 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-06 15:49 - 2014-01-06 15:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\KASHIF SEHER\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 14:09 - 2014-01-06 14:08 - 00000747 _____ C:\Users\KASHIF SEHER\Downloads\fixlist.txt
2014-01-06 13:56 - 2014-01-06 13:56 - 00000000 ____D C:\FRST
2014-01-06 13:53 - 2014-01-06 13:52 - 01064805 _____ (Farbar) C:\Users\KASHIF SEHER\Downloads\FRST.exe
2014-01-06 12:48 - 2014-01-06 12:48 - 00010652 _____ C:\ComboFix.txt
2014-01-06 12:48 - 2014-01-06 12:02 - 00000000 ____D C:\Qoobox
2014-01-06 12:48 - 2009-07-13 20:37 - 00000000 __RHD C:\Users\Default
2014-01-06 12:48 - 2009-07-13 20:37 - 00000000 ___RD C:\Users\Public
2014-01-06 12:43 - 2009-07-13 20:04 - 00000215 _____ C:\Windows\system.ini
2014-01-06 12:24 - 2014-01-06 12:01 - 00000000 ____D C:\Windows\erdnt
2014-01-06 12:20 - 2009-07-13 20:03 - 38010880 _____ C:\Windows\system32\config\SOFTWARE.bak
2014-01-06 12:20 - 2009-07-13 20:03 - 15204352 _____ C:\Windows\system32\config\SYSTEM.bak
2014-01-06 12:20 - 2009-07-13 20:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2014-01-06 12:20 - 2009-07-13 20:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2014-01-06 12:20 - 2009-07-13 20:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2014-01-06 11:57 - 2014-01-06 11:54 - 05160001 _____ (Swearware) C:\Users\KASHIF SEHER\Downloads\ComboFix.exe
2014-01-06 11:37 - 2014-01-06 11:37 - 00000000 _____ C:\Windows\setuperr.log
2014-01-06 11:28 - 2013-11-13 11:15 - 00000000 ____D C:\Windows\Minidump
2014-01-06 11:28 - 2013-05-23 23:05 - 00000000 ____D C:\Windows\Panther
2014-01-06 11:26 - 2013-05-23 11:31 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Local\Google
2014-01-06 11:25 - 2014-01-06 11:25 - 00002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-06 11:25 - 2014-01-06 11:23 - 00000000 ____D C:\Program Files\Google
2014-01-06 11:14 - 2014-01-06 10:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-05 21:37 - 2013-11-15 22:39 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\COWON
2014-01-05 19:36 - 2014-01-02 19:52 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Race 2 2013 Hindi 720p DvDRip CharmeLeon SilverRG
2014-01-05 17:07 - 2013-05-23 10:17 - 00001373 _____ C:\Users\KASHIF SEHER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 19:58 - 2014-01-04 19:34 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Troy (2004)
2014-01-04 19:36 - 2014-01-04 19:31 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Gladiator EXTENDED REMASTERED (2000)
2014-01-04 19:34 - 2014-01-04 19:34 - 00016052 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mr.and.mrs.smith.2005.720p.brrip.x264.750mb.yify.torrent
2014-01-04 19:33 - 2014-01-04 19:33 - 00016794 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]troy.2004.directors.cut.720p.800mb.yify.torrent
2014-01-04 19:29 - 2014-01-04 19:27 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\The Ghost and the Darkness
2014-01-04 19:25 - 2014-01-04 19:25 - 00012292 _____ C:\Users\KASHIF SEHER\Downloads\3fbfacc87cc7108b60bb64d5c3a38fbb8226b21e.torrent
2014-01-04 19:24 - 2014-01-04 19:22 - 00064072 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]the.ghost.and.the.darkness.1996.michael.douglas.val.kilmer.torrent
2014-01-04 11:43 - 2014-01-04 11:43 - 02294160 _____ C:\Users\KASHIF SEHER\Downloads\avira_free_antivirus_EN.exe
2014-01-03 18:22 - 2014-01-03 18:21 - 00016968 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]dum.maaro.dum.2011.hindi.dvdrip.720p.ali.baloch.silver.rg.torrent
2014-01-03 10:56 - 2014-01-03 10:56 - 00028672 _____ C:\Windows\system32\ppzzn.rqi
2014-01-03 10:56 - 2014-01-03 10:46 - 00000098 _____ C:\Windows\system32\oldk.koj
2014-01-03 10:46 - 2014-01-03 10:46 - 00000064 _____ C:\Windows\system32\mldj.jkt
2014-01-03 10:30 - 2014-01-03 10:29 - 00101213 ____S C:\Windows\system32\ypsio.dav
2014-01-02 19:52 - 2014-01-02 19:52 - 00016260 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]housefull.2.dvdscr.xvid.1cdrip.ddr.torrent
2014-01-02 19:50 - 2014-01-02 19:50 - 00011607 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]race.2.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent
2014-01-02 19:48 - 2014-01-02 19:48 - 00015671 _____ C:\Users\KASHIF SEHER\Downloads\Once.Upon.Ay.Time.in.Mumbai.Dobaara.-.DVDScr.-.XviD.-.1xCD.torrent
2014-01-02 19:47 - 2014-01-02 19:46 - 00017188 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]go.goa.gone.2013.hindi.720p.hdrip.mp4.x264.hon3y.torrent
2014-01-01 11:21 - 2014-01-01 11:21 - 00020057 _____ C:\Users\KASHIF SEHER\Downloads\RockStar+2011+Pre-DvDRip+XviD+AC3+%5BxRG%5D.torrent
2014-01-01 08:39 - 2009-07-13 22:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 21:16 - 2013-11-30 21:13 - 00000000 ____D C:\Users\KASHIF SEHER\Downloads\Badmaash Company 2010 720p BRRip CharmeLeon Silver RG
2013-12-31 19:32 - 2013-12-30 19:20 - 00004608 _____ C:\Users\KASHIF SEHER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-28 20:33 - 2013-12-28 20:33 - 00020644 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]krish.3.2013.scrrip.x264.team.ddh.rg.torrent
2013-12-28 20:30 - 2013-12-28 20:29 - 00015032 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mere.dost.picture.abhi.baki.hai.2012.dvdrip.1cd.xvid.esub.ddr.torrent
2013-12-28 20:27 - 2013-12-28 20:26 - 00057439 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]be.careful.2011.hindi.1cd.dvdrip.xvid.mastitorrents.torrent
2013-12-28 20:24 - 2013-12-28 20:24 - 00014834 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]hello.hum.lallann.bol.rahe.hain.2010.hindi.1cd.dvdrip.x264.e.torrent
2013-12-28 20:18 - 2013-12-28 20:18 - 00020543 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]garam.masala.2005.hindi.720p.dvdrip.charmeleon.silver.rg.torrent
2013-12-25 12:34 - 2013-12-25 12:33 - 05424217 _____ C:\Users\KASHIF SEHER\Downloads\Attachments_20131225.zip
2013-12-24 18:43 - 2013-12-24 18:43 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Snz
2013-12-24 18:43 - 2013-11-15 21:37 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\Intermediate
2013-12-23 18:28 - 2013-12-23 18:28 - 00016489 _____ C:\Users\KASHIF SEHER\Downloads\London+Paris+New+York+%282012%29+DVDRip+720p+x264+AAC-Ameet6233.torrent
2013-12-23 18:26 - 2013-12-23 18:26 - 00018043 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]mission.impossible.ghost.protocol.2011.720p.brrip.850mb.yify.torrent
2013-12-23 18:25 - 2013-12-23 18:25 - 00017965 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]anchorman.the.legend.of.ron.burgundy.2004.unrated.720p.hdrip.h264.aac.rarbg.torrent
2013-12-23 14:21 - 2013-12-23 14:21 - 00010787 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]eyes.wide.shut.1999.720p.brrip.x264.yify.torrent
2013-12-21 17:43 - 2013-05-23 10:20 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 10:37 - 2013-12-20 10:37 - 00000000 ____D C:\Users\KASHIF SEHER\AppData\Roaming\SCheck
2013-12-20 00:30 - 2013-12-20 00:30 - 00019585 _____ C:\Users\KASHIF SEHER\Downloads\Agent+Vinod+2012+Hindi+DVDRip+XviD+E-SuB+xRG.torrent
2013-12-16 21:52 - 2013-12-16 21:52 - 00056769 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]satyagraha.2013.dvdscr.xvid.mp3.1cd.exclusive.torrent
2013-12-16 21:50 - 2013-12-16 21:50 - 00020169 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]aashiqui.2.2013.hindi.dvdrip.720p.mp4.x264.hon3y.torrent
2013-12-13 18:25 - 2013-12-13 18:25 - 00028836 _____ C:\Users\KASHIF SEHER\Downloads\Special+26+%282013%29+Hindi+DVDScr+XviD+-+Exclusive.torrent
2013-12-13 18:21 - 2013-12-13 18:21 - 00020604 _____ C:\Users\KASHIF SEHER\Downloads\Matru+Ki+Bijlee+Ka+Mandola+2013+Hindi+720p+DvDrip+x264...Hon3y.torrent
2013-12-13 18:18 - 2013-12-13 18:18 - 00020784 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]lootera.2013.hindi.dvdrip.720p.x264.5.1.manudil.silverrg.torrent
2013-12-13 18:13 - 2013-12-13 18:13 - 00014970 _____ C:\Users\KASHIF SEHER\Downloads\[kickass.to]phata.poster.nikla.hero.2013.hindi.mc.dvdscr.1cd.x264.aac.hon3y.torrent
2013-12-10 15:58 - 2013-06-04 03:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 15:58 - 2013-06-04 03:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-08 09:07 - 2013-12-08 09:07 - 00041984 _____ C:\Users\KASHIF SEHER\Downloads\Awais Statisitcs.xls
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 17:45] - [2009-07-13 19:16] - 0376320 ____A (Microsoft Corporation) AECD47FEEFB26FD72AB9AA8CC2E3EC8C
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-06 13:33
 
