Jump to content

infectedbytrojjan

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok then, please guide me to remove all the programs that I installed in the process. Also please tell me will it remove those hidden files from the system?
  2. It takes up bandwith without approval and will go on consuming it until stopped from task manager I have never seen it stop itself even after . Windows updates are off and there is no other software that has permission to utilize the internet.
  3. Vide performance is fixed, although that rogue svc host still appears. If it might help I had been infected wth win32 jeefo previosuly on this system that made fake svchost files. Although every software says that it has been removed, I think it isn't. Because jeefo is the only virus i have come accross which gives fake svchost files. Here is a quarantine log from my MBAM, please see the screenshot. Maybe these quarantined files have something to do with this problem. http://prntscr.com/feiu2 http://prntscr.com/feixl Also my dvd-rw keep ejecting randomly, I doubt it is a virus but more likely it seems a hardware fault. Lastly, there is a huge bulk of files all over my pc which i want to get rid of. I dont know how the came to my pc, if u want i can screenshot them to you as well.
  4. OTL logfile created on: 11-Sep-12 2:38:04 AM - Run 3 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy 3.94 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 41.46% Memory free 7.87 Gb Paging File | 5.02 Gb Available in Paging File | 63.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147.52 Gb Total Space | 9.98 Gb Free Space | 6.76% Space Free | Partition Type: NTFS Drive D: | 128.47 Gb Total Space | 16.83 Gb Free Space | 13.10% Space Free | Partition Type: NTFS Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32 Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-31 01:32:48 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe PRC - [2012-08-05 20:49:13 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe PRC - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-05-18 01:03:02 | 000,602,112 | ---- | M] (hbm) -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\Auto-Joiner.exe PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-08-14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2011-08-05 03:31:45 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe PRC - [2009-07-14 06:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2012-08-30 07:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll MOD - [2012-08-30 07:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012-08-30 07:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012-08-30 07:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012-08-30 07:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012-08-30 07:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012-08-30 07:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012-08-30 07:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012-08-23 04:53:38 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012-08-23 04:53:27 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012-08-23 04:53:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012-08-23 04:53:15 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012-08-23 04:53:15 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll MOD - [2012-08-23 04:53:12 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll MOD - [2012-08-23 04:53:11 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012-08-23 04:53:04 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012-08-23 04:52:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012-08-23 04:52:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012-08-23 04:52:52 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012-08-23 04:31:44 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe MOD - [2012-07-30 14:34:53 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll MOD - [2012-07-30 14:31:07 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll MOD - [2012-07-30 12:29:04 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPlugin.dll MOD - [2012-07-30 12:29:03 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\BlackShotPlugin.dll MOD - [2012-07-30 12:28:30 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTWPlugin.dll MOD - [2012-07-30 12:28:13 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginThe7TW.dll MOD - [2012-07-30 12:27:39 | 000,202,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll MOD - [2012-07-30 12:27:15 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll MOD - [2012-07-30 12:27:11 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonCISPlugin.dll MOD - [2012-07-30 12:27:05 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginWinTexasTW.dll MOD - [2012-07-30 12:26:33 | 000,277,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LDJPlugin.dll MOD - [2012-07-30 12:25:55 | 000,577,024 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginAux.dll MOD - [2012-07-30 12:25:52 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\MStarPlugin.dll MOD - [2012-07-30 12:25:47 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTHPlugin.dll MOD - [2012-07-30 12:25:20 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PerfectWorldPlugin.dll MOD - [2012-07-30 11:47:03 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll MOD - [2012-07-27 17:50:35 | 000,924,160 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll MOD - [2012-07-27 12:41:43 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll MOD - [2012-07-27 11:59:56 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll MOD - [2012-07-27 11:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll MOD - [2012-07-27 11:59:36 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll MOD - [2012-07-27 11:59:35 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll MOD - [2012-07-27 11:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll MOD - [2012-07-27 11:59:23 | 000,163,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll MOD - [2012-07-20 08:54:08 | 000,453,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll MOD - [2012-07-20 08:54:08 | 000,164,352 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll MOD - [2012-07-19 14:23:05 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPHPlugin.dll MOD - [2012-07-19 14:22:18 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonPlugin.dll MOD - [2012-07-12 10:41:54 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xIM.dll