Jump to content

Need help with trojan dropper and false windows updates


Recommended Posts

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
  • 2 weeks later...

TY Maurice :)

Ok now I am sorry had to go away for a business trip so wasnt available, sorry for any inconvenience.

An update on the current system performance:

svc host still appears even after running combo fix, this process has to be shut down manually 2-3 times from task manager so that it stops consuming all the bandwith, this solution is only temporary until I restart the laptop and the problem appears again.

graphic performance of my laptop has become significantly low.

my system drice c: is having a bulk of huge files which I dont know about. It has taken up most of the space in the drive leaving just 9 GB free.

there are many hidden files all over my pc, they seem to be the copies created in process you told me above.

I have run combo fix and here is a post of my log:

ComboFix 12-09-09.02 - Ahmed 10-Sep-12 6:01.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.2312 [GMT 5:00]

Running from: c:\users\Ahmed\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\wmm_cur.log

c:\windows\SysWow64\wmm_old.log

.

.

((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))

.

.

2012-09-10 01:14 . 2012-09-10 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-04 20:02 . 2012-09-04 20:02 -------- d-----w- c:\users\Ahmed\AppData\Roaming\PlatinumHideIP

2012-09-04 20:02 . 2012-09-04 20:02 -------- d-----w- c:\programdata\PlatinumHideIP

2012-09-04 20:01 . 2012-09-04 20:01 -------- d-----w- c:\program files (x86)\PlatinumHideIP

2012-09-03 23:03 . 2012-09-03 23:03 0 ----a-w- c:\windows\SysWow64\shoACCB.tmp

2012-09-02 12:07 . 2012-09-02 12:07 -------- d-----w- c:\windows\SysWow64\xlive

2012-09-02 12:07 . 2012-09-02 12:07 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-09-02 10:56 . 2012-09-02 10:56 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-02 10:55 . 2012-09-02 10:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-02 10:55 . 2012-09-02 10:55 -------- d-----w- c:\program files (x86)\Java

2012-08-31 12:59 . 2012-08-31 12:59 -------- d-----w- c:\users\Ahmed\AppData\Local\Adobe

2012-08-30 20:32 . 2012-08-30 20:32 -------- d-----w- c:\program files (x86)\uTorrent

2012-08-23 17:44 . 2012-08-23 17:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-08-22 23:32 . 2012-07-06 20:06 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2012-08-22 23:32 . 2012-07-06 20:06 552448 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-22 23:22 . 2012-08-22 23:22 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2

2012-08-22 13:01 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll

2012-08-22 13:00 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2012-08-22 13:00 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2012-08-22 13:00 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2012-08-22 13:00 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2012-08-22 12:59 . 2011-06-16 05:31 199680 ----a-w- c:\windows\system32\xmllite.dll

2012-08-22 12:59 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2012-08-22 12:59 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2012-08-22 12:59 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2012-08-22 07:21 . 2012-08-22 07:21 -------- d-----w- c:\program files (x86)\ESET

2012-08-22 05:40 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-22 05:40 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-22 05:40 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2012-08-22 05:40 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-22 05:39 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-08-22 05:39 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-08-22 05:32 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-22 05:32 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-22 05:15 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-08-22 05:15 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-08-22 04:26 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-08-22 03:50 . 2012-08-22 04:03 -------- d-----w- c:\users\Ahmed\AppData\Local\NPE

2012-08-22 03:42 . 2012-08-22 03:42 -------- d-----w- c:\users\Ahmed\AppData\Roaming\Tific

2012-08-22 03:40 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-08-22 03:24 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-22 03:24 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll

2012-08-22 03:24 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-22 03:24 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-22 03:24 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2012-08-22 02:26 . 2012-08-22 02:26 -------- d-----w- c:\programdata\SUPERSetup

2012-08-22 01:54 . 2012-08-22 01:54 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-22 01:54 . 2012-08-22 01:54 -------- d-----w- c:\windows\system32\Wat

2012-08-21 12:01 . 2012-08-21 12:01 -------- d-----w- c:\windows\en

2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\fr

2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\es

2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\eu

2012-08-21 11:51 . 2012-08-21 11:51 -------- d-----w- c:\windows\ca

2012-08-21 10:25 . 2012-07-27 21:15 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-08-21 10:24 . 2012-08-21 10:24 -------- d-----w- c:\program files\Windows Live

2012-08-21 10:17 . 2012-08-21 10:17 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\DSETUP.dll

2012-08-21 10:17 . 2012-08-21 10:17 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\DXSETUP.exe