==================== End Of Log ============================
 
 
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by KASHIF SEHER at 2014-01-07 13:08:48
Running from C:\Users\KASHIF SEHER\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (Version: 10.0.0 - Adobe Systems Incorporated)
Atheros Driver Installation Program (Version: 9.0 - Atheros)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Broadcom 802.11 Network Adapter (Version: 5.100.235.19 - Broadcom Corporation)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dropbox (Version: 2.0.26 - Dropbox, Inc.)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
PDFBinder (Version: 1.0.0 - Malamute.dk)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010 - Realtek)
Realtek PCIE Card Reader (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.1.18.0 - Synaptics Incorporated)
WinRAR 4.00 beta 3 (32-bit) (Version: 4.00.3 - win.rar GmbH)
 
==================== Restore Points  =========================
 
06-01-2014 18:03:19 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2014-01-06 12:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01B904D9-DD60-4250-8D32-D970AA2D161F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {0464BEA3-44A7-4CF9-A392-387A2E80AB5F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2949419196-1756285607-978059177-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {10806141-133D-4D62-A632-302980903CB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2949419196-1756285607-978059177-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {348544BA-4156-451A-B107-1FE4AE9C7D0D} - \BackgroundContainer Startup Task No Task File
Task: {55BEF0B7-D547-4A5B-9C49-AD9ACA8FD483} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {8B7C775B-A8EA-4AF4-AC1A-181AD1485F31} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2949419196-1756285607-978059177-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {A3221A74-3F13-4950-8419-F20E503B7B3C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2949419196-1756285607-978059177-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B39035A2-C2E0-4805-8EB4-23FFF797999A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2949419196-1756285607-978059177-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {F89A616E-9419-40C4-BD19-A7A5F629E6EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-23 11:34 - 2010-12-17 10:14 - 00139264 _____ () C:\Program Files\WinRAR\rarext.dll
2006-10-26 02:56 - 2006-10-26 02:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-01-06 11:25 - 2013-12-03 20:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2014-01-06 11:25 - 2013-12-03 20:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2014-01-06 11:25 - 2013-12-03 20:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2014-01-06 11:25 - 2013-12-03 20:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2014-01-06 11:25 - 2013-12-03 20:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2010-11-10 12:49 - 2010-11-10 12:49 - 00249232 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59003001.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62946639.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59003001.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62946639.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2014 01:05:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 0.0.0.0, time stamp: 0x52b386a6
Faulting module name: SUPERAntiSpyware.exe, version: 0.0.0.0, time stamp: 0x52b386a6
Exception code: 0xc0000005
Fault offset: 0x00088667
Faulting process id: 0xd7c
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
Error: (01/06/2014 07:36:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: rkill.exe, version: 2.6.4.0, time stamp: 0x52b4c4b5
Faulting module name: rkill.exe, version: 2.6.4.0, time stamp: 0x52b4c4b5
Exception code: 0xc0000417
Fault offset: 0x00061495
Faulting process id: 0x1e54
Faulting application start time: 0xrkill.exe0
Faulting application path: rkill.exe1
Faulting module path: rkill.exe2
Report Id: rkill.exe3
 
