infectedbytrojjan

Need help with trojan dropper and false windows updates

39 posts in this topic

I am a regular user of MBAM. So far so good, MBAM has always helped me keep my machines up and running and has always been my top recommendation for spywares and malwares. However this time it is totally different. Here is the issue:

I have around 15 svchost processes simultaneously running.(some of them shown in screenshot attached).

My laptop is awfully slow. and

There is a fake windows update icon continuously appearing in my taskbar(attached in the screenshot) and I can't right click or left click it, it is happening despite keeping my automatic windows update off. Every time I start my laptop and connect it to the internet, some bandwith is continuosly being taken by an unknown application, when i type netstat -o in command prompt, it says the svchost process is taking up the bandwith and I have to manually close the process down which after some time starts again automatically utilizing bandwith.

I completely scanned the system and at first scan MBAM found some trojan dropper viruses which it removed and asked me for a restart which I did. But even after restart the things did'nt change. It is the same as before with only difference that MBAM is not detecting anything wrong in subsequent scans but the problem still persists. I tried many things through the internet but the problem seems impossible to fix. It is now that I have decided to take the problem to the experts here in malwarebytes. Please help me get rid of this issue. Please guide me how to clean this mess that virus has caused me.

post-116974-0-64090100-1345632889.png

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

I am sorry I didnt read the pinned post for deleting torrent clients. I have now removed utorrent from the pc.

Share this post


Link to post
Share on other sites

hi :weclome:

those processes are legit.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

RGKRScan.png

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

RGKRDelete.png

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN[/b[

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    OTL_Main_Tutorial.gif
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Share this post


Link to post
Share on other sites

post the logs do not attach them unless instructed to do so

I will post the OTL log myself to make it easier for reading

OTL logfile created on: 22-Aug-12 5:23:38 PM - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.94 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 36.94% Memory free

7.87 Gb Paging File | 4.67 Gb Available in Paging File | 59.30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 147.52 Gb Total Space | 4.24 Gb Free Space | 2.88% Space Free | Partition Type: NTFS

Drive D: | 128.47 Gb Total Space | 42.02 Gb Free Space | 32.71% Space Free | Partition Type: NTFS

Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS

Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011-08-14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe

PRC - [2011-08-05 03:31:45 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011-02-12 08:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe

PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe

PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe

PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe

PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe

PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

MOD - [2012-08-18 03:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012-08-18 03:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

MOD - [2012-08-18 03:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012-08-18 03:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll

MOD - [2012-08-18 03:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll

MOD - [2012-08-18 03:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012-08-18 03:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012-08-18 03:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

MOD - [2012-07-30 14:42:25 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll

MOD - [2012-07-30 14:42:25 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll

MOD - [2012-07-30 14:42:25 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll

MOD - [2012-07-30 14:40:11 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll

MOD - [2012-07-30 14:40:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012-07-30 14:40:03 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll

MOD - [2012-07-30 14:39:41 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012-07-30 14:39:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012-07-30 14:39:22 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012-07-30 14:39:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012-07-30 14:39:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012-07-30 14:39:12 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012-07-30 14:39:07 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll

MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll

MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll

MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll

MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll

MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll

MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll

MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll

MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll

MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll

MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll

MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll

MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll

MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll

MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll

MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll

MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll

MOD - [2009-06-11 02:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-08-12 04:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)

SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)

SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)

SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64)

SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService)

SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)

SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)

SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)

SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR300.SYS -- (SMR300)

DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-10-05 07:33:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011-07-22 21:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011-07-13 02:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2011-04-21 06:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)

DRV:64bit: - [2011-03-31 08:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011-03-31 08:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2011-03-26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011-03-15 07:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)

DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)

DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011-01-27 11:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011-01-27 10:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)

DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)

DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010-10-15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)

DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010-05-12 13:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010-05-12 13:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)

DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)

DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012-08-22 10:39:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\ex64.sys -- (NAVEX15)

