blacksmoke

Hello again , well , recently my quickheal is acting weird. The quickheal application window is not opening , and instead a message popping up saying my quickheal product key is being used by multiple PCs , when the fact is , i only have one PC in my house. Now i already un-installed malwarebyes to get rid of any conflict problem between the two apps, then restarted my pc . After that when im again trying to open quickheal , its displaying the same message that my key is being used on multiple PCs . I think its a virus issue (stole my product key) . I mean after un-installing mbam this kinda problem shouldn't arise. Right ? Pls help me out.

Thanks for replying Gringo, well if its a false positive , then i can surely breathe a sigh of releif . But are you sure this is happening only with the users that runs Quickheal and Mbam together ? or is it happening with other users too who don't run quickheal but some other Antivirus along with mbam ? The reason im worried, because i have heard a lot about this virus , like they can bypass detection from popular antiviruses . Could it be this reason that its not getting detected by mbam all the time? and also heard that there are like 2 files (skype.dat and skype.ini) that hides in the registry or hidden sector of the HDD and slowly takes over the system. Do you think , some viruses can surive a full system format ? Thanks

Hello , im using malwarebytes (trial edition) and along with that im using QuickHeal antivirus . Now the thing is , my Laptop has been infected with the virus "skype.dat" and i came to know about this when i scanned my system with malwarebytes , as my quickheal antivirus totally failed to detect anything. Now i came to know over the internet , that no major antiviruses are able to detect this virus , which means this "skype.dat" virus has the ability to bypass detection . and i also came to know that it hides itself in the registry and slowly changes the system files and later when connected to the internet it downloads more malwares. Anyway, after malwarebytes detected it , it said that upon rebooting it will be removed , but after rebooting it came back again . Unlike many FBI moneypak viruses , my system has not been locked down by this virus yet. I mean , till now my system is running ok , but one weird thing did happen . Whenever im trying to run my quickheal antivirus , a message popping up instead saying that my quickheal product key is being used by multiple computers (Note : i have only one system in my house) ... and also the quickheal software window won't open. Let me mention here , that i have been running quickheal and malwarebytes together in a single laptop since 2011 and i have never experienced anything like this , until now. Anyway after going through all this i decided to call in the technician guys and they formatted my system (deleted all partitions) and did a clean install of win7 .... and now again while scanning with Mbam (trial), its showing that the same virus is still there in my system , in the location (c/users/appdata/roaming/skype.dat) That means it survived the format. Im at a loss of ideas about what should i do now . Is there any other way to remove it ? One thing i noticed today and that is - When im running only malwarebytes (by un-installing quickheal) and scanning my system with malwarebytes , it is detecting no such "skype.dat" virus. When im running only quickheal (by un-installing malwarebytes) and scanning my system with quickheal its not detecting any viruses. But when im running both Quickheal and Malwarebytes , and scanning with both the software , only malwarebytes is detecting the "skype.dat" virus . But cannot delete it. ===== Im posting the dds logs here - . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 03-08-2013 12:53:03 System Uptime: 21-08-2013 13:00:52 (0 hours ago) . Motherboard: Hewlett-Packard | | 1670 Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU1 | 2200/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 63 GiB total, 12.489 GiB free. D: is FIXED (NTFS) - 195 GiB total, 135.22 GiB free. E: is FIXED (NTFS) - 207 GiB total, 206.877 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: BCM20702A0 Device ID: USB\VID_0A5C&PID_21E3\60D819DC45CF Manufacturer: Name: BCM20702A0 PNP Device ID: USB\VID_0A5C&PID_21E3\60D819DC45CF Service: . Class GUID: Description: PCI Device Device ID: PCI\VEN_10EC&DEV_5209&SUBSYS_1670103C&REV_01\4&208DFA15&0&00E2 Manufacturer: Name: PCI Device PNP Device ID: PCI\VEN_10EC&DEV_5209&SUBSYS_1670103C&REV_01\4&208DFA15&0&00E2 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: mscank Device ID: ROOT\LEGACY_MSCANK\0000 Manufacturer: Name: mscank PNP Device ID: ROOT\LEGACY_MSCANK\0000 Service: mscank . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader 9.4.0 AMD APP SDK Runtime AMD Catalyst Install Manager Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Mobile ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner HP Power Manager IDT Audio Intel® Display Audio Driver Java 7 Update 21 (64-bit) K-Lite Codec Pack 9.8.0 (Full) LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 23.0 (x86 en-US) Mozilla Maintenance Service neroxml Opera 12.16 PDF Settings CS5 PX Profile Update Quick Heal Internet Security WinRAR 4.01 (32-bit) YACReader 6.5.3 . ==== Event Viewer Messages From Past Week ======== . 20-08-2013 19:14:34, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 18-08-2013 23:53:51, Error: Service Control Manager [7000] - The HP Quick Synchronization Service service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 Run by admin at 13:20:55 on 2013-08-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.4044.2448 [GMT 5.5:30] . AV: Quick Heal Internet Security 2013 *Disabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F} SP: Quick Heal Internet Security 2013 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Quick Heal\Quick Heal Internet Security\ScSecSvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Quick Heal\Quick Heal Internet Security\opssvc.exe C:\Windows\system32\Dwm.exe C:\Program Files\Quick Heal\Quick Heal Internet Security\quhlpsvc.exe C:\Windows\Explorer.EXE C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Quick Heal\Quick Heal Internet Security\onlinent.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: Interfaces\{DDED455B-9CE6-4C63-B0ED-DA38FEE656BA} : NameServer = 208.67.222.222,8.8.8.8 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll AppInit_DLLs= scdetour.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ScSecAuth mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Quick Heal Core UI] "C:\Program Files\Quick Heal\Quick Heal Internet Security\strtupap.exe" x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0j1seqy.default\ FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_146.dll FF - ExtSQL: 2013-08-05 11:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0j1seqy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . ============= SERVICES / DRIVERS =============== . R1 ggc;ggc;C:\Windows\System32\drivers\ggc.sys [2013-8-20 64160] R1 wsnf;Network Filter Driver;C:\Windows\System32\drivers\wsnf.sys [2013-8-20 45176] R1 wstif;wstif;C:\Windows\System32\drivers\wstif.sys [2013-8-20 114848] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-17 204288] R2 catflt;catflt;C:\Windows\System32\drivers\catflt.sys [2012-9-7 49824] R2 Core Mail Protection;Core Mail Protection;C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE [2012-7-27 38896] R2 Core Scanning Server;Core Scanning Server;C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE [2012-7-27 254960] R2 EMLSS;EMLSS;C:\Windows\System32\drivers\EMLTDI.SYS [2013-8-20 18592] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-3 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-3 701512] R2 Online Protection System;Online Protection System;C:\Program Files\Quick Heal\Quick Heal Internet Security\OPSSVC.EXE [2012-7-27 31728] R2 Quick Update Service;Quick Update Service;C:\Program Files\Quick Heal\Quick Heal Internet Security\QUHLPSVC.EXE [2012-7-27 110064] R2 ScSecSvc;Core Browsing Protection;C:\Program Files\Quick Heal\Quick Heal Internet Security\ScSecSvc.exe [2013-8-20 405472] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-3 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-3 726160] S0 mscank;mscank;C:\Windows\System32\drivers\mscank64.sys [2013-8-20 40096] S2 Core Scanning ServerEx;Core Scanning ServerEx;C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE [2012-7-27 254960] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 llio;llio;C:\Windows\System32\drivers\llio64.sys [2013-8-20 66136] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248] . =============== Created Last 30 ================ . 