Jump to content


Photo
- - - - -

Need help with trojan dropper and false windows updates


  • This topic is locked This topic is locked
38 replies to this topic

#1 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 05:56 AM

I am a regular user of MBAM. So far so good, MBAM has always helped me keep my machines up and running and has always been my top recommendation for spywares and malwares. However this time it is totally different. Here is the issue:

I have around 15 svchost processes simultaneously running.(some of them shown in screenshot attached).
My laptop is awfully slow. and
There is a fake windows update icon continuously appearing in my taskbar(attached in the screenshot) and I can't right click or left click it, it is happening despite keeping my automatic windows update off. Every time I start my laptop and connect it to the internet, some bandwith is continuosly being taken by an unknown application, when i type netstat -o in command prompt, it says the svchost process is taking up the bandwith and I have to manually close the process down which after some time starts again automatically utilizing bandwith.

I completely scanned the system and at first scan MBAM found some trojan dropper viruses which it removed and asked me for a restart which I did. But even after restart the things did'nt change. It is the same as before with only difference that MBAM is not detecting anything wrong in subsequent scans but the problem still persists. I tried many things through the internet but the problem seems impossible to fix. It is now that I have decided to take the problem to the experts here in malwarebytes. Please help me get rid of this issue. Please guide me how to clean this mess that virus has caused me.

Attached Files



#2 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 06:31 AM

I am sorry I didnt read the pinned post for deleting torrent clients. I have now removed utorrent from the pc.

#3 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 06:37 AM

hi :weclome:

those processes are legit.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN[/B[

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and [b]Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


#4 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 07:44 AM

All those svchost processes are not legit, there is one process that pops up again and again and automatically starts using up bandwith without any permission whatsoever :(
Both steps done, logs attached.