2012-08-21 10:17 . 2012-08-21 10:17 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\27e0969e1cd7f860a\dsetup32.dll

2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2012-08-21 10:12 . 2012-08-21 10:12 5563840 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77b4cf701cd7f8505\skydrivesetup.exe

2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----r- c:\users\Ahmed\SkyDrive

2012-08-21 10:12 . 2012-08-21 10:12 -------- d-----w- c:\programdata\Microsoft SkyDrive

2012-08-21 10:11 . 2012-08-21 10:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\DSETUP.dll

2012-08-21 10:11 . 2012-08-21 10:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\DXSETUP.exe

2012-08-21 10:11 . 2012-08-21 10:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48dab7501cd7f8503\dsetup32.dll

2012-08-21 10:10 . 2012-08-21 10:10 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\DSETUP.dll

2012-08-21 10:10 . 2012-08-21 10:10 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\DXSETUP.exe

2012-08-21 10:10 . 2012-08-21 10:10 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31b5158c1cd7f8502\dsetup32.dll

2012-08-21 10:08 . 2012-08-21 10:08 -------- d-----w- c:\program files\Recuva

2012-08-21 10:02 . 2012-08-21 10:02 -------- d-----w- c:\users\Ahmed\AppData\Local\Windows Live

2012-08-20 04:44 . 2012-08-20 04:44 -------- d-----w- c:\users\Ahmed\AppData\Local\SKIDROW

2012-08-20 04:40 . 2006-03-31 07:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll

2012-08-20 04:19 . 2012-08-20 04:19 -------- d-----w- c:\program files (x86)\Rebellion

2012-08-19 19:52 . 2012-08-19 19:52 -------- d-----w- c:\programdata\Premium

2012-08-19 19:52 . 2012-08-22 08:27 -------- d-----w- c:\programdata\Codec

2012-08-19 19:52 . 2012-08-22 08:27 -------- d-----w- c:\programdata\GBox

2012-08-19 19:52 . 2012-08-22 00:15 -------- d-----w- c:\program files (x86)\SProtector

2012-08-19 02:29 . 2012-08-19 02:29 -------- d-----w- c:\program files (x86)\Microsoft WSE

2012-08-19 02:28 . 2006-09-28 11:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-08-19 02:28 . 2006-09-28 11:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-02 10:55 . 2012-05-19 13:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-02 10:55 . 2012-05-19 13:37 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-22 01:51 . 2012-07-30 04:34 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-30 05:09 . 2012-07-30 05:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-07-30 05:09 . 2012-07-30 05:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-07-30 05:09 . 2012-07-30 05:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-07-30 05:09 . 2012-07-30 05:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-07-30 05:09 . 2012-07-30 05:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-07-30 05:09 . 2012-07-30 05:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-07-30 05:09 . 2012-07-30 05:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-07-30 05:09 . 2012-07-30 05:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-07-30 05:09 . 2012-07-30 05:09 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-07-30 05:09 . 2012-07-30 05:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-07-30 05:09 . 2012-07-30 05:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-07-30 05:09 . 2012-07-30 05:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-07-30 05:09 . 2012-07-30 05:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-07-30 05:09 . 2012-07-30 05:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-07-30 05:09 . 2012-07-30 05:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-07-30 05:09 . 2012-07-30 05:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-07-30 05:09 . 2012-07-30 05:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-07-30 05:09 . 2012-07-30 05:09 222208 ----a-w- c:\windows\system32\msls31.dll

2012-07-30 05:09 . 2012-07-30 05:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-07-30 05:09 . 2012-07-30 05:09 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-07-30 05:09 . 2012-07-30 05:09 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-07-30 05:09 . 2012-07-30 05:09 82432 ----a-w- c:\windows\system32\icardie.dll

2012-07-30 05:09 . 2012-07-30 05:09 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-07-30 05:09 . 2012-07-30 05:09 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-07-30 05:09 . 2012-07-30 05:09 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-07-30 05:09 . 2012-07-30 05:09 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-07-30 05:09 . 2012-07-30 05:09 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-07-30 05:09 . 2012-07-30 05:09 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-07-30 05:09 . 2012-07-30 05:09 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-07-30 05:09 . 2012-07-30 05:09 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-07-30 05:09 . 2012-07-30 05:09 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-07-30 05:09 . 2012-07-30 05:09 448512 ----a-w- c:\windows\system32\html.iec