DRV - [2012-08-22 10:39:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-08-22 10:39:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)

DRV - [2012-08-22 10:39:42 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\eng64.sys -- (NAVENG)

DRV - [2012-08-21 15:34:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120821.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012-08-03 01:44:00 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)

DRV - [2010-08-13 14:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={846D8560-0BD0-46BB-8E6F-43B087550BC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-05 06:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-05-05 06:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-05-05 06:05:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-10-14 06:32:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012-08-22 08:53:04 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\

CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 02:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe ()

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell - "" = AutoRun

O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell\AutoRun\command - "" = J:\QUBEEWCM.exe

O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell - "" = AutoRun

O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell\AutoRun\command - "" = H:\QUBEEWCM.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\QUBEEWCM.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine

[2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-08-22 08:50:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS

[2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE

[2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2012-08-22 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\SUPERAntiSpyware.com

[2012-08-22 07:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat

[2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en

[2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr

[2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es

[2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu

[2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca

[2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive

[2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive

[2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

[2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live

[2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW

[2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion

[2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec

[2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox

[2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector

[2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2012-08-10 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Photos

[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Documents

[2012-08-10 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Outlook

[2012-08-10 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-08-10 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Htc

[2012-08-10 20:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC

[2012-08-10 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Downloaded Installations

[2012-08-10 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2012-08-10 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2012-08-10 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2012-08-10 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012-08-10 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012-08-08 04:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files

[2012-08-07 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2012-08-07 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

[2012-08-06 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2012-08-05 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt

[2012-08-05 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\RockMelt

[2012-08-03 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\ban poster

[2012-08-02 00:56:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AutoGG

[2012-07-30 07:48:40 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock

[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 16:54:03 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 16:54:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 16:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job

[2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 15:28:39 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-08-22 15:28:35 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-22 08:53:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012-08-22 08:52:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012-08-22 08:52:36 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS

[2012-08-22 08:50:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[2012-08-22 04:35:05 | 000,783,664 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012-08-22 04:35:05 | 000,663,620 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012-08-22 04:35:05 | 000,122,198 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-11 12:34:24 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf

[2012-08-11 11:29:34 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf

[2012-08-10 21:53:36 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012-08-05 21:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini

[2012-08-05 20:59:12 | 000,002,227 | ---- | M] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk

[2012-08-01 00:19:22 | 002,135,590 | ---- | M] () -- C:\Users\Ahmed\Desktop\Untitled.png

[2012-07-30 17:14:16 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job

[2012-07-30 14:34:09 | 000,001,441 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012-07-30 14:32:27 | 000,417,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012-07-30 10:09:10 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2012-07-30 10:09:09 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2012-07-30 09:34:10 | 000,777,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-22 08:37:37 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-08-22 07:26:44 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 07:26:42 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 07:26:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

[2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-08-11 18:32:38 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf

[2012-08-11 18:27:03 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf

[2012-08-10 21:53:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012-08-05 21:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini

[2012-08-05 20:59:12 | 000,002,227 | ---- | C] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk

[2012-08-05 20:49:16 | 000,000,928 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-05 20:49:16 | 000,000,876 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-01 00:19:22 | 002,135,590 | ---- | C] () -- C:\Users\Ahmed\Desktop\Untitled.png

[2012-07-30 10:09:10 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2012-07-30 10:09:09 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini

[2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini

[2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat

[2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys

[2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe

[2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys

[2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

[2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys

[2011-05-05 05:25:40 | 000,777,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011-03-26 09:16:10 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

[2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign

[2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll

[2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign

[2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe

[2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

[2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat

[2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll

[2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock

[2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity

[2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner

[2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG

[2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite

[2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona

[2012-08-22 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache

[2012-08-22 06:59:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus

[2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy

[2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC

[2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM

[2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3

[2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia

[2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details

[2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera

[2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook

[2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite

[2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client

[2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP

[2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics

[2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP

[2012-08-22 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent

[2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent

[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 16:54:03 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 16:54:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 08:31:55 | 000,032,224 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2009-07-14 06:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009-07-14 06:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >

[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\windows\SysNative\qmgr.dll

[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >

[2009-06-11 02:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >

[2012-04-04 10:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2011-06-06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >

[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe

[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui

[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >

[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >

[2012-07-25 04:52:54 | 000,001,126 | ---- | M] () MD5=584403EF84B9DEB4CC27A4F9BBDF633A -- C:\Users\Ahmed\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\22FMXTFN\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >

[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof

[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc

[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc

[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >

[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml

[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >

[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe

[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe

[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009-07-14 06:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000

"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

"Description" = @%SystemRoot%\system32\qmgr.dll,-1001

"ObjectName" = LocalSystem

"ErrorControl" = 1

"Start" = 2

"DelayedAutoStart" = 1

"Type" = 32

"DependOnService" = RpcSsEventSystem [binary data]

"ServiceSidType" = 1

"RequiredPrivileges" = [binary data over 100 bytes]

"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]

"ServiceDll" = %SystemRoot%\System32\qmgr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]

"Library" = bitsperf.dll -- [2009-07-14 06:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)

"Open" = PerfMon_Open

"Collect" = PerfMon_Collect

"Close" = PerfMon_Close

"InstallType" = 1

"PerfIniFile" = bitsctrs.ini

"First Counter" = 2156

"Last Counter" = 2172

"First Help" = 2157

"Last Help" = 2173

"Object List" = 2156

"PerfMMFileName" = Global\MMF_BITS_s

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]

"Security" = [binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

Share this post


Link to post
Share on other sites

hi

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application
    TDSSFront.JPG
  • Then click on Change parameters.
    TDSSConfig.JPG
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    TDSSFound.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports
    TDSSEnd.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    OTL_Main_Tutorial.gif
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

THEN

please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes.

Share this post


Link to post
Share on other sites

Im sorry, I tried posting them in one shot but it said post is too long. I will post them from now on . Please guide me how to proceed with the issue

Share this post


Link to post
Share on other sites

I posted my instructions :)

Share this post


Link to post
Share on other sites

TDSkiller says no threats found

OTL.TXT:

OTL logfile created on: 22-Aug-12 7:46:41 PM - Run 2

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 32.04% Memory free

7.87 Gb Paging File | 4.70 Gb Available in Paging File | 59.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 147.52 Gb Total Space | 3.74 Gb Free Space | 2.54% Space Free | Partition Type: NTFS

Drive D: | 128.47 Gb Total Space | 42.02 Gb Free Space | 32.71% Space Free | Partition Type: NTFS

Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS

Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011-02-12 08:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe

PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe

PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe

PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe

PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe

PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

MOD - [2012-08-18 03:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012-08-18 03:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

MOD - [2012-08-18 03:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012-08-18 03:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll

MOD - [2012-08-18 03:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll

MOD - [2012-08-18 03:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012-08-18 03:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012-08-18 03:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

MOD - [2012-07-30 14:42:25 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll

MOD - [2012-07-30 14:42:25 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll

MOD - [2012-07-30 14:42:25 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll

MOD - [2012-07-30 14:40:11 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll

MOD - [2012-07-30 14:40:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012-07-30 14:39:41 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012-07-30 14:39:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012-07-30 14:39:22 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012-07-30 14:39:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012-07-30 14:39:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012-07-30 14:39:12 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012-07-30 14:39:07 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2012-07-30 14:31:07 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll

MOD - [2012-02-22 13:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll

MOD - [2012-02-22 13:52:16 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll

MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll

MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll

MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll

MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll

MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll

MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll

MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll

MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll

MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll

MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll

MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll

MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll

MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll

MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll

MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll

MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-08-12 04:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)

SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)

SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)

SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64)

SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService)

SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011-04-17 05:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)

SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)

SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)

SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR300.SYS -- (SMR300)

DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-10-05 07:33:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011-07-22 21:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011-07-13 02:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2011-04-21 06:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)

DRV:64bit: - [2011-03-31 08:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011-03-31 08:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2011-03-26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011-03-15 07:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)

DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)

DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011-01-27 11:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011-01-27 10:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)

DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)

DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010-10-15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)

DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010-05-12 13:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010-05-12 13:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)

DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)

DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012-08-22 10:39:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\ex64.sys -- (NAVEX15)

DRV - [2012-08-22 10:39:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-08-22 10:39:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)

DRV - [2012-08-22 10:39:42 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120821.002\eng64.sys -- (NAVENG)

DRV - [2012-08-21 15:34:10 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120821.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012-08-03 01:44:00 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)

DRV - [2010-08-13 14:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={846D8560-0BD0-46BB-8E6F-43B087550BC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-05 06:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-05-05 06:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-05-05 06:05:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-10-14 06:32:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012-08-22 08:53:04 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\

CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 02:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe ()

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-4188994054-3629684506-4284009711-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.178.128.100 203.130.2.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell - "" = AutoRun

O33 - MountPoints2\{a35a29f2-ee7e-11e0-a9da-101f74e2c794}\Shell\AutoRun\command - "" = J:\QUBEEWCM.exe

O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell - "" = AutoRun

O33 - MountPoints2\{b3303a8f-ee93-11e0-a105-101f74e2c794}\Shell\AutoRun\command - "" = H:\QUBEEWCM.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\QUBEEWCM.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 19:42:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe

[2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine

[2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-08-22 08:50:39 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS

[2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE

[2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2012-08-22 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\SUPERAntiSpyware.com

[2012-08-22 07:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012-08-22 07:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat

[2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en

[2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr

[2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es

[2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu

[2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca

[2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive

[2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive

[2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

[2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live

[2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW

[2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion

[2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec

[2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox

[2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector

[2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2012-08-10 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Photos

[2012-08-10 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\My Documents

[2012-08-10 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Outlook

[2012-08-10 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-08-10 20:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Htc

[2012-08-10 20:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\HTC

[2012-08-10 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Downloaded Installations

[2012-08-10 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2012-08-10 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2012-08-10 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2012-08-10 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012-08-10 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012-08-08 04:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files

[2012-08-07 20:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2012-08-07 20:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

[2012-08-06 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2012-08-05 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt

[2012-08-05 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\RockMelt

[2012-08-03 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\ban poster

[2012-08-02 00:56:31 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AutoGG

[2012-07-30 07:48:40 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock

[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012-07-25 07:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 19:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 19:41:55 | 000,000,202 | ---- | M] () -- C:\windows\SysWow64\0_default.pf

[2012-08-22 18:45:28 | 000,783,664 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012-08-22 18:45:28 | 000,663,620 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012-08-22 18:45:28 | 000,122,198 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job

[2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 15:28:39 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-08-22 15:28:35 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 12:14:16 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe

[2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-22 09:03:37 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-22 08:53:21 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012-08-22 08:52:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012-08-22 08:52:36 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-22 08:50:39 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SMR300.SYS

[2012-08-22 08:50:02 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-11 12:34:24 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf

[2012-08-11 11:29:34 | 000,033,018 | ---- | M] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf

[2012-08-10 21:53:36 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012-08-05 21:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini

[2012-08-05 20:59:12 | 000,002,227 | ---- | M] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk

[2012-08-01 00:19:22 | 002,135,590 | ---- | M] () -- C:\Users\Ahmed\Desktop\Untitled.png

[2012-07-30 17:14:16 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job

[2012-07-30 14:34:09 | 000,001,441 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012-07-30 14:32:27 | 000,417,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012-07-30 10:09:10 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2012-07-30 10:09:09 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2012-07-30 09:34:10 | 000,777,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012-08-22 19:41:55 | 000,000,202 | ---- | C] () -- C:\windows\SysWow64\0_default.pf

[2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-22 08:37:37 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-08-22 07:26:44 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 07:26:42 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 07:26:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

