Author Topic: Serious Virus (Read 8215 times)

wissamyoussif · « **on:** January 03, 2011, 02:28:04 PM »

Hi all, my laptop has been hit with a stubborn malware-- along with two other machines that I use (a desktop running Windows 7 and a laptop running Windows xp Home Edition), all hit when infected by thumb drives. Not even the strongest, always up-to-date malware- removal defense lines (back then) could resolve this problem, and now the computers are behaving horrifically weird. What would I do, please? I've been through the process in http://www.computerhope.com/forum/index.php/topic,46313.0.html and here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2011 at 11:33 PM

Application Version : 4.47.1000

Core Rules Database Version : 0
Trace Rules Database Version: 3815

Scan type : Complete Scan
Total Scan Time : 00:41:08

Memory items scanned : 691
Memory threats detected : 0
Registry items scanned : 13553
Registry threats detected : 0
File items scanned : 95034
File threats detected : 2

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\93jcf71j.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\93jcf71j.default\cookies.sqlite ]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5449

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

04/01/2011 12:04:33 ص
mbam-log-2011-01-04 (00-04-33).txt

Scan type: Quick scan
Objects scanned: 147948
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:19 ص, on 04/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\itisaluna\itisaluna.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [L09AXLRD_573600] "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Users\Wissam\AppData\Local\Temp\RarSFX1\jc_all.htm
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Download using FlashGet - C:\Users\Wissam\AppData\Local\Temp\RarSFX1\jc_link.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57F1E7E-29FD-4FDD-BE19-517883A2AE44}: NameServer = 109.237.192.10 109.237.192.11
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9557 bytes

Thanks

SuperDave · « **Reply #1 on:** January 05, 2011, 05:37:22 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Program Files (x86)\itisaluna\itisaluna.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**********************************************************************
P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

wissamyoussif · « **Reply #2 on:** January 06, 2011, 01:13:32 PM »

Hi all, thanks SuperDave for your interest.
First of all, I'm sorry I couldn't have the would-have-been Jotti's link into my reply. I waited virtually all night for C:\Program Files (x86)\itisaluna\itisaluna.exe (which by the way, is my internet connection provider: a very well-known company here) to be scanned, but the scan didn't start: all I got is "Waiting for scan" with all anti-malware services.
Second of all, my computer looks more stable now, but my flash drives are still severly infected. I've got the files (M3K7H2A3 and M6K2H1A9-- both VBScript Script Files) in one flash drive.
I've uninstalled LimeWire.
Here are the logs you asked for:

Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

OTL logfile created on: 06/01/2011 09:48:36 م - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Wissam\Desktop\Hope
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000801 | Country: العراق | Language: ARI | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99.27 Gb Total Space | 69.03 Gb Free Space | 69.54% Space Free | Partition Type: NTFS
Drive D: | 99.36 Gb Total Space | 98.24 Gb Free Space | 98.87% Space Free | Partition Type: NTFS
Drive E: | 99.36 Gb Total Space | 87.53 Gb Free Space | 88.09% Space Free | Partition Type: NTFS
Drive G: | 14.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WISSAM-PC | User Name: Wissam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/03 20:22:00 | 000,732,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.7.0.12\inststub.exe
PRC - [2011/01/02 17:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wissam\Desktop\Hope\OTL.exe
PRC - [2010/09/21 19:13:10 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/20 20:26:16 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\itisaluna\itisaluna.exe
PRC - [2010/02/26 03:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/12/08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2008/06/03 12:05:38 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

========== Modules (SafeList) ==========

MOD - [2011/01/02 17:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wissam\Desktop\Hope\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2005/03/10 16:33:48 | 000,053,248 | ---- | M] (Panicware, Inc.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\XAHook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2010/06/29 20:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/01 22:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/21 17:53:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/02/26 03:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/29 19:12:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/12/20 19:51:37 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/01 21:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 08:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 06:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 05:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 03:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/17 21:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 21:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/01 20:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/10/06 11:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/10/06 11:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009/10/06 11:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/10/06 11:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/09/23 04:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 04:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 04:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/23 04:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/30 03:17:21 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2009/08/30 03:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/30 03:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/01/01 01:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110101.005\ex64.sys -- (NAVEX15)
DRV - [2011/01/01 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110101.005\eng64.sys -- (NAVENG)
DRV - [2010/12/26 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/12/26 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/01 01:03:34 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101231.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/23 03:34:08 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.16
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2010/09/21 19:13:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/10/04 22:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/12/29 19:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/12/29 19:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/21 20:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/22 22:02:21 | 000,000,000 | ---D | M]

[2010/09/21 20:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wissam\AppData\Roaming\Mozilla\Extensions
[2010/09/21 20:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wissam\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/25 20:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\93jcf71j.default\extensions
[2011/01/03 20:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 20:01:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/21 20:03:07 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/10/04 22:25:48 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/09/21 19:13:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD
[2010/12/29 19:12:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/12/29 19:12:17 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2010/09/21 20:01:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/29 20:00:10 | 000,000,908 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [MKH] C:\Windows\M1K6H4A5.vbs ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [L09AXLRD_573600] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Wissam\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/08/22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/20 04:12:34 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{65b6f84a-c4db-11df-a910-a4badbd3b62b}\Shell - "" = AutoRun
O33 - MountPoints2\{65b6f84a-c4db-11df-a910-a4badbd3b62b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6833f136-c5ae-11df-b947-a4badbd3b62b}\Shell - "" = AutoRun
O33 - MountPoints2\{6833f136-c5ae-11df-b947-a4badbd3b62b}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{6833f149-c5ae-11df-b947-a4badbd3b62b}\Shell - "" = AutoRun
O33 - MountPoints2\{6833f149-c5ae-11df-b947-a4badbd3b62b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c55e1015-c4de-11df-b2eb-a4badbd3b62b}\Shell - "" = AutoRun
O33 - MountPoints2\{c55e1015-c4de-11df-b2eb-a4badbd3b62b}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 19:47:07 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Local\Tific
[2011/01/05 19:46:27 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\Tific
[2011/01/04 19:48:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1108000.005
[2011/01/04 00:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/01/04 00:19:16 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/04 00:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/03 23:38:55 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\Malwarebytes
[2011/01/03 23:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 23:38:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/03 23:38:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/03 23:38:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/03 23:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/03 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/03 22:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/03 22:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/01/03 22:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/03 22:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/03 22:04:38 | 000,000,000 | ---D | C] -- C:\Users\Wissam\Desktop\Hope
[2011/01/03 20:22:00 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
[2011/01/03 20:22:00 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys
[2011/01/03 20:22:00 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
[2011/01/03 20:22:00 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
[2011/01/03 20:21:59 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys
[2011/01/03 20:21:59 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
[2011/01/03 20:21:59 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
[2011/01/03 20:21:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C
[2011/01/03 19:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre
[2011/01/03 19:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2011/01/02 20:38:38 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Wissam\Desktop\HiJackThis.exe
[2011/01/01 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 3
[2011/01/01 18:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tamasoftware
[2011/01/01 18:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/01/01 18:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/29 19:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1285002348
[2010/12/29 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/29 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/29 19:11:28 | 000,504,880 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys
[2010/12/29 19:11:28 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\symtdiv.sys
[2010/12/29 19:11:28 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymDS64.sys
[2010/12/29 19:11:28 | 000,217,136 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymEFA64.sys
[2010/12/29 19:11:28 | 000,032,304 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys
[2010/12/29 19:11:27 | 000,146,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\Ironx64.sys
[2010/12/29 19:11:26 | 000,615,040 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\ccHPx64.sys
[2010/12/29 19:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/12/29 19:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1100000.088
[2010/12/29 19:10:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2010/12/29 19:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/12/29 19:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/12/27 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/12/23 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Local\Symantec
[2010/12/20 19:51:59 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/20 19:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/12/20 19:36:26 | 000,000,000 | ---D | C] -- C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImTOO
[2010/12/20 19:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
[2010/12/20 19:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
[2010/12/12 19:37:51 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

========== Files - Modified Within 30 Days ==========

[2055/09/19 09:29:11 | 000,002,012 | ---- | M] () -- C:\Windows\SysWow64\NAV_75_cltDynam.dat
[2011/01/06 20:05:39 | 000,000,600 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2011/01/06 20:04:40 | 000,002,649 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2011/01/06 19:43:09 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/06 19:43:09 | 000,610,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/06 19:43:09 | 000,104,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/06 18:56:59 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 18:56:59 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 18:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/06 18:51:42 | 3113,136,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 19:42:45 | 001,210,930 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2011/01/04 00:20:28 | 000,001,640 | ---- | M] () -- C:\Users\Wissam\Desktop\Sniper - Shortcut.lnk
[2011/01/04 00:19:20 | 000,002,981 | ---- | M] () -- C:\Users\Wissam\Desktop\HiJackThis.lnk
[2011/01/04 00:19:12 | 001,210,930 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\Cat.DB
[2011/01/03 23:38:44 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 22:35:59 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/03 19:49:12 | 000,001,047 | ---- | M] () -- C:\Users\Wissam\Desktop\PhotoFiltre.lnk
[2011/01/01 20:48:09 | 000,030,384 | RHS- | M] () -- C:\Windows\M1K6H4A5.vbs
[2011/01/01 18:44:16 | 000,002,257 | ---- | M] () -- C:\Users\Wissam\Desktop\Pepakura Designer 3.lnk
[2010/12/29 20:00:10 | 000,000,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/29 19:12:08 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/12/29 19:12:08 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/29 19:12:08 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/29 19:11:45 | 000,002,576 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/29 18:57:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/12/23 20:41:47 | 000,468,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/23 20:20:03 | 000,037,046 | ---- | M] () -- C:\Windows\SysWow64\unknown_mini_F66E9D2846EB4FF3B72297520C3FCE44.7z
[2010/12/20 19:36:27 | 000,001,208 | ---- | M] () -- C:\Users\Wissam\Desktop\ImTOO MP4 Video Converter 3.lnk
[2010/12/20 19:36:27 | 000,001,177 | ---- | M] () -- C:\Users\Wissam\Desktop\ImTOO MP4 Video Converter Wizard 3.lnk

========== Files Created - No Company Name ==========

[2011/01/05 19:42:36 | 001,210,930 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2011/01/04 19:48:44 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\isolate.ini
[2011/01/04 00:20:28 | 000,001,640 | ---- | C] () -- C:\Users\Wissam\Desktop\Sniper - Shortcut.lnk
[2011/01/04 00:19:19 | 000,002,981 | ---- | C] () -- C:\Users\Wissam\Desktop\HiJackThis.lnk
[2011/01/04 00:14:04 | 000,002,649 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/01/03 23:38:44 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 22:35:59 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/03 20:22:00 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
[2011/01/03 20:22:00 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
[2011/01/03 20:22:00 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
[2011/01/03 20:22:00 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
[2011/01/03 20:22:00 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
[2011/01/03 20:22:00 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf
[2011/01/03 20:22:00 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
[2011/01/03 20:22:00 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
[2011/01/03 20:22:00 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
[2011/01/03 20:21:59 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
[2011/01/03 20:21:59 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
[2011/01/03 20:21:59 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
[2011/01/03 20:21:59 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat
[2011/01/03 20:21:59 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf
[2011/01/03 20:21:59 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
[2011/01/03 20:21:59 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
[2011/01/03 20:21:41 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
[2011/01/03 19:49:11 | 000,001,047 | ---- | C] () -- C:\Users\Wissam\Desktop\PhotoFiltre.lnk
[2011/01/01 20:48:09 | 000,030,384 | RHS- | C] () -- C:\Windows\M1K6H4A5.vbs
[2011/01/01 18:44:16 | 000,002,257 | ---- | C] () -- C:\Users\Wissam\Desktop\Pepakura Designer 3.lnk
[2010/12/29 19:12:12 | 001,210,930 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\Cat.DB
[2010/12/29 19:12:08 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/12/29 19:12:08 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/12/29 19:11:45 | 000,002,576 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/29 19:11:02 | 000,003,375 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymEFA.inf
[2010/12/29 19:11:02 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymDS.inf
[2010/12/29 19:11:02 | 000,001,475 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymNetV.inf
[2010/12/29 19:11:02 | 000,001,447 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymNet.inf
[2010/12/29 19:11:01 | 000,001,840 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\ccHPx64.inf
[2010/12/29 19:11:01 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.inf
[2010/12/29 19:11:01 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.inf
[2010/12/29 19:11:01 | 000,000,773 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\Iron.inf
[2010/12/29 19:10:44 | 000,007,774 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\symnetv64.cat
[2010/12/29 19:10:44 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.cat
[2010/12/29 19:10:44 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymDS64.cat
[2010/12/29 19:10:44 | 000,007,401 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.cat
[2010/12/29 19:10:44 | 000,007,399 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\SymEFA64.cat
[2010/12/29 19:10:44 | 000,007,388 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\iron.cat
[2010/12/29 19:10:44 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\symnet64.cat
[2010/12/29 19:10:44 | 000,007,345 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\cchpx64.cat
[2010/12/29 19:10:44 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\isolate.ini
[2010/12/29 18:57:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/12/23 20:20:03 | 000,037,046 | ---- | C] () -- C:\Windows\SysWow64\unknown_mini_F66E9D2846EB4FF3B72297520C3FCE44.7z
[2010/12/20 19:36:27 | 000,001,208 | ---- | C] () -- C:\Users\Wissam\Desktop\ImTOO MP4 Video Converter 3.lnk
[2010/12/20 19:36:27 | 000,001,177 | ---- | C] () -- C:\Users\Wissam\Desktop\ImTOO MP4 Video Converter Wizard 3.lnk
[2010/11/30 20:19:51 | 000,006,858 | ---- | C] () -- C:\Users\Wissam\AppData\Roaming\PrimoPDFSet.xml
[2010/10/04 21:54:22 | 000,000,036 | ---- | C] () -- C:\Windows\CTWave32.ini
[2010/10/04 21:44:03 | 000,000,063 | ---- | C] () -- C:\Windows\SBWIN.INI
[2010/09/21 21:27:36 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 20:03:06 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/09/21 19:14:03 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/04/28 19:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini

========== LOP Check ==========

[2010/09/21 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\BatteryBar
[2011/01/06 20:05:39 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\BITS
[2010/09/21 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\FlashGet
[2010/09/21 20:02:55 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\FlashGetBHO
[2010/11/27 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\GetRightToGo
[2010/09/24 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\JAM Software
[2010/10/04 22:44:20 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\Nokia
[2010/10/04 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\Nokia Ovi Suite
[2010/09/25 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\Opera
[2010/10/04 22:36:29 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\PC Suite
[2011/01/05 19:46:27 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\Tific
[2010/09/22 00:07:39 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\UBitMenu
[2010/09/24 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Wissam\AppData\Roaming\XnView
[2010/12/27 17:30:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/10/29 19:14:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I0CCUQT.jar
[2010/10/23 20:10:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I2FUY3I.jar
[2010/10/23 20:10:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I2L06XO.jar
[2010/10/23 20:10:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I3LDGAA.jar
[2011/01/04 19:55:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I4SB74X.mht
[2010/10/29 19:14:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I5EVISS.jar
[2010/10/23 19:51:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I68GJ1L.jar
[2011/01/06 19:37:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I6EMB1H.bmp
[2010/10/23 19:04:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I6TJ4JI.jar
[2010/10/23 20:10:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I81WHP8.jar
[2011/01/06 19:38:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I8RJT2V.JPG
[2011/01/04 00:19:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$I8Y3Z4O
[2010/10/29 19:14:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IC6T5M1.jar
[2010/10/23 19:51:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IE428AJ.jar
[2010/11/03 19:07:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IFGJMI6.txt
[2010/10/23 19:51:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IFJQRFE.jar
[2010/10/23 19:51:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IFN861C.jar
[2010/10/23 20:10:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IG6L4FR.jar
[2010/10/23 19:51:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$II3YRV8.jar
[2011/01/06 21:19:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$IK6A9VS
[2010/11/04 19:59:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2155874388-3111399207-2435655445-1000\$ILO00M8
[2010/10/29 19:14:14 | 000,000,544 | ---- | M] () -- c:\$recycle.

SuperDave · « **Reply #3 on:** January 06, 2011, 05:05:32 PM »

Quote

:\Program Files (x86)\itisaluna\itisaluna.exe (which by the way, is my internet connection provider: a very well-known company here) to be scanned

No problem. I couldn't find any information about it which is why I was suspicious.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
********************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

:otl 
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MKH] C:\Windows\M1K6H4A5.vbs ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Panda USB and AutoRun Vaccine and save it to your desktop.

* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.

Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

wissamyoussif · « **Reply #4 on:** January 07, 2011, 08:25:02 AM »

Hi again, thanks SuperDave for your interest and help.
I've done everything you told me, and looks like all my flash drives are already clean, but it takes a few more days for me to be sure that everything is okay.
Here is the OTL report:

All processes killed
========== OTL ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKH deleted successfully.
File move failed. C:\Windows\M1K6H4A5.vbs scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Wissam
->Temp folder emptied: 214185 bytes
->Temporary Internet Files folder emptied: 5924504 bytes
->Java cache emptied: 1242810 bytes
->FireFox cache emptied: 35207074 bytes
->Flash cache emptied: 1216 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_181016

Files\Folders moved on Reboot...
C:\Windows\M1K6H4A5.vbs moved successfully.
C:\Users\Wissam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Wissam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEQU6S2V\index[1].htm moved successfully.

Registry entries deleted on Reboot...

Thanks again.

SuperDave · « **Reply #5 on:** January 07, 2011, 01:37:42 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

wissamyoussif