2013-08-21 07:31:12 -------- d--h--w- C:\Users\admin\ScStore 2013-08-20 13:47:14 66136 ----a-w- C:\Windows\System32\drivers\llio64.sys 2013-08-20 12:04:47 40096 ----a-w- C:\Windows\System32\drivers\mscank64.sys 2013-08-20 12:04:42 18592 ----a-w- C:\Windows\System32\drivers\EMLTDI.SYS 2013-08-20 12:04:31 45176 ----a-w- C:\Windows\System32\drivers\wsnf.sys 2013-08-20 12:04:31 114848 ----a-w- C:\Windows\System32\drivers\wstif.sys 2013-08-20 12:04:29 4096 ----a-w- C:\Windows\SysWow64\Detoured.dll 2013-08-20 12:04:29 4096 ----a-w- C:\Windows\System32\Detoured.dll 2013-08-20 12:04:29 339424 ----a-w- C:\Windows\System32\ScDetour.Dll 2013-08-20 12:04:29 283104 ----a-w- C:\Windows\SysWow64\ScDetour.Dll 2013-08-20 12:04:29 152544 ----a-w- C:\Windows\System32\ScSecAuth.Dll 2013-08-20 12:04:29 137184 ----a-w- C:\Windows\System32\ScSandboxApi.dll 2013-08-20 12:04:29 119776 ----a-w- C:\Windows\SysWow64\ScSandboxApi.dll 2013-08-20 12:03:47 -------- d-----w- C:\Program Files\Common Files\Quick Heal 2013-08-20 12:03:08 -------- d-----w- C:\Windows\System32\gprodat 2013-08-20 12:03:02 64160 ----a-w- C:\Windows\System32\drivers\ggc.sys 2013-08-18 08:52:29 -------- d-----w- C:\temp 2013-08-17 10:34:21 -------- d-----w- C:\Program Files\Quick Heal 2013-08-15 00:26:08 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9228B4FD-4458-46D8-9502-EF8CAC583D50}\mpengine.dll 2013-08-14 18:20:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-08-14 05:50:48 -------- d-----w- C:\Users\admin\AppData\Roaming\uTorrent 2013-08-14 05:47:23 -------- d-----w- C:\Program Files (x86)\YACReader 2013-08-13 14:51:17 -------- d-----w- C:\Users\admin\AppData\Local\Opera 2013-08-13 11:31:52 -------- d-----w- C:\Users\admin\AppData\Local\Adobe 2013-08-12 19:58:40 -------- d-----w- C:\Users\admin\AppData\Local\Hewlett-Packard 2013-08-12 19:57:25 -------- d-----w- C:\Users\admin\AppData\Roaming\hpqLog 2013-08-11 20:45:06 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-08-11 04:13:18 -------- d-----w- C:\HP 2013-08-10 06:30:40 -------- d-----w- C:\Users\admin\AppData\Roaming\PotPlayerMini 2013-08-10 06:30:40 -------- d-----w- C:\Users\admin\AppData\Local\Daum 2013-08-08 13:52:51 -------- d-----w- C:\ProgramData\LightScribe 2013-08-08 13:41:36 -------- d-----w- C:\Windows\System32\appmgmt 2013-08-03 20:46:05 -------- d-----w- C:\Windows\Panther 2013-08-03 11:55:21 -------- d-----w- C:\Users\admin\AppData\Local\ATI 2013-08-03 11:53:53 0 ----a-w- C:\Windows\ativpsrm.bin 2013-08-03 11:51:57 -------- d-----w- C:\Program Files\Common Files\Intel 2013-08-03 11:51:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2013-08-03 11:51:41 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-08-03 11:50:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-08-03 11:49:55 -------- d-----w- C:\Program Files\ATI Technologies 2013-08-03 11:49:52 -------- d-----w- C:\Program Files\ATI 2013-08-03 09:52:10 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2013-08-03 09:52:02 -------- d-----w- C:\Intel 2013-08-03 09:40:26 6012416 ----a-w- C:\Windows\System32\IDTNGUI.exe 2013-08-03 09:40:26 564224 ----a-w- C:\Windows\System32\idt64mp1.exe 2013-08-03 09:40:26 5077504 ----a-w- C:\Windows\System32\IDTNHP.dll 2013-08-03 09:40:26 4113408 ----a-w- C:\Windows\System32\stlang64.dll 2013-08-03 09:40:26 233472 ----a-w- C:\Windows\System32\IDTNJ.exe 2013-08-03 09:40:26 1819136 ----a-w- C:\Windows\System32\IDTNC64.cpl 2013-08-03 09:40:26 1424896 ----a-w- C:\Windows\sttray64.exe 2013-08-03 09:40:26 1041920 ----a-w- C:\Windows\System32\IDTNX.dll 2013-08-03 09:40:25 -------- d-----w- C:\Windows\System32\SRSLabs 2013-08-03 09:37:42 655872 ------w- C:\Windows\System32\stapi64.dll 2013-08-03 09:37:42 535040 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2013-08-03 09:37:42 446464 ----a-w- C:\Windows\System32\stcplx64.dll 2013-08-03 09:37:42 251392 ----a-w- C:\Windows\System32\staco64.dll 2013-08-03 09:37:42 1966080 ----a-w- C:\Windows\System32\stapo64.dll 2013-08-03 09:37:39 -------- d-----w- C:\Program Files\IDT 2013-08-03 09:37:26 -------- d-----w- C:\swsetup 2013-08-03 09:06:48 -------- d-----w- C:\Users\admin\AppData\Local\Macromedia 2013-08-03 08:19:54 -------- d-----w- C:\Users\admin\AppData\Local\Ahead 2013-08-03 08:16:01 -------- d-----w- C:\Program Files (x86)\Nero 2013-08-03 08:09:38 -------- d-----w- C:\Windows\PCHEALTH 2013-08-03 08:07:54 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-03 08:07:06 -------- d-----w- C:\Users\admin\AppData\Local\Microsoft Help 2013-08-03 08:00:33 178688 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-08-03 08:00:27 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-08-03 07:59:35 971680 ----a-w- C:\Windows\System32\deployJava1.dll 2013-08-03 07:59:35 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-08-03 07:59:31 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-08-03 