MOD - [2012-07-12 10:40:18 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll MOD - [2012-06-21 17:35:44 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll MOD - [2012-05-25 16:32:47 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll MOD - [2012-05-23 12:20:26 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll MOD - [2012-05-03 14:53:38 | 001,081,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll MOD - [2012-04-24 06:21:31 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll MOD - [2012-04-24 06:21:25 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll MOD - [2012-04-24 06:19:17 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012-04-13 08:12:19 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll MOD - [2012-04-13 08:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll MOD - [2012-03-08 13:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll MOD - [2012-02-22 13:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll MOD - [2012-02-22 13:52:16 | 002,609,664 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll MOD - [2012-02-22 13:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll MOD - [2012-02-22 13:52:16 | 000,418,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\exchndl.dll MOD - [2012-02-22 13:52:16 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll MOD - [2012-02-22 13:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll MOD - [2012-02-22 13:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll MOD - [2012-02-22 13:52:16 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll MOD - [2011-10-26 01:13:08 | 000,057,344 | ---- | M] () -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\hbm.dll MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2011-05-28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll MOD - [2009-06-11 02:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64) SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService) SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012-08-25 07:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-21 09:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-08-23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2011-03-11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU) DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT) DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv) DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2 IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2 IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={846D8560-0BD0-46BB-8E6F-43B087550BC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms} IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-01 01:27:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M] [2012-09-01 01:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Extensions [2012-09-03 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ya6s2ah8.default\extensions [2012-09-01 01:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-09-01 01:29:43 | 000,004,545 | ---- | M] () (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA6S2AH8.DEFAULT\EXTENSIONS\SUPPORT@EASY-HIDEIP.COM.XPI [2012-08-25 07:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-08-25 07:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-08-25 07:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\ CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-09-10 06:16:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKCU..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe () O4 - HKCU..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-09-10 06:50:08 | 000,000,000 | ---D | C] -- C:\Intel [2012-09-10 06:23:16 | 000,000,000 | ---D | C] -- C:\windows\temp [2012-09-10 06:16:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-09-10 05:58:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012-09-10 05:58:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012-09-10 05:58:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012-09-10 05:43:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-09-10 05:43:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012-09-10 05:39:46 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe [2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP [2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP [2012-09-05 01:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Platinum Hide IP [2012-09-05 01:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlatinumHideIP [2012-09-04 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\DROID [2012-09-02 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\CAPCOM [2012-09-02 17:07:49 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive [2012-09-02 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-09-02 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012-09-02 15:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-09-02 15:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012-09-01 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Mozilla [2012-09-01 01:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-09-01 01:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-08-31 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Adobe [2012-08-31 01:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012-08-23 04:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012-08-22 19:42:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe [2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe [2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine [2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com [2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE [2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific [2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup [2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en [2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr [2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es [2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu [2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca [2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive [2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live [2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW [2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion [2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec [2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox [2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector [2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 01:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job [2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job [2012-09-10 23:14:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job [2012-09-10 22:48:11 | 000,000,468 | ---- | M] () -- C:\Local Disk (D) - Shortcut.lnk [2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-10 08:50:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 07:01:17 | 000,783,728 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012-09-10 07:01:17 | 000,663,674 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012-09-10 07:01:17 | 000,122,252 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012-09-10 06:54:45 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012-09-10 06:54:44 | 000,015,438 | ---- | M] () -- C:\windows\SysNative\results.xml [2012-09-10 06:53:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012-09-10 06:53:53 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys [2012-09-10 06:16:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012-09-10 05:41:58 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe [2012-09-05 01:01:59 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk [2012-09-02 18:15:43 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk [2012-09-01 01:27:46 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-31 01:32:48 | 000,000,971 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-08-31 01:32:48 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-08-23 13:49:36 | 000,415,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012-08-23 04:31:42 | 000,777,944 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe [2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com [2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png [2012-08-22 12:14:16 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe [2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-09-10 22:48:11 | 000,000,468 | ---- | C] () -- C:\Local Disk (D) - Shortcut.lnk [2012-09-10 05:58:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012-09-10 05:58:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012-09-10 05:58:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012-09-10 05:58:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012-09-10 05:58:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012-09-05 01:01:59 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk [2012-09-02 18:15:43 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk [2012-09-01 01:27:46 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-09-01 01:27:44 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-08-31 01:32:48 | 000,000,971 | ---- | C] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-08-31 01:32:48 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe [2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png [2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml [2011-10-21 09:27:52 | 000,217,536 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011-10-21 09:22:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2011-10-21 09:03:02 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini [2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini [2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat [2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys [2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys [2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini [2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys [2011-05-05 05:25:40 | 000,777,944 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe [2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat [2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign ========== LOP Check ========== [2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock [2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity [2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner [2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG [2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite [2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona [2012-09-10 06:52:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache [2012-09-10 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus [2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy [2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC [2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM [2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3 [2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia [2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details [2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera [2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook [2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite [2012-09-05 01:02:23 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP [2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client [2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP [2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics [2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific [2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP [2012-09-11 02:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent [2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent [2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-10 06:42:42 | 000,032,612 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job [2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55 < End of report >
  5. TY Maurice Ok now I am sorry had to go away for a business trip so wasnt available, sorry for any inconvenience. An update on the current system performance: svc host still appears even after running combo fix, this process has to be shut down manually 2-3 times from task manager so that it stops consuming all the bandwith, this solution is only temporary until I restart the laptop and the problem appears again. graphic performance of my laptop has become significantly low. my system drice c: is having a bulk of huge files which I dont know about. It has taken up most of the space in the drive leaving just 9 GB free. there are many hidden files all over my pc, they seem to be the copies created in process you told me above. I have run combo fix and here is a post of my log: ComboFix 12-09-09.02 - Ahmed 10-Sep-12 6:01.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.2312 [GMT 5:00] Running from: c:\users\Ahmed\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\wmm_cur.log c:\windows\SysWow64\wmm_old.log . . ((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 ))))))))))))))))))))))))))))))) . . 