Error: (01/06/2014 01:34:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/06/2014 01:33:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/06/2014 11:37:36 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (01/07/2014 08:41:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (01/07/2014 08:37:21 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/07/2014 08:37:19 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/07/2014 08:37:18 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (01/06/2014 09:22:59 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/06/2014 08:01:30 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/06/2014 08:01:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/06/2014 07:57:21 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 
%%1190
 
Error: (01/06/2014 07:57:14 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (01/06/2014 07:57:13 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
 
Microsoft Office Sessions:
=========================
Error: (01/06/2014 10:20:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1668 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error: (12/14/2013 09:35:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37131 seconds with 12540 seconds of active time.  This session ended with a crash.
 
Error: (12/07/2013 08:18:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2224 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/24/2013 09:16:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11512 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (09/26/2013 11:34:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6383 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (09/23/2013 08:02:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (08/28/2013 06:25:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3797 seconds with 2280 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2013 05:46:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1486 seconds with 1320 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 75%
Total physical RAM: 1011.87 MB
Available physical RAM: 247.66 MB
Total Pagefile: 3090.89 MB
Available Pagefile: 891.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:50.83 GB) (Free:16.65 GB) NTFS
Drive d: () (Fixed) (Total:80.11 GB) (Free:76.15 GB) NTFS
Drive e: () (Fixed) (Total:101.85 GB) (Free:89.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2152405A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
Search.txt
Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by KASHIF SEHER at 2014-01-07 13:10:04
Running from C:\Users\KASHIF SEHER\Desktop
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 17:45] - [2009-07-13 19:16] - 0376320 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\System32\rpcss.dll
[2009-07-13 17:45] - [2009-07-13 19:16] - 0376320 ____A (Microsoft Corporation) AECD47FEEFB26FD72AB9AA8CC2E3EC8C
 
=== End Of Search ===


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 07 January 2014 - 08:05 PM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 rehman.alpha

rehman.alpha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 07 January 2014 - 09:54 PM

I ran first and clicked fix. It did create a fix log but at the end asked that system will now reboot to complete the fix. But once the windows shut down, system is not booting. I have tried safe mode too but it doesn't work either. In safe mode it shows a black Dos like window saying windows files being loaded but then only a black screen appears with mouse arrow showing and moving with touch on mouse pad but system doesnt go any further. Same happens in normal mode but no windows files are loaded. Please help.

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 08 January 2014 - 12:33 AM

Hi,

 

 

That's weird but sometimes happens with this infection.

 

Try this please:

 

Press and hold the "F8" key before the Windows logo appears on the screen to access the Advanced Boot Options screen.

 

On the Advanced Boot Options screen, use the arrow keys to highlight Last Known Good Configuration (advanced), and then press Enter.

 

and let me know about the results.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 rehman.alpha

rehman.alpha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 08 January 2014 - 08:18 AM

Tried many times but Pressing F8 doesn't lead to any advanced boot options screen. I only see windows error recover screen or setup (if press F2). F8 doesn't do anything and windows logo isn't shown.

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 08 January 2014 - 02:48 PM

Hi,

 

Do you have an installation DVD?

 

If not then please check if you have access to Windows Recovery Environment:

 

To access Advanced Boot Options menu restart your computer and press the F8 key before Windows starts. Chose “Repair Your Computer” which shows a list of system recovery tools you can use to repair startup problems, run diagnostics, or restore your system.

 

AdvancedBootOptions.jpg

 

If you see that option then please let me know in your next reply.


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 11 January 2014 - 05:33 AM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:25 PM

Posted 13 January 2014 - 03:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users