2012-07-30 05:09 . 2012-07-30 05:09 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-07-30 05:09 . 2012-07-30 05:09 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-07-30 05:09 . 2012-07-30 05:09 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-07-30 05:09 . 2012-07-30 05:09 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-30 05:09 . 2012-07-30 05:09 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-07-30 05:09 . 2012-07-30 05:09 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-07-30 05:09 . 2012-07-30 05:09 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-07-30 05:09 . 2012-07-30 05:09 197120 ----a-w- c:\windows\system32\msrating.dll

2012-07-30 05:09 . 2012-07-30 05:09 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-07-30 05:09 . 2012-07-30 05:09 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-07-30 05:09 . 2012-07-30 05:09 160256 ----a-w- c:\windows\system32\wextract.exe

2012-07-30 05:09 . 2012-07-30 05:09 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-07-30 05:09 . 2012-07-30 05:09 149504 ----a-w- c:\windows\system32\occache.dll

2012-07-30 05:09 . 2012-07-30 05:09 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-07-30 05:09 . 2012-07-30 05:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-07-30 05:09 . 2012-07-30 05:09 12288 ----a-w- c:\windows\system32\mshta.exe

2012-07-30 05:09 . 2012-07-30 05:09 114176 ----a-w- c:\windows\system32\admparse.dll

2012-07-30 05:09 . 2012-07-30 05:09 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-07-30 05:09 . 2012-07-30 05:09 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-07-30 05:09 . 2012-07-30 05:09 103936 ----a-w- c:\windows\system32\inseng.dll

2012-07-30 05:08 . 2012-07-30 05:08 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-07-30 05:08 . 2012-07-30 05:08 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-07-30 05:08 . 2012-07-30 05:08 144384 ----a-w- c:\windows\system32\cdd.dll

2012-07-27 22:09 . 2012-07-27 22:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-07-27 21:54 . 2012-07-27 21:54 321472 ----a-w- c:\windows\WLXPGSS.SCR

2012-07-26 14:08 . 2012-07-26 14:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll

2012-07-26 14:08 . 2012-07-26 14:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll

2012-07-26 14:08 . 2012-07-26 14:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll

2012-07-26 14:08 . 2012-07-26 14:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll

2012-07-26 14:08 . 2012-07-26 14:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll

2012-07-26 10:22 . 2012-07-26 10:22 828872 ----a-w- c:\windows\system32\msvcr110.dll

2012-07-26 10:22 . 2012-07-26 10:22 661448 ----a-w- c:\windows\system32\msvcp110.dll

2012-07-26 10:22 . 2012-07-26 10:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll

2012-07-26 10:22 . 2012-07-26 10:22 177096 ----a-w- c:\windows\system32\atl110.dll

2012-07-26 10:22 . 2012-07-26 10:22 124360 ----a-w- c:\windows\system32\vcomp110.dll

2012-07-17 10:14 . 2012-07-17 10:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL

2012-07-17 09:49 . 2012-07-17 09:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL

2012-07-17 09:37 . 2012-07-17 09:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-15 21:40 . 2012-07-30 04:28 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07645794-8372-40D5-900D-D23A24ABBCD1}\mpengine.dll

2012-07-06 21:48 . 2012-07-06 21:48 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-07-03 08:46 . 2011-10-06 23:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 11:04 . 2012-06-25 11:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-21 10:12 220608 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-30 896912]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]

"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2010-08-22 2931744]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-04 3417496]

"QUBEE WCM"="c:\program files\QUBEE WCM\QUBEE WCM.exe" [2010-09-07 856064]

"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-08-14 21975120]

"Facebook Update"="c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"RockMelt Update"="c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-08-05 136336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]

"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]

"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2012-07-14 512000]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-3-4 969216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]

R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2010-08-19 20904]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]

R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [2010-07-05 154112]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736]

S0 MfeEpePc;MfeEpePc; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-06 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2010-08-19 1411616]

S2 GPCommonService(64);GPCommonService(64);c:\program files\QUBEE WCM\GPCommonServicex64.exe [2010-05-31 110592]

S2 GPCommonService;GPCommonService;c:\program files\QUBEE WCM\GPCommonService.exe [2010-05-27 90112]

S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]

S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]

S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [2010-04-26 18432]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]

S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]

S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]

S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]

S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

- c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 20:49]

.

2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

- c:\users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-10 20:49]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:19]

.

2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

- c:\users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:19]

.

2012-09-10 c:\windows\Tasks\HPCeeScheduleForAHMED-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-09-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

- c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-05 15:49]

.

2012-09-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

- c:\users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-05 15:49]

.

2012-09-09 c:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-12-04 17:09]

.

2012-09-09 c:\windows\Tasks\update-sys.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2011-12-04 17:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-21 10:12 244672 ----a-w- c:\users\Ahmed\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 418840]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]

"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]

"combofix"="c:\combofix\CF17471.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.gboxapp.com/?affid=gb2

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.gboxapp.com/?affid=gb2

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ya6s2ah8.default\

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289} - c:\program files (x86)\InstallShield Installation Information\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]

"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4188994054-3629684506-4284009711-1002_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):4d,e2,90,81,71,95,56,37,ac,38,f7,44,67,f8,46,6b,a3,46,41,e8,52,

46,00,a4,3f,a7,04,76,71,52,06,d7,24,ad,b4,80,fc,d1,e4,08,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-4188994054-3629684506-4284009711-1002_Classes\Wow6432Node\CLSID\{ae5b8759-ff2f-4b31-aaa1-b7f0de7edb68}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000048

"Therad"=dword:00000019

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\progra~2\DUMETE~1\DUMeter.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe

c:\program files\QUBEE WCM\wimax\WmMMgr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-09-10 06:23:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-10 01:23

.

Pre-Run: 8,888,487,936 bytes free

Post-Run: 12,776,730,624 bytes free

.

- - End Of File - - E60DEE7D2E2A9526BB148FF55F729599

Link to post
Share on other sites

OTL logfile created on: 11-Sep-12 2:38:04 AM - Run 3

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ahmed\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.94 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 41.46% Memory free

7.87 Gb Paging File | 5.02 Gb Available in Paging File | 63.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 147.52 Gb Total Space | 9.98 Gb Free Space | 6.76% Space Free | Partition Type: NTFS

Drive D: | 128.47 Gb Total Space | 16.83 Gb Free Space | 13.10% Space Free | Partition Type: NTFS

Drive E: | 16.80 Gb Total Space | 2.54 Gb Free Space | 15.14% Space Free | Partition Type: NTFS

Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32

Computer Name: HEWLETT | User Name: Ahmed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-31 01:32:48 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

PRC - [2012-08-05 20:49:13 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe

PRC - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe

PRC - [2012-07-14 08:55:02 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-05-18 01:03:02 | 000,602,112 | ---- | M] (hbm) -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\Auto-Joiner.exe

PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011-08-14 12:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe

PRC - [2011-08-05 03:31:45 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011-03-04 02:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011-02-11 05:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

PRC - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

PRC - [2011-02-07 23:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

PRC - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

PRC - [2011-01-26 22:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011-01-19 01:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

PRC - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

PRC - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe

PRC - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

PRC - [2010-08-22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe

PRC - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe

PRC - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\QUBEE WCM\GPCommonService.exe

PRC - [2010-05-26 09:47:36 | 000,075,776 | ---- | M] (MediaTek Inc.) -- C:\Program Files\QUBEE WCM\WiMAX\WmMMgr.exe

PRC - [2009-07-14 06:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

========== Modules (No Company Name) ==========

MOD - [2012-08-30 07:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll

MOD - [2012-08-30 07:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

MOD - [2012-08-30 07:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

MOD - [2012-08-30 07:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll

MOD - [2012-08-30 07:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll

MOD - [2012-08-30 07:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll

MOD - [2012-08-30 07:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll

MOD - [2012-08-30 07:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll

MOD - [2012-08-23 04:53:38 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll

MOD - [2012-08-23 04:53:27 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll

MOD - [2012-08-23 04:53:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012-08-23 04:53:15 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012-08-23 04:53:15 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f9a70c3039c1effc4df35709143e7b2f\IAStorCommon.ni.dll

MOD - [2012-08-23 04:53:12 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\80b4cd3b84dea19ceafd07b591d13ea0\IAStorUtil.ni.dll

MOD - [2012-08-23 04:53:11 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012-08-23 04:53:04 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012-08-23 04:52:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012-08-23 04:52:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012-08-23 04:52:52 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012-08-23 04:31:44 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2012-07-31 08:06:12 | 007,123,320 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe

MOD - [2012-07-30 14:34:53 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll

MOD - [2012-07-30 14:31:07 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll

MOD - [2012-07-30 12:29:04 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPlugin.dll

MOD - [2012-07-30 12:29:03 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\BlackShotPlugin.dll

MOD - [2012-07-30 12:28:30 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTWPlugin.dll

MOD - [2012-07-30 12:28:13 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginThe7TW.dll

MOD - [2012-07-30 12:27:39 | 000,202,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll

MOD - [2012-07-30 12:27:15 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll

MOD - [2012-07-30 12:27:11 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonCISPlugin.dll

MOD - [2012-07-30 12:27:05 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginWinTexasTW.dll

MOD - [2012-07-30 12:26:33 | 000,277,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LDJPlugin.dll

MOD - [2012-07-30 12:25:55 | 000,577,024 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginAux.dll

MOD - [2012-07-30 12:25:52 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\MStarPlugin.dll

MOD - [2012-07-30 12:25:47 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLTHPlugin.dll

MOD - [2012-07-30 12:25:20 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PerfectWorldPlugin.dll

MOD - [2012-07-30 11:47:03 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll

MOD - [2012-07-27 17:50:35 | 000,924,160 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll

MOD - [2012-07-27 12:41:43 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll

MOD - [2012-07-27 11:59:56 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll

MOD - [2012-07-27 11:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll

MOD - [2012-07-27 11:59:36 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll

MOD - [2012-07-27 11:59:35 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll

MOD - [2012-07-27 11:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll

MOD - [2012-07-27 11:59:23 | 000,163,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll

MOD - [2012-07-20 08:54:08 | 000,453,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll

MOD - [2012-07-20 08:54:08 | 000,164,352 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll

MOD - [2012-07-19 14:23:05 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\LoLPHPlugin.dll

MOD - [2012-07-19 14:22:18 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\HonPlugin.dll

MOD - [2012-07-12 10:41:54 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xIM.dll

MOD - [2012-07-12 10:40:18 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll

MOD - [2012-06-21 17:35:44 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll

MOD - [2012-05-25 16:32:47 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll

MOD - [2012-05-23 12:20:26 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll

MOD - [2012-05-03 14:53:38 | 001,081,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll

MOD - [2012-04-24 06:21:31 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll

MOD - [2012-04-24 06:21:25 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll

MOD - [2012-04-24 06:19:17 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll

MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll

MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2012-04-13 08:12:19 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll

MOD - [2012-04-13 08:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll

MOD - [2012-03-08 13:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll

MOD - [2012-02-22 13:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll

MOD - [2012-02-22 13:52:16 | 002,609,664 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll

MOD - [2012-02-22 13:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll

MOD - [2012-02-22 13:52:16 | 000,418,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\exchndl.dll

MOD - [2012-02-22 13:52:16 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll

MOD - [2012-02-22 13:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll

MOD - [2012-02-22 13:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll

MOD - [2012-02-22 13:52:16 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll

MOD - [2011-10-26 01:13:08 | 000,057,344 | ---- | M] () -- C:\Users\Ahmed\Desktop\Dota tools\Auto-Joiner\hbm.dll

MOD - [2011-08-22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011-05-28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll

MOD - [2011-05-05 05:42:24 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

MOD - [2011-03-04 02:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2011-03-04 02:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011-02-09 23:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

MOD - [2010-09-07 19:33:12 | 000,856,064 | ---- | M] () -- C:\Program Files\QUBEE WCM\QUBEE WCM.exe

MOD - [2010-08-19 12:13:48 | 000,011,296 | ---- | M] () -- C:\Program Files (x86)\DU Meter\DUHelper.dll

MOD - [2010-08-09 10:50:14 | 000,163,840 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\gpwimaxformtk.dll

MOD - [2010-08-09 10:50:14 | 000,106,496 | ---- | M] () -- C:\Program Files\QUBEE WCM\WiMAX\MTKWimaxSDK.dll

MOD - [2010-08-09 10:44:28 | 000,180,224 | ---- | M] () -- C:\Program Files\QUBEE WCM\Plugins\P1UpdateMgrPlugin.dll

MOD - [2010-08-06 16:09:08 | 000,385,024 | ---- | M] () -- C:\Program Files\QUBEE WCM\ConnectionManager.dll

MOD - [2010-08-06 10:59:00 | 000,025,088 | ---- | M] () -- C:\Program Files\QUBEE WCM\gplib.dll

MOD - [2010-05-10 13:00:20 | 000,017,920 | ---- | M] () -- C:\Program Files\QUBEE WCM\GPSingleInstance.dll

MOD - [2010-02-22 20:44:40 | 000,027,648 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qico4.dll

MOD - [2010-02-22 20:44:34 | 000,290,816 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qtiff4.dll

MOD - [2010-02-22 20:44:04 | 000,233,472 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qmng4.dll

MOD - [2010-02-22 20:43:46 | 000,022,016 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qgif4.dll

MOD - [2010-02-22 20:43:40 | 000,135,168 | ---- | M] () -- C:\Program Files\QUBEE WCM\imageformats\qjpeg4.dll

MOD - [2009-12-10 12:13:46 | 008,314,880 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtGui4.dll

MOD - [2009-12-10 12:01:40 | 000,966,656 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtNetwork4.dll

MOD - [2009-12-10 12:00:28 | 000,364,544 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtXml4.dll

MOD - [2009-12-10 12:00:20 | 002,240,512 | ---- | M] () -- C:\Program Files\QUBEE WCM\QtCore4.dll

MOD - [2009-06-11 02:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011-02-12 08:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2011-02-09 23:28:12 | 001,318,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)

SRV:64bit: - [2011-01-28 21:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)

SRV:64bit: - [2011-01-27 14:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011-01-27 06:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)

SRV:64bit: - [2011-01-27 04:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011-01-22 07:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2010-05-31 14:20:50 | 000,110,592 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonServicex64.exe -- (GPCommonService(64)

SRV:64bit: - [2010-05-27 15:00:28 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\QUBEE WCM\GPCommonService.exe -- (GPCommonService)

SRV:64bit: - [2009-07-14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-03-03 15:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012-08-25 07:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-04-04 10:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012-02-10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012-02-10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011-04-05 23:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011-03-29 05:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011-02-07 23:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2011-02-04 03:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)

SRV - [2011-02-01 13:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011-01-29 03:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011-01-26 22:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011-01-22 07:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2011-01-19 01:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

SRV - [2011-01-18 00:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011-01-18 00:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011-01-12 23:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2011-01-07 08:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011-01-07 08:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010-11-30 00:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2010-11-11 12:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)

SRV - [2010-10-01 02:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010-08-19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)

SRV - [2010-03-19 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 23:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-06-11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012-07-07 02:48:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012-03-01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-10-21 09:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011-08-23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011-07-06 20:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2011-03-11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-02-09 23:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)

DRV:64bit: - [2011-02-07 19:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)

DRV:64bit: - [2011-02-04 08:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011-01-31 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011-01-27 14:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011-01-27 04:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011-01-27 04:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011-01-13 06:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011-01-08 20:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011-01-07 08:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011-01-07 08:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011-01-07 08:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011-01-07 08:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011-01-07 08:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011-01-07 08:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010-12-21 22:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2010-12-03 05:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2010-11-30 21:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010-11-11 12:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)

DRV:64bit: - [2010-10-29 10:10:34 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-10-20 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010-07-05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)

DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010-04-26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)

DRV:64bit: - [2009-11-02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009-07-14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 05:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)

DRV:64bit: - [2009-07-14 04:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009-06-11 02:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009-06-11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2010-08-19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)

DRV - [2009-07-14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/?affid=gb2

IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={846D8560-0BD0-46BB-8E6F-43B087550BC1}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?affid=gb2&q={searchTerms}

IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..network.proxy.gopher: ""

FF - prefs.js..network.proxy.gopher_port: 0

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Ahmed\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-05-05 05:50:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-01 01:27:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ahmed\AppData\Roaming\IDM\idmmzcc5 [2011-10-25 03:49:54 | 000,000,000 | ---D | M]

[2012-09-01 01:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Extensions

[2012-09-03 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\ya6s2ah8.default\extensions

[2012-09-01 01:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012-09-01 01:29:43 | 000,004,545 | ---- | M] () (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA6S2AH8.DEFAULT\EXTENSIONS\SUPPORT@EASY-HIDEIP.COM.XPI

[2012-08-25 07:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-08-25 07:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-08-25 07:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ahmed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ahmed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ahmed\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: MouseHunt AutoBot = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0\

CHR - Extension: Skype Click to Call = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

CHR - Extension: Gmail = C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-09-10 06:16:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKCU..\Run: [QUBEE WCM] C:\Program Files\QUBEE WCM\QUBEE WCM.exe ()

O4 - HKCU..\Run: [RockMelt Update] C:\Users\Ahmed\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A927C37-DF90-4A7F-9201-51A64C503C83}: DhcpNameServer = 192.168.5.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A89A00-C67C-486B-9E60-971A7591C4B7}: DhcpNameServer = 203.130.2.3 221.132.112.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6BE3E0-D7A6-4A54-8534-7E8959B0A897}: DhcpNameServer = 180.178.128.100 203.130.2.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE39716-BCBF-4C50-9210-EE0CA0DE322B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA56D213-06E2-4DEE-9237-B36275552B97}: DhcpNameServer = 180.178.128.100 203.130.2.3

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-10 06:50:08 | 000,000,000 | ---D | C] -- C:\Intel

[2012-09-10 06:23:16 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012-09-10 06:16:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012-09-10 05:58:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012-09-10 05:58:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012-09-10 05:58:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012-09-10 05:43:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-09-10 05:43:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012-09-10 05:39:46 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe

[2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP

[2012-09-05 01:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP

[2012-09-05 01:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Platinum Hide IP

[2012-09-05 01:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlatinumHideIP

[2012-09-04 23:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\DROID

[2012-09-02 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Documents\CAPCOM

[2012-09-02 17:07:49 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive

[2012-09-02 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2012-09-02 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2012-09-02 15:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012-09-02 15:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012-09-01 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Mozilla

[2012-09-01 01:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012-09-01 01:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012-08-31 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Adobe

[2012-08-31 01:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2012-08-23 04:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012-08-22 19:42:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe

[2012-08-22 17:22:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\Desktop\RK_Quarantine

[2012-08-22 15:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 12:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-08-22 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\NPE

[2012-08-22 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2012-08-22 07:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat

[2012-08-22 06:54:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat

[2012-08-21 17:01:37 | 000,000,000 | ---D | C] -- C:\windows\en

[2012-08-21 16:51:47 | 000,000,000 | ---D | C] -- C:\windows\fr

[2012-08-21 16:51:45 | 000,000,000 | ---D | C] -- C:\windows\es

[2012-08-21 16:51:43 | 000,000,000 | ---D | C] -- C:\windows\eu

[2012-08-21 16:51:41 | 000,000,000 | ---D | C] -- C:\windows\ca

[2012-08-21 15:25:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012-08-21 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012-08-21 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive

[2012-08-21 15:12:53 | 000,000,000 | R--D | C] -- C:\Users\Ahmed\SkyDrive

[2012-08-21 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

[2012-08-21 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2012-08-21 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012-08-21 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\Windows Live

[2012-08-20 09:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmed\AppData\Local\SKIDROW

[2012-08-20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion

[2012-08-20 00:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2012-08-20 00:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec

[2012-08-20 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GBox

[2012-08-20 00:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector

[2012-08-19 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-09-11 01:50:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\update-sys.job

[2012-09-10 23:14:00 | 000,000,342 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAHMED-HP$.job

[2012-09-10 22:48:11 | 000,000,468 | ---- | M] () -- C:\Local Disk (D) - Shortcut.lnk

[2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-09-10 08:50:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-09-10 07:04:45 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-09-10 07:01:17 | 000,783,728 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012-09-10 07:01:17 | 000,663,674 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012-09-10 07:01:17 | 000,122,252 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012-09-10 06:54:45 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012-09-10 06:54:44 | 000,015,438 | ---- | M] () -- C:\windows\SysNative\results.xml

[2012-09-10 06:53:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012-09-10 06:53:53 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys

[2012-09-10 06:16:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012-09-10 05:41:58 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\ComboFix.exe

[2012-09-05 01:01:59 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk

[2012-09-02 18:15:43 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk

[2012-09-01 01:27:46 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012-08-31 01:32:48 | 000,000,971 | ---- | M] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012-08-31 01:32:48 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2012-08-23 13:49:36 | 000,415,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012-08-23 04:31:42 | 000,777,944 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012-08-22 17:15:35 | 001,558,528 | ---- | M] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 15:46:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ahmed\Desktop\dds.com

[2012-08-22 15:28:36 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-08-22 15:26:50 | 001,334,200 | ---- | M] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-22 12:14:16 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ahmed\Desktop\tdsskiller.exe

[2012-08-22 12:08:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmed\Desktop\OTL.exe

[2012-08-22 05:10:25 | 000,001,224 | ---- | M] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-10 22:48:11 | 000,000,468 | ---- | C] () -- C:\Local Disk (D) - Shortcut.lnk

[2012-09-10 05:58:19 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012-09-10 05:58:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012-09-10 05:58:19 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012-09-10 05:58:19 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012-09-10 05:58:19 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012-09-05 01:01:59 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk

[2012-09-02 18:15:43 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Street Fighter X Tekken.lnk

[2012-09-01 01:27:46 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012-09-01 01:27:44 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012-08-31 01:32:48 | 000,000,971 | ---- | C] () -- C:\Users\Ahmed\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012-08-31 01:32:48 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2012-08-22 17:15:10 | 001,558,528 | ---- | C] () -- C:\Users\Ahmed\Desktop\RogueKiller.exe

[2012-08-22 15:26:49 | 001,334,200 | ---- | C] () -- C:\Users\Ahmed\Desktop\Malware.png

[2012-08-21 16:51:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2012-08-21 16:51:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

[2012-08-21 16:08:17 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012-08-21 15:45:46 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012-08-21 15:12:52 | 000,002,159 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

[2012-08-21 15:08:32 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2012-03-21 07:53:14 | 000,758,018 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2012-03-21 07:53:14 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011-12-04 08:28:04 | 000,001,224 | ---- | C] () -- C:\Users\Ahmed\AppData\Local\UserProducts.xml

[2011-10-21 09:27:52 | 000,217,536 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011-10-21 09:22:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2011-10-21 09:03:02 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2011-10-14 06:03:45 | 000,000,166 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\Battery Meter_Settings.ini

[2011-10-14 06:02:04 | 000,000,412 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\All CPU Meter_Settings.ini

[2011-10-11 06:08:01 | 000,045,270 | ---- | C] () -- C:\Users\Ahmed\AppData\Roaming\room_v3.dat

[2011-09-04 00:00:39 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdechhg.sys

[2011-09-03 23:46:40 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe

[2011-09-03 23:46:40 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2011-05-05 06:12:10 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbee.sys

[2011-05-05 05:56:14 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

[2011-05-05 05:50:23 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbgi.sys

[2011-05-05 05:25:40 | 000,777,944 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

[2011-03-26 09:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011-03-26 09:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011-02-26 03:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign

[2011-02-12 08:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

[2011-02-12 08:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign

[2011-02-04 08:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2011-02-04 03:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll

[2011-02-03 08:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign

[2011-02-03 08:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign

[2011-01-30 04:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe

[2011-01-23 00:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

[2011-01-11 08:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat

[2010-12-07 10:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll

[2010-12-07 10:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012-07-30 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AlarmClock

[2012-05-22 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Audacity

[2012-05-07 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Auto-Joiner

[2012-08-02 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\AutoGG

[2012-07-07 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DAEMON Tools Lite

[2011-10-04 16:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DigitalPersona

[2012-09-10 06:52:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\DMCache

[2012-09-10 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\GarenaPlus

[2012-06-06 07:40:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HideIPEasy

[2012-08-10 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC

[2012-08-10 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-08-06 11:38:08 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\IDM

[2011-10-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Maxthon3

[2011-11-19 07:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Nokia

[2011-10-31 00:04:24 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\ooVoo Details

[2011-12-06 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Opera

[2012-08-10 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Outlook

[2011-10-11 05:42:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PC Suite

[2012-09-05 01:02:23 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\PlatinumHideIP

[2012-08-17 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SoftGrid Client

[2012-06-06 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\SuperHideIP

[2011-10-04 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Synaptics

[2012-08-22 08:42:07 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\Tific

[2011-10-06 22:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\TP

[2012-09-11 02:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\uTorrent

[2011-10-08 23:38:00 | 000,000,000 | ---D | M] -- C:\Users\Ahmed\AppData\Roaming\WildTangent

[2012-09-11 02:03:28 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-09-11 01:54:02 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-09-10 20:54:00 | 000,000,876 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002Core.job

[2012-09-11 01:54:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4188994054-3629684506-4284009711-1002UA.job

[2012-09-10 06:42:42 | 000,032,612 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[2012-09-11 00:31:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-S-1-5-21-4188994054-3629684506-4284009711-1002.job

[2012-09-11 00:11:00 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\update-sys.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

Link to post
Share on other sites

Vide performance is fixed, although that rogue svc host still appears. If it might help I had been infected wth win32 jeefo previosuly on this system that made fake svchost files. Although every software says that it has been removed, I think it isn't. Because jeefo is the only virus i have come accross which gives fake svchost files. Here is a quarantine log from my MBAM, please see the screenshot. Maybe these quarantined files have something to do with this problem.

http://prntscr.com/feiu2

http://prntscr.com/feixl

Also my dvd-rw keep ejecting randomly, I doubt it is a virus but more likely it seems a hardware fault.

Lastly, there is a huge bulk of files all over my pc which i want to get rid of. I dont know how the came to my pc, if u want i can screenshot them to you as well.

Link to post
Share on other sites

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Combofix_uninstall_image.jpg

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.