2012-09-10 01:14 . 2012-09-10 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-04 20:02 . 2012-09-04 20:02 -------- d-----w- c:\users\Ahmed\AppData\Roaming\PlatinumHideIP 2012-09-04 20:02 . 2012-09-04 20:02 -------- d-----w- c:\programdata\PlatinumHideIP 2012-09-04 20:01 . 2012-09-04 20:01 -------- d-----w- c:\program files (x86)\PlatinumHideIP 2012-09-03 23:03 . 2012-09-03 23:03 0 ----a-w- c:\windows\SysWow64\shoACCB.tmp 2012-09-02 12:07 . 2012-09-02 12:07 -------- d-----w- c:\windows\SysWow64\xlive 2012-09-02 12:07 . 2012-09-02 12:07 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-09-02 10:56 . 2012-09-02 10:56 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-02 10:55 . 2012-09-02 10:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-02 10:55 . 2012-09-02 10:55 -------- d-----w- c:\program files (x86)\Java 2012-08-31 12:59 . 2012-08-31 12:59 -------- d-----w- c:\users\Ahmed\AppData\Local\Adobe 2012-08-30 20:32 . 2012-08-30 20:32 -------- d-----w- c:\program files (x86)\uTorrent 2012-08-23 17:44 . 2012-08-23 17:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-08-22 23:32 . 2012-07-06 20:06 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-08-22 23:32 . 2012-07-06 20:06 552448 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-22 23:22 . 2012-08-22 23:22 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2012-08-22 13:01 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll 2012-08-22 13:00 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2012-08-22 13:00 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2012-08-22 13:00 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe 2012-08-22 13:00 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe 2012-08-22 12:59 . 2011-06-16 05:31 199680 ----a-w- c:\windows\system32\xmllite.dll 2012-08-22 12:59 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-08-22 12:59 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-08-22 12:59 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2012-08-22 07:21 . 2012-08-22 07:21 -------- d-----w- c:\program files (x86)\ESET 2012-08-22 05:40 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-22 05:40 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-22 05:40 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe 2012-08-22 05:40 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-22 05:39 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-08-22 05:39 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-08-22 05:32 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-22 05:32 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-22 05:15 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-08-22 05:15 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-08-22 04:26 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-08-22 03:50 . 2012-08-22 04:03 -------- d-----w- c:\users\Ahmed\AppData\Local\NPE 2012-08-22 03:42 . 2012-08-22 03:42 -------- d-----w- c:\users\Ahmed\AppData\Roaming\Tific 2012-08-22 03:40 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-08-22 03:24 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-22 03:24 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll 2012-08-22 03:24 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-22 03:24 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-22 03:24 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll 2012-08-22 02:26 . 2012-08-22 02:26 -------- d-----w- c:\programdata\SUPERSetup 2012-08-22 01:54 . 2012-08-22 01:54 -------- d-----w- c:\windows\SysWow64\Wat 2012-08-22 01:54 . 2012-08-22 01:54 -------- d-----w- c:\windows\system32\Wat 2012-08-21 12:01 . 2012-08-21 12:01 -------- d-----w- c:\windows\en 2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\fr 2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\es 2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\eu 2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\ca 2012-08-21 10:25 . 2012-07-27 21:15 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-08-21 10:24 . 2012-08-21 10:24 -------- d-----w- c:\program files\Windows Live 2012-08-21 10:17 . 2012-08-21 10:17 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\DSETUP.dll 2012-08-21 10:17 . 2012-08-21 10:17 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\DXSETUP.exe 2012-08-21 10:17 . 2012-08-21 10:17 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\dsetup32.dll 2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive 2012-08-21 10:12 . 2012-08-21 10:12 5563840 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77b4cf701cd7f8505\skydrivesetup.exe 2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----r- c:\users\Ahmed\SkyDrive 2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-08-21 10:11 . 2012-08-21 10:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\DSETUP.dll 2012-08-21 10:11 . 2012-08-21 10:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\DXSETUP.exe 2012-08-21 10:11 . 2012-08-21 10:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\dsetup32.dll 2012-08-21 10:10 . 2012-08-21 10:10 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\DSETUP.dll 2012-08-21 10:10 . 2012-08-21 10:10 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\DXSETUP.exe 2012-08-21 10:10 . 2012-08-21 10:10 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\dsetup32.dll 2012-08-21 10:08 . 2012-08-21 10:08 -------- d-----w- c:\program files\Recuva 2012-08-21 10:02 . 2012-08-21 10:02 -------- d-----w- c:\users\Ahmed\AppData\Local\Windows Live 2012-08-20 04:44 . 2012-08-20 04:44 -------- d-----w- c:\users\Ahmed\AppData\Local\SKIDROW 2012-08-20 04:40 . 2006-03-31 07:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll 2012-08-20 04:19 . 2012-08-20 04:19 -------- d-----w- c:\program files (x86)\Rebellion 2012-08-19 19:52 . 2012-08-19 19:52 -------- d-----w- c:\programdata\Premium 2012-08-19 19:52 . 2012-08-22 08:27 -------- d-----w- c:\programdata\Codec 2012-08-19 19:52 . 2012-08-22 08:27 -------- d-----w- c:\programdata\GBox 2012-08-19 19:52 . 2012-08-22 00:15 -------- d-----w- c:\program files (x86)\SProtector 2012-08-19 02:29 . 2012-08-19 02:29 -------- d-----w- c:\program files (x86)\Microsoft WSE 2012-08-19 02:28 . 2006-09-28 11:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll 2012-08-19 02:28 . 2006-09-28 11:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-02 10:55 . 2012-05-19 13:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-02 10:55 . 2012-05-19 13:37 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-22 01:51 . 