Attached Files



#5 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 09:36 AM

post the logs do not attach them unless instructed to do so

I will post the OTL log myself to make it easier for reading

OTL logfile created on: 22-Aug-12 5:23:38 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 36.94% Memory free
7.87 Gb Paging File | 4.67 Gb Available in Paging File | 59.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147.52 Gb Total Space | 4.24 Gb Free Space | 2.88% Space Free | Partition Type: NTFS
Drive D: | 128.47 Gb Total Space | 42.02 Gb Free Space | 32.71% Space Free | Partition Type: NTFS
Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011-08-14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011-08-05 03:31:45 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011-02-12 08:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe
PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe
PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe
PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe
PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-18 03:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012-08-18 03:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012-08-18 03:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012-08-18 03:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012-08-18 03:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012-08-18 03:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012-08-18 03:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012-08-18 03:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012-07-30 14:42:25 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012-07-30 14:42:25 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll
MOD - [2012-07-30 14:42:25 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll
MOD - [2012-07-30 14:40:11 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012-07-30 14:40:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012-07-30 14:40:03 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012-07-30 14:39:41 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012-07-30 14:39:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012-07-30 14:39:22 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012-07-30 14:39:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012-07-30 14:39:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012-07-30 14:39:12 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012-07-30 14:39:07 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe
MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll
MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll
MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll
MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll
MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll
MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll
MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll
MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll
MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll
MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll
MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll
MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll
MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll
MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll
MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll
MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll
MOD - [2009-06-11 02:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-08-12 04:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64)
SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService)
SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR300.SYS -- (SMR300)
DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-05 07:33:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011-07-22 21:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 02:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-21 06:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011-03-31 08:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011-03-31 08:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011-03-26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-03-15 07:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011-01-27 11:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011-01-27 10:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)
DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010-05-12 13:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-05-12 13:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)
DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)
DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-08-22 10:39:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\ex64.sys -- (NAVEX15)
DRV - [2012-08-22 10:39:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012-08-22 10:39:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012-08-22 10:39:42 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\eng64.sys -- (NAVENG)
DRV - [2012-08-21 15:34:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120821.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012-08-03 01:44:00 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)
DRV - [2010-08-13 14:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-05 06:05:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-05-05 06:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-05-05 06:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-10-14 06:32:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012-08-22 08:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\
CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 02:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe ()
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell - "" = AutoRun
O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell\AutoRun\command - "" = J:\QUBEEWCM.exe
O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell - "" = AutoRun
O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell\AutoRun\command - "" = H:\QUBEEWCM.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\QUBEEWCM.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
[2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine
[2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com
[2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-08-22 08:50:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS
[2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE
[2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific
[2012-08-22 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\SUPERAntiSpyware.com
[2012-08-22 07:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en
[2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es
[2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu
[2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca
[2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive
[2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live
[2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW
[2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec
[2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox
[2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector
[2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012-08-10 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Photos
[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Documents
[2012-08-10 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Outlook
[2012-08-10 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-08-10 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Htc
[2012-08-10 20:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC
[2012-08-10 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Downloaded Installations
[2012-08-10 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012-08-10 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012-08-10 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012-08-10 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012-08-10 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-08-08 04:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012-08-07 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012-08-07 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2012-08-06 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012-08-05 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt
[2012-08-05 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\RockMelt
[2012-08-03 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\ban poster
[2012-08-02 00:56:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AutoGG
[2012-07-30 07:48:40 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock
[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe
[2012-08-22 16:54:03 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 16:54:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 16:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job
[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com
[2012-08-22 15:28:39 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012-08-22 15:28:35 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png
[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 08:53:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012-08-22 08:52:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-08-22 08:52:36 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS
[2012-08-22 08:50:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml
[2012-08-22 04:35:05 | 000,783,664 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012-08-22 04:35:05 | 000,663,620 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012-08-22 04:35:05 | 000,122,198 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-11 12:34:24 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf
[2012-08-11 11:29:34 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf
[2012-08-10 21:53:36 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-08-05 21:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini
[2012-08-05 20:59:12 | 000,002,227 | ---- | M] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk
[2012-08-01 00:19:22 | 002,135,590 | ---- | M] () -- C:\Users\Ahmed\Desktop\Untitled.png
[2012-07-30 17:14:16 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job
[2012-07-30 14:34:09 | 000,001,441 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-07-30 14:32:27 | 000,417,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012-07-30 10:09:10 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012-07-30 10:09:09 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012-07-30 09:34:10 | 000,777,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe
[2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png
[2012-08-22 08:37:37 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-08-22 07:26:44 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 07:26:42 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 07:26:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012-08-11 18:32:38 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf
[2012-08-11 18:27:03 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf
[2012-08-10 21:53:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-08-05 21:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini
[2012-08-05 20:59:12 | 000,002,227 | ---- | C] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk
[2012-08-05 20:49:16 | 000,000,928 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-05 20:49:16 | 000,000,876 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-01 00:19:22 | 002,135,590 | ---- | C] () -- C:\Users\Ahmed\Desktop\Untitled.png
[2012-07-30 10:09:10 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012-07-30 10:09:09 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml
[2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini
[2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini
[2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat
[2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys
[2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys
[2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys
[2011-05-05 05:25:40 | 000,777,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011-03-26 09:16:10 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock
[2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity
[2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner
[2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG
[2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite
[2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona
[2012-08-22 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache
[2012-08-22 06:59:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus
[2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy
[2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC
[2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM
[2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3
[2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia
[2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details
[2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera
[2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook
[2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite
[2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client
[2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP
[2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics
[2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific
[2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP
[2012-08-22 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent
[2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent
[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 16:54:03 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 16:54:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 08:31:55 | 000,032,224 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job
[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009-07-14 06:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 06:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\windows\SysNative\qmgr.dll
[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009-06-11 02:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012-04-04 10:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011-06-06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012-07-25 04:52:54 | 000,001,126 | ---- | M] () MD5=584403EF84B9DEB4CC27A4F9BBDF633A -- C:\Users\Ahmed\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\22FMXTFN\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 06:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2009-07-14 06:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

#6 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 09:40 AM

hi

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN
please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

#7 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 09:40 AM

Im sorry, I tried posting them in one shot but it said post is too long. I will post them from now on . Please guide me how to proceed with the issue

#8 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 09:47 AM

I posted my instructions :)

#9 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 09:59 AM

TDSkiller says no threats found

OTL.TXT:

OTL logfile created on: 22-Aug-12 7:46:41 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 32.04% Memory free
7.87 Gb Paging File | 4.70 Gb Available in Paging File | 59.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147.52 Gb Total Space | 3.74 Gb Free Space | 2.54% Space Free | Partition Type: NTFS
Drive D: | 128.47 Gb Total Space | 42.02 Gb Free Space | 32.71% Space Free | Partition Type: NTFS
Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011-02-12 08:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe
PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe
PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe
PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe
PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-18 03:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012-08-18 03:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012-08-18 03:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012-08-18 03:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012-08-18 03:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012-08-18 03:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012-08-18 03:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012-08-18 03:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012-07-30 14:42:25 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012-07-30 14:42:25 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll
MOD - [2012-07-30 14:42:25 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll
MOD - [2012-07-30 14:40:11 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012-07-30 14:40:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012-07-30 14:39:41 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012-07-30 14:39:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012-07-30 14:39:22 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012-07-30 14:39:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012-07-30 14:39:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012-07-30 14:39:12 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012-07-30 14:39:07 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012-07-30 14:31:07 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2012-02-22 13:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll
MOD - [2012-02-22 13:52:16 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe
MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll
MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll
MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll
MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll
MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll
MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll
MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll
MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll
MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll
MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll
MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll
MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll
MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll
MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll
MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll
MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-08-12 04:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64)
SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService)
SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR300.SYS -- (SMR300)
DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-05 07:33:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011-07-22 21:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 02:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-21 06:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011-03-31 08:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011-03-31 08:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011-03-26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-03-15 07:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011-01-27 11:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011-01-27 10:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)
DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010-05-12 13:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-05-12 13:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)
DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)
DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-08-22 10:39:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\ex64.sys -- (NAVEX15)
DRV - [2012-08-22 10:39:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012-08-22 10:39:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012-08-22 10:39:42 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\eng64.sys -- (NAVENG)
DRV - [2012-08-21 15:34:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120821.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012-08-03 01:44:00 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)
DRV - [2010-08-13 14:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-05 06:05:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-05-05 06:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-05-05 06:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-10-14 06:32:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012-08-22 08:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\
CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 02:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe ()
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.178.128.100 203.130.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell - "" = AutoRun
O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell\AutoRun\command - "" = J:\QUBEEWCM.exe
O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell - "" = AutoRun
O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell\AutoRun\command - "" = H:\QUBEEWCM.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\QUBEEWCM.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 19:42:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe
[2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
[2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine
[2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com
[2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-08-22 08:50:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS
[2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE
[2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific
[2012-08-22 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\SUPERAntiSpyware.com
[2012-08-22 07:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en
[2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es
[2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu
[2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca
[2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive
[2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live
[2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW
[2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec
[2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox
[2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector
[2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012-08-10 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Photos
[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Documents
[2012-08-10 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Outlook
[2012-08-10 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-08-10 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Htc
[2012-08-10 20:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC
[2012-08-10 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Downloaded Installations
[2012-08-10 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012-08-10 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012-08-10 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012-08-10 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012-08-10 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-08-08 04:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012-08-07 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012-08-07 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2012-08-06 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012-08-05 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt
[2012-08-05 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\RockMelt
[2012-08-03 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\ban poster
[2012-08-02 00:56:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AutoGG
[2012-07-30 07:48:40 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock
[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 19:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 19:41:55 | 000,000,202 | ---- | M] () -- C:\windows\SysWow64\0_default.pf
[2012-08-22 18:45:28 | 000,783,664 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012-08-22 18:45:28 | 000,663,620 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012-08-22 18:45:28 | 000,122,198 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe
[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job
[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com
[2012-08-22 15:28:39 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012-08-22 15:28:35 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png
[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 12:14:16 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe
[2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe
[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 08:53:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012-08-22 08:52:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-08-22 08:52:36 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS
[2012-08-22 08:50:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml
[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-11 12:34:24 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf
[2012-08-11 11:29:34 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf
[2012-08-10 21:53:36 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-08-05 21:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini
[2012-08-05 20:59:12 | 000,002,227 | ---- | M] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk
[2012-08-01 00:19:22 | 002,135,590 | ---- | M] () -- C:\Users\Ahmed\Desktop\Untitled.png
[2012-07-30 17:14:16 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job
[2012-07-30 14:34:09 | 000,001,441 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-07-30 14:32:27 | 000,417,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012-07-30 10:09:10 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012-07-30 10:09:09 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012-07-30 09:34:10 | 000,777,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012-08-22 19:41:55 | 000,000,202 | ---- | C] () -- C:\windows\SysWow64\0_default.pf
[2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe
[2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png
[2012-08-22 08:37:37 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012-08-22 07:26:44 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 07:26:42 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 07:26:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012-08-11 18:32:38 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf
[2012-08-11 18:27:03 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf
[2012-08-10 21:53:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-08-05 21:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini
[2012-08-05 20:59:12 | 000,002,227 | ---- | C] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk
[2012-08-05 20:49:16 | 000,000,928 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-05 20:49:16 | 000,000,876 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-01 00:19:22 | 002,135,590 | ---- | C] () -- C:\Users\Ahmed\Desktop\Untitled.png
[2012-07-30 10:09:10 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012-07-30 10:09:09 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml
[2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini
[2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini
[2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat
[2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys
[2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys
[2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys
[2011-05-05 05:25:40 | 000,777,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011-03-26 09:16:10 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock
[2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity
[2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner
[2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG
[2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite
[2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona
[2012-08-22 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache
[2012-08-22 18:54:56 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus
[2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy
[2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC
[2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM
[2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3
[2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia
[2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details
[2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera
[2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook
[2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite
[2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client
[2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP
[2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics
[2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific
[2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP
[2012-08-22 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent
[2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent
[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job
[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job
[2012-08-22 18:41:06 | 000,032,724 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job
[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job
[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job
[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 11:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 10:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009-07-14 06:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011-02-26 10:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-02-26 10:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-02-25 11:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 11:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-02-25 10:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 06:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-02-26 11:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\windows\SysNative\qmgr.dll
[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009-06-11 02:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012-04-04 10:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011-06-06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012-07-25 04:52:54 | 000,001,126 | ---- | M] () MD5=584403EF84B9DEB4CC27A4F9BBDF633A -- C:\Users\Ahmed\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\22FMXTFN\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 06:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2009-07-14 06:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