[2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-08-11 18:32:38 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00002.vcf

[2012-08-11 18:27:03 | 000,033,018 | ---- | C] () -- C:\Users\Ahmed\Desktop\pcsc_pcsc_00001.vcf

[2012-08-10 21:53:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk

[2012-08-05 21:39:00 | 000,000,540 | ---- | C] () -- C:\settings.ini

[2012-08-05 20:59:12 | 000,002,227 | ---- | C] () -- C:\Users\Ahmed\Desktop\RockMelt.lnk

[2012-08-05 20:49:16 | 000,000,928 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-05 20:49:16 | 000,000,876 | ---- | C] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-01 00:19:22 | 002,135,590 | ---- | C] () -- C:\Users\Ahmed\Desktop\Untitled.png

[2012-07-30 10:09:10 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2012-07-30 10:09:09 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini

[2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini

[2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat

[2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys

[2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe

[2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys

[2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

[2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys

[2011-05-05 05:25:40 | 000,777,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011-03-26 09:16:10 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

[2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign

[2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll

[2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign

[2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe

[2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

[2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat

[2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll

[2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock

[2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity

[2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner

[2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG

[2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite

[2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona

[2012-08-22 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache

[2012-08-22 18:54:56 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus

[2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy

[2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC

[2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM

[2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3

[2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia

[2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details

[2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera

[2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook

[2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite

[2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client

[2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP

[2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics

[2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP

[2012-08-22 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent

[2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent

[2012-08-22 01:54:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-21 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-08-22 19:54:04 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-08-22 18:41:06 | 000,032,724 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[2012-08-22 07:49:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 431d22e0-7cbe-4789-a234-f4a29a3cce93.job

[2012-08-22 15:26:25 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9abaf239-ea23-4421-87f2-7743ddc4262a.job

[2012-08-22 16:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-08-22 16:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011-02-26 11:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011-02-26 10:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009-07-14 06:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011-02-26 10:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011-02-26 10:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011-02-25 11:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011-02-26 11:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011-02-25 10:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010-10-29 10:11:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010-10-29 10:07:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009-07-14 06:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010-10-29 10:11:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011-02-26 11:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010-10-29 10:07:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >

[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\windows\SysNative\qmgr.dll

[2009-07-14 06:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >

[2009-06-11 02:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >

[2012-04-04 10:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2011-06-06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >

[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe

[2009-07-14 06:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui

[2009-07-14 07:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >

[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009-07-14 09:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >

[2012-07-25 04:52:54 | 000,001,126 | ---- | M] () MD5=584403EF84B9DEB4CC27A4F9BBDF633A -- C:\Users\Ahmed\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\22FMXTFN\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >

[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof

[2009-06-11 01:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc

[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc

[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009-07-14 07:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009-06-11 01:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009-07-14 07:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009-06-11 02:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >

[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml

[2009-07-14 01:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >

[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe

[2009-07-14 06:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009-07-14 06:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe

[2009-07-14 06:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009-07-14 06:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe

[2010-10-29 10:11:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000

"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009-07-14 06:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

"Description" = @%SystemRoot%\system32\qmgr.dll,-1001

"ObjectName" = LocalSystem

"ErrorControl" = 1

"Start" = 2

"DelayedAutoStart" = 1

"Type" = 32

"DependOnService" = RpcSsEventSystem [binary data]

"ServiceSidType" = 1

"RequiredPrivileges" = [binary data over 100 bytes]

"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]

"ServiceDll" = %SystemRoot%\System32\qmgr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]

"Library" = bitsperf.dll -- [2009-07-14 06:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)

"Open" = PerfMon_Open

"Collect" = PerfMon_Collect

"Close" = PerfMon_Close

"InstallType" = 1

"PerfIniFile" = bitsctrs.ini

"First Counter" = 2156

"Last Counter" = 2172

"First Help" = 2157

"Last Help" = 2173

"Object List" = 2156

"PerfMMFileName" = Global\MMF_BITS_s

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]

"Security" = [binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

Share this post


Link to post
Share on other sites

ListParts by Farbar Version: 10-08-2012

Ran by Ahmed (administrator) on 22-08-2012 at 19:59:13

Windows 7 (X64)

Running From: C:\Users\Ahmed\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 68%

Total physical RAM: 4030.37 MB

Available physical RAM: 1252.46 MB

Total Pagefile: 8058.88 MB

Available Pagefile: 4759.59 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:147.52 GB) (Free:3.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (Local Disk) (Fixed) (Total:128.47 GB) (Free:42.02 GB) NTFS

3 Drive e: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 8 MB *

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Dynamic Data 992 KB 31 KB

Partition 2 Dynamic Data 300 MB 1024 KB

Partition 3 Dynamic Data 147 GB 301 MB

Partition 4 Dynamic Data 150 GB 147 GB

======================================================================================================

Disk: 0

Partition 1

Type : 42

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 42

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 SYSTEM NTFS Simple 300 MB Healthy System

======================================================================================================

Disk: 0

Partition 3

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Simple 147 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 4

Type : 42

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 D Local Disk NTFS Simple 128 GB Healthy

======================================================================================================

****** End Of Log ******

Share this post


Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

ESET Online Scanner

  1. Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      Things i would like to see in your reply:
      • Malwarebytes Results.
      • Eset scanner report.
      • Update on how your computer is running

Share this post


Link to post
Share on other sites

<p>Malwarebytes quick scan : No malicious items detected. Same as scan before this procedure.</p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.62.0.1300</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.08.21.13</div>

<div> </div>

<div>Windows 7 x64 NTFS</div>

<div>Internet Explorer 9.0.8112.16421</div>

<div>Ahmed :: HEWLETT [administrator]</div>

<div> </div>

<div>22-Aug-12 10:01:55 PM</div>

<div>mbam-log-2012-08-22 (22-01-55).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 199597</div>

<div>Time elapsed: 2 minute(s), 49 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

<div> </div>

<div>I am unable to download ESET online, it gets stucks while downloading.</div>

Share this post


Link to post
Share on other sites

Still when system restarts, fake windows update is coming up and svchost bandwith consuming process still keeps on popping up.

Share this post


Link to post
Share on other sites

Because when a normal windows update icon appear and u left click it, it shows the updater and the files being downloaded, however here it does not. Also when i go inside control panel > windows update the updates are not being downloaded and install update button is appearing which means the windows update in taskbar is not a legit process.

Share this post


Link to post
Share on other sites

plus my automatic updates are off so there is no possible way that windows automatically starts updating itself.

Share this post


Link to post
Share on other sites

hi

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1

Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    NSIS_disclaimer_ENG.png
    NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Share this post


Link to post
Share on other sites

Man I gotta admit that this is the most toughest mess I have come across and also admit that ur a pro at this because I have no idea what the above programs do lol. Nice job on the heads up there. Unfortunately due to time restrictions I will have to do above procedures tomorrow, then only Ill let u know how it went. Good job mate and help appreciated. Be in touch with you tomorrow.

Share this post


Link to post
Share on other sites

Ok thanks for letting me know ;)

Share this post


Link to post
Share on other sites

ok so far so good. after restarting my laptop thrice (without running combo fix) I have got rid of the svchost files which were consuming bandwith without consent. It seems somewhat fine now. The only issue now left is slow booting speed, I have noticed that booting time has exceeded over a minute after the procedure. Is that supposed to be that way?

Share this post


Link to post
Share on other sites

and my desktop looks somewhat ugly lol. can u please tell me the procedure to remove all those tools? is it direct delete or some other way?

Share this post


Link to post
Share on other sites

NOOOOO!!!!!!! :( I was wrong. The svchost process consuming bandwith appeared again :@ Im beginning to hate this thing now. Now that its there, I dont see fake windows update yet. So, shall I use combofix?

Share this post


Link to post
Share on other sites

Yes follow combofix instructions

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.