2012-07-30 04:34 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-30 05:09 . 2012-07-30 05:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-07-30 05:09 . 2012-07-30 05:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-07-30 05:09 . 2012-07-30 05:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-07-30 05:09 . 2012-07-30 05:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-07-30 05:09 . 2012-07-30 05:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-07-30 05:09 . 2012-07-30 05:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-07-30 05:09 . 2012-07-30 05:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-07-30 05:09 . 2012-07-30 05:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-07-30 05:09 . 2012-07-30 05:09 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-07-30 05:09 . 2012-07-30 05:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-07-30 05:09 . 2012-07-30 05:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-07-30 05:09 . 2012-07-30 05:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-07-30 05:09 . 2012-07-30 05:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-07-30 05:09 . 2012-07-30 05:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-07-30 05:09 . 2012-07-30 05:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-07-30 05:09 . 2012-07-30 05:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-07-30 05:09 . 2012-07-30 05:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-07-30 05:09 . 2012-07-30 05:09 222208 ----a-w- c:\windows\system32\msls31.dll 2012-07-30 05:09 . 2012-07-30 05:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-07-30 05:09 . 2012-07-30 05:09 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-07-30 05:09 . 2012-07-30 05:09 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-07-30 05:09 . 2012-07-30 05:09 82432 ----a-w- c:\windows\system32\icardie.dll 2012-07-30 05:09 . 2012-07-30 05:09 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-07-30 05:09 . 2012-07-30 05:09 697344 ----a-w- c:\windows\system32\msfeeds.dll 2012-07-30 05:09 . 2012-07-30 05:09 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-07-30 05:09 . 2012-07-30 05:09 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-07-30 05:09 . 2012-07-30 05:09 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-07-30 05:09 . 2012-07-30 05:09 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-07-30 05:09 . 2012-07-30 05:09 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-07-30 05:09 . 2012-07-30 05:09 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-07-30 05:09 . 2012-07-30 05:09 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-07-30 05:09 . 2012-07-30 05:09 448512 ----a-w- c:\windows\system32\html.iec 2012-07-30 05:09 . 2012-07-30 05:09 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-07-30 05:09 . 2012-07-30 05:09 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-07-30 05:09 . 2012-07-30 05:09 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-07-30 05:09 . 2012-07-30 05:09 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-30 05:09 . 2012-07-30 05:09 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-07-30 05:09 . 2012-07-30 05:09 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-07-30 05:09 . 2012-07-30 05:09 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-07-30 05:09 . 2012-07-30 05:09 197120 ----a-w- c:\windows\system32\msrating.dll 2012-07-30 05:09 . 2012-07-30 05:09 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-07-30 05:09 . 2012-07-30 05:09 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-07-30 05:09 . 2012-07-30 05:09 160256 ----a-w- c:\windows\system32\wextract.exe 2012-07-30 05:09 . 2012-07-30 05:09 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-07-30 05:09 . 2012-07-30 05:09 149504 ----a-w- c:\windows\system32\occache.dll 2012-07-30 05:09 . 2012-07-30 05:09 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-07-30 05:09 . 2012-07-30 05:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-07-30 05:09 . 2012-07-30 05:09 12288 ----a-w- c:\windows\system32\mshta.exe 2012-07-30 05:09 . 2012-07-30 05:09 114176 ----a-w- c:\windows\system32\admparse.dll 2012-07-30 05:09 . 2012-07-30 05:09 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-07-30 05:09 . 2012-07-30 05:09 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-07-30 05:09 . 2012-07-30 05:09 103936 ----a-w- c:\windows\system32\inseng.dll 2012-07-30 05:08 . 2012-07-30 05:08 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-07-30 05:08 . 2012-07-30 05:08 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-07-30 05:08 . 2012-07-30 05:08 144384 ----a-w- c:\windows\system32\cdd.dll 2012-07-27 22:09 . 2012-07-27 22:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-07-27 21:54 . 2012-07-27 21:54 321472 ----a-w- c:\windows\WLXPGSS.SCR 2012-07-26 14:08 . 2012-07-26 14:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll 2012-07-26 14:08 . 2012-07-26 14:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll 2012-07-26 14:08 . 2012-07-26 14:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll 2012-07-26 14:08 . 2012-07-26 14:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll 2012-07-26 14:08 . 2012-07-26 14:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll 2012-07-26 10:22 . 2012-07-26 10:22 828872 ----a-w- c:\windows\system32\msvcr110.dll 2012-07-26 10:22 . 2012-07-26 10:22 661448 ----a-w- c:\windows\system32\msvcp110.dll 2012-07-26 10:22 . 2012-07-26 10:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll 2012-07-26 10:22 . 2012-07-26 10:22 177096 ----a-w- c:\windows\system32\atl110.dll 2012-07-26 10:22 . 2012-07-26 10:22 124360 ----a-w- c:\windows\system32\vcomp110.dll 2012-07-17 10:14 . 2012-07-17 10:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL 2012-07-17 09:49 . 2012-07-17 09:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL 2012-07-17 09:37 . 2012-07-17 09:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-15 21:40 . 2012-07-30 04:28 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07645794-8372-40D5-900D-D23A24ABBCD1}\mpengine.dll 2012-07-06 21:48 . 2012-07-06 21:48 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-07-03 08:46 . 2011-10-06 23:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-25 11:04 . 2012-06-25 11:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-30 896912] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408] "DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2010-08-22 2931744] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-04 3417496] "QUBEE WCM"="c:\program files\QUBEE WCM\QUBEE WCM.exe" [2010-09-07 856064] "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-08-14 21975120] "Facebook Update"="c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "RockMelt Update"="c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-08-05 136336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160] "DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2012-07-14 512000] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-3-4 969216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336] R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2010-08-19 20904] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [2010-07-05 154112] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736] S0 MfeEpePc;MfeEpePc; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-06 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2010-08-19 1411616] S2 GPCommonService(64);GPCommonService(64);c:\program files\QUBEE WCM\GPCommonServicex64.exe [2010-05-31 110592] S2 GPCommonService;GPCommonService;c:\program files\QUBEE WCM\GPCommonService.exe [2010-05-27 90112] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [2010-04-26 18432] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200] S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512] S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job - c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 20:49] . 2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job - c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 20:49] . 2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job - c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:19] . 2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job - c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:19] . 2012-09-10 c:\windows\Tasks\HPCeeScheduleForAHMED-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job - c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-05 15:49] . 2012-09-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job - c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-05 15:49] . 2012-09-09 c:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-12-04 17:09] . 2012-09-09 c:\windows\Tasks\update-sys.job - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-12-04 17:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 418840] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072] "MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704] "combofix"="c:\combofix\CF17471.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://search.gboxapp.com/?affid=gb2 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://search.gboxapp.com/?affid=gb2 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=;ftp=;https=; IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ya6s2ah8.default\ FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289} - c:\program files (x86)\InstallShield Installation Information\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc] "ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4188994054-3629684506-4284009711-1002_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):4d,e2,90,81,71,95,56,37,ac,38,f7,44,67,f8,46,6b,a3,46,41,e8,52, 46,00,a4,3f,a7,04,76,71,52,06,d7,24,ad,b4,80,fc,d1,e4,08,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-4188994054-3629684506-4284009711-1002_Classes\Wow6432Node\CLSID\{ae5b8759-ff2f-4b31-aaa1-b7f0de7edb68}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000048 "Therad"=dword:00000019 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe c:\progra~2\DUMETE~1\DUMeter.exe c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe c:\program files\QUBEE WCM\wimax\WmMMgr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-09-10 06:23:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-10 01:23 . Pre-Run: 8,888,487,936 bytes free Post-Run: 12,776,730,624 bytes free . - - End Of File - - E60DEE7D2E2A9526BB148FF55F729599
  6. NOOOOO!!!!!!! I was wrong. The svchost process consuming bandwith appeared again :@ Im beginning to hate this thing now. Now that its there, I dont see fake windows update yet. So, shall I use combofix?
  7. and my desktop looks somewhat ugly lol. can u please tell me the procedure to remove all those tools? is it direct delete or some other way?
  8. ok so far so good. after restarting my laptop thrice (without running combo fix) I have got rid of the svchost files which were consuming bandwith without consent. It seems somewhat fine now. The only issue now left is slow booting speed, I have noticed that booting time has exceeded over a minute after the procedure. Is that supposed to be that way?
  9. Man I gotta admit that this is the most toughest mess I have come across and also admit that ur a pro at this because I have no idea what the above programs do lol. Nice job on the heads up there. Unfortunately due to time restrictions I will have to do above procedures tomorrow, then only Ill let u know how it went. Good job mate and help appreciated. Be in touch with you tomorrow.
  10. plus my automatic updates are off so there is no possible way that windows automatically starts updating itself.
  11. Because when a normal windows update icon appear and u left click it, it shows the updater and the files being downloaded, however here it does not. Also when i go inside control panel > windows update the updates are not being downloaded and install update button is appearing which means the windows update in taskbar is not a legit process.
  12. Oh wait I managed to run up the online ESET, will be posting results when completed.
  13. Still when system restarts, fake windows update is coming up and svchost bandwith consuming process still keeps on popping up.
  14. <p>Malwarebytes quick scan : No malicious items detected. Same as scan before this procedure.</p> <p> </p> <div>Malwarebytes Anti-Malware 1.62.0.1300</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.08.21.13</div> <div> </div> <div>Windows 7 x64 NTFS</div> <div>Internet Explorer 9.0.8112.16421</div> <div>Ahmed :: HEWLETT [administrator]</div> <div> </div> <div>22-Aug-12 10:01:55 PM</div> <div>mbam-log-2012-08-22 (22-01-55).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 199597</div> <div>Time elapsed: 2 minute(s), 49 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> <div> </div> <div>I am unable to download ESET online, it gets stucks while downloading.</div>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.