#10 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 10:00 AM

ListParts by Farbar Version: 10-08-2012
Ran by Ahmed (administrator) on 22-08-2012 at 19:59:13
Windows 7 (X64)
Running From: C:\Users\Ahmed\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 68%
Total physical RAM: 4030.37 MB
Available physical RAM: 1252.46 MB
Total Pagefile: 8058.88 MB
Available Pagefile: 4759.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:147.52 GB) (Free:3.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Local Disk) (Fixed) (Total:128.47 GB) (Free:42.02 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 8 MB *

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 992 KB 31 KB
Partition 2 Dynamic Data 300 MB 1024 KB
Partition 3 Dynamic Data 147 GB 301 MB
Partition 4 Dynamic Data 150 GB 147 GB

======================================================================================================

Disk: 0
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SYSTEM NTFS Simple 300 MB Healthy System

======================================================================================================

Disk: 0
Partition 3
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Simple 147 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 D Local Disk NTFS Simple 128 GB Healthy

======================================================================================================

****** End Of Log ******

#11 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 10:00 AM

The OTL extra file is same as before, it didn't change so I didn't post it.

#12 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 10:27 AM

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running


#13 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 12:14 PM

<p>Malwarebytes quick scan : No malicious items detected. Same as scan before this procedure.</p>
<p> </p>
<div>Malwarebytes Anti-Malware 1.62.0.1300</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2012.08.21.13</div>
<div> </div>
<div>Windows 7 x64 NTFS</div>
<div>Internet Explorer 9.0.8112.16421</div>
<div>Ahmed :: HEWLETT [administrator]</div>
<div> </div>
<div>22-Aug-12 10:01:55 PM</div>
<div>mbam-log-2012-08-22 (22-01-55).txt</div>
<div> </div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 199597</div>
<div>Time elapsed: 2 minute(s), 49 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>
<div> </div>
<div> </div>
<div>I am unable to download ESET online, it gets stucks while downloading.</div>


#14 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 12:15 PM

Still when system restarts, fake windows update is coming up and svchost bandwith consuming process still keeps on popping up.

#15 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 12:20 PM

Oh wait I managed to run up the online ESET, will be posting results when completed.

#16 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 01:28 PM

svchost.exe is a legit process read more about it here http://www.howtogeek...-is-it-running/

Also why do you think this is a "Fake" windows update ? its the normal icon that appears whenever windows is downloading/installing updates

#17 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 01:54 PM

Because when a normal windows update icon appear and u left click it, it shows the updater and the files being downloaded, however here it does not. Also when i go inside control panel > windows update the updates are not being downloaded and install update button is appearing which means the windows update in taskbar is not a legit process.

#18 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 01:57 PM

plus my automatic updates are off so there is no possible way that windows automatically starts updating itself.

#19 aliB

aliB

    True Member

  • Trusted Advisors
  • PipPipPipPip
  • 329 posts
  • Gender:Male
  • Location:Lebanon
  • Interests:Malware Removal and PlayStation 3 ;)

Posted 22 August 2012 - 02:04 PM

hi

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


#20 infectedbytrojjan

infectedbytrojjan

    New Member

  • Members
  • Pip
  • 24 posts

Posted 22 August 2012 - 02:44 PM

Man I gotta admit that this is the most toughest mess I have come across and also admit that ur a pro at this because I have no idea what the above programs do lol. Nice job on the heads up there. Unfortunately due to time restrictions I will have to do above procedures tomorrow, then only Ill let u know how it went. Good job mate and help appreciated. Be in touch with you tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users