OTL logfile created on: 11-Sep-12 2:38:04 AM - Run 3 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy 3.94 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 41.46% Memory free 7.87 Gb Paging File | 5.02 Gb Available in Paging File | 63.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147.52 Gb Total Space | 9.98 Gb Free Space | 6.76% Space Free | Partition Type: NTFS Drive D: | 128.47 Gb Total Space | 16.83 Gb Free Space | 13.10% Space Free | Partition Type: NTFS Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32 Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-31 01:32:48 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe PRC - [2012-08-05 20:49:13 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe PRC - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-05-18 01:03:02 | 000,602,112 | ---- | M] (hbm) -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\Auto-Joiner.exe PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-08-14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2011-08-05 03:31:45 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe PRC - [2009-07-14 06:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2012-08-30 07:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll MOD - [2012-08-30 07:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012-08-30 07:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012-08-30 07:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012-08-30 07:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012-08-30 07:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012-08-30 07:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012-08-30 07:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012-08-23 04:53:38 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012-08-23 04:53:27 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012-08-23 04:53:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012-08-23 04:53:15 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012-08-23 04:53:15 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll MOD - [2012-08-23 04:53:12 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll MOD - [2012-08-23 04:53:11 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012-08-23 04:53:04 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012-08-23 04:52:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012-08-23 04:52:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012-08-23 04:52:52 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012-08-23 04:31:44 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe MOD - [2012-07-30 14:34:53 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll MOD - [2012-07-30 14:31:07 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll MOD - [2012-07-30 12:29:04 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPlugin.dll MOD - [2012-07-30 12:29:03 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\BlackShotPlugin.dll MOD - [2012-07-30 12:28:30 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTWPlugin.dll MOD - [2012-07-30 12:28:13 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginThe7TW.dll MOD - [2012-07-30 12:27:39 | 000,202,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll MOD - [2012-07-30 12:27:15 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll MOD - [2012-07-30 12:27:11 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonCISPlugin.dll MOD - [2012-07-30 12:27:05 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginWinTexasTW.dll MOD - [2012-07-30 12:26:33 | 000,277,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LDJPlugin.dll MOD - [2012-07-30 12:25:55 | 000,577,024 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginAux.dll MOD - [2012-07-30 12:25:52 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\MStarPlugin.dll MOD - [2012-07-30 12:25:47 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTHPlugin.dll MOD - [2012-07-30 12:25:20 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PerfectWorldPlugin.dll MOD - [2012-07-30 11:47:03 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll MOD - [2012-07-27 17:50:35 | 000,924,160 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll MOD - [2012-07-27 12:41:43 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll MOD - [2012-07-27 11:59:56 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll MOD - [2012-07-27 11:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll MOD - [2012-07-27 11:59:36 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll MOD - [2012-07-27 11:59:35 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll MOD - [2012-07-27 11:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll MOD - [2012-07-27 11:59:23 | 000,163,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll MOD - [2012-07-20 08:54:08 | 000,453,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll MOD - [2012-07-20 08:54:08 | 000,164,352 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll MOD - [2012-07-19 14:23:05 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPHPlugin.dll MOD - [2012-07-19 14:22:18 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonPlugin.dll MOD - [2012-07-12 10:41:54 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xIM.dll MOD - [2012-07-12 10:40:18 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll MOD - [2012-06-21 17:35:44 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll MOD - [2012-05-25 16:32:47 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll MOD - [2012-05-23 12:20:26 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll MOD - [2012-05-03 14:53:38 | 001,081,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll MOD - [2012-04-24 06:21:31 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll MOD - [2012-04-24 06:21:25 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll MOD - [2012-04-24 06:19:17 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012-04-13 08:12:19 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll MOD - [2012-04-13 08:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll MOD - [2012-03-08 13:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll MOD - [2012-02-22 13:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll MOD - [2012-02-22 13:52:16 | 002,609,664 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll MOD - [2012-02-22 13:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll MOD - [2012-02-22 13:52:16 | 000,418,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\exchndl.dll MOD - [2012-02-22 13:52:16 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll MOD - [2012-02-22 13:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll MOD - [2012-02-22 13:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll MOD - [2012-02-22 13:52:16 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll MOD - [2011-10-26 01:13:08 | 000,057,344 | ---- | M] () -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\hbm.dll MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2011-05-28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll MOD - [2009-06-11 02:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64) SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService) SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012-08-25 07:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-10-21 09:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-08-23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2011-03-11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU) DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT) DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv) DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2 IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2 IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={846D8560-0BD0-46BB-8E6F-43B087550BC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms} IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-01 01:27:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M] [2012-09-01 01:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Extensions [2012-09-03 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ya6s2ah8.default\extensions [2012-09-01 01:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-09-01 01:29:43 | 000,004,545 | ---- | M] () (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA6S2AH8.DEFAULT\EXTENSIONS\SUPPORT@EASY-HIDEIP.COM.XPI [2012-08-25 07:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-08-25 07:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-08-25 07:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\ CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-09-10 06:16:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKCU..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe () O4 - HKCU..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-09-10 06:50:08 | 000,000,000 | ---D | C] -- C:\Intel [2012-09-10 06:23:16 | 000,000,000 | ---D | C] -- C:\windows\temp [2012-09-10 06:16:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012-09-10 05:58:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012-09-10 05:58:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012-09-10 05:58:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012-09-10 05:43:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-09-10 05:43:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012-09-10 05:39:46 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe [2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP [2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP [2012-09-05 01:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Platinum Hide IP [2012-09-05 01:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlatinumHideIP [2012-09-04 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\DROID [2012-09-02 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\CAPCOM [2012-09-02 17:07:49 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive [2012-09-02 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-09-02 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012-09-02 15:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-09-02 15:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012-09-01 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Mozilla [2012-09-01 01:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-09-01 01:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-08-31 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Adobe [2012-08-31 01:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012-08-23 04:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012-08-22 19:42:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe [2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe [2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine [2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com [2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE [2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific [2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup [2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en [2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr [2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es [2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu [2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca [2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive [2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live [2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW [2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion [2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec [2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox [2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector [2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 01:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job [2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job [2012-09-10 23:14:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job [2012-09-10 22:48:11 | 000,000,468 | ---- | M] () -- C:\Local Disk (D) - Shortcut.lnk [2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-10 08:50:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-10 07:01:17 | 000,783,728 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012-09-10 07:01:17 | 000,663,674 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012-09-10 07:01:17 | 000,122,252 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012-09-10 06:54:45 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012-09-10 06:54:44 | 000,015,438 | ---- | M] () -- C:\windows\SysNative\results.xml [2012-09-10 06:53:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012-09-10 06:53:53 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys [2012-09-10 06:16:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012-09-10 05:41:58 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe [2012-09-05 01:01:59 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk [2012-09-02 18:15:43 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk [2012-09-01 01:27:46 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-08-31 01:32:48 | 000,000,971 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-08-31 01:32:48 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-08-23 13:49:36 | 000,415,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012-08-23 04:31:42 | 000,777,944 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe [2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com [2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png [2012-08-22 12:14:16 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe [2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-09-10 22:48:11 | 000,000,468 | ---- | C] () -- C:\Local Disk (D) - Shortcut.lnk [2012-09-10 05:58:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012-09-10 05:58:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012-09-10 05:58:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012-09-10 05:58:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012-09-10 05:58:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012-09-05 01:01:59 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk [2012-09-02 18:15:43 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk [2012-09-01 01:27:46 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-09-01 01:27:44 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-08-31 01:32:48 | 000,000,971 | ---- | C] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-08-31 01:32:48 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe [2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png [2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml [2011-10-21 09:27:52 | 000,217,536 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011-10-21 09:22:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2011-10-21 09:03:02 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini [2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini [2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat [2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys [2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys [2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini [2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys [2011-05-05 05:25:40 | 000,777,944 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe [2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat [2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign ========== LOP Check ========== [2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock [2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity [2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner [2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG [2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite [2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona [2012-09-10 06:52:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache [2012-09-10 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus [2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy [2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC [2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM [2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3 [2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia [2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details [2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera [2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook [2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite [2012-09-05 01:02:23 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP [2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client [2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP [2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics [2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific [2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP [2012-09-11 02:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent [2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent [2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job [2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job [2012-09-10 06:42:42 | 000,032,612 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job [2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55 < End of report >