07:57:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-03 07:57:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-03 07:56:47 -------- d-----w- C:\Program Files\CCleaner 2013-08-03 07:49:58 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe 2013-08-03 07:49:58 332800 ----a-w- C:\Windows\System32\ATIODE.exe 2013-08-03 07:49:58 118784 ----a-w- C:\Windows\System32\atibtmon.exe 2013-08-03 07:49:52 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2013-08-03 07:49:49 58880 ----a-w- C:\Windows\System32\coinst.dll 2013-08-03 07:46:25 -------- d-----w- C:\Users\admin\AppData\Local\Mozilla 2013-08-03 07:46:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-03 07:46:00 -------- d-sh--w- C:\Windows\Installer 2013-08-03 07:44:28 -------- d-----w- C:\Users\admin\AppData\Roaming\Malwarebytes 2013-08-03 07:44:25 -------- d-----w- C:\ProgramData\Malwarebytes 2013-08-03 07:44:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-03 07:44:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-03 07:44:16 -------- d-----w- C:\Users\admin\AppData\Local\Programs 2013-08-03 07:42:42 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2013-08-03 07:36:49 4746304 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS 2013-08-03 07:36:48 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll 2013-08-03 07:36:48 3952640 ----a-w- C:\Windows\System32\bcmihvsrv64.dll 2013-08-03 07:36:48 3617792 ----a-w- C:\Windows\System32\bcmihvui64.dll 2013-08-03 07:34:47 726160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2013-08-03 07:34:46 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2013-08-03 07:34:46 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2013-08-03 07:24:04 -------- d-----w- C:\Users\admin\AppData\Local\VirtualStore 2013-08-03 07:22:09 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . . ============= FINISH: 13:21:12.91 ===============

Thanx for replying . So can i post the same thing that i've written here , in the malware removal help forum too , along with the dds txt attachments (mentioned in option 1) ?

Hello , im using malwarebytes (trial edition) and along with that im using QuickHeal antivirus . Now the thing is , my Laptop has been infected with the virus "skype.dat" and i came to know about this when i scanned my system with malwarebytes , as my quickheal antivirus totally failed to detect anything. Now i came to know over the internet , that no major antiviruses are able to detect this virus , which means this "skype.dat" virus has the ability to bypass detection . and i also came to know that it hides itself in the registry and slowly changes the system files and later when connected to the internet it downloads more malwares. Anyway, after malwarebytes detected it , it said that upon rebooting it will be removed , but after rebooting it came back again . Till now , my system has not been shut down by this virus , like in the case of many FBI Ukash viruses. I mean , till now my system is running normally , but one weird thing did happen . Whenever im trying to run my quickheal antivirus for scanning or to update it , a message popping up instead saying that my quickheal product key is being used by multiple computers and so my quickheal updates are blocked. (Note : i have only one system in my house) Let me mention here , that i have been running quickheal and malwarebytes together in a single laptop since 2011 and i have never experienced anything like this , until now. Anyway after going through all this i decided to call in the technician guys and they formatted my system (deleted all partitions) and did a clean install of win7 .... and now again while scanning with Mbam (trial), its showing that the same virus is still there in my system but cannot delete it . That means it survived the format. Im at a loss of ideas about what should i do now . Is there any other way to remove it ? I tried all the apps like combofix , adwcleaner , ccleaner , junkware removal tool etc. but no luck. They aren't detecting anything. One thing i noticed today and that is - When im running only malwarebytes (by un-installing quickheal) and scanning my system with malwarebytes , it is detecting no such "skype.dat" virus. When im running only quickheal (by un-installing malwarebytes) and scanning my system with quickheal its not detecting any viruses. But when im running both Quickheal and Malwarebytes , and scanning with both the software , only malwarebytes is detecting the "skype.dat" virus . But cannot delete it. Any help would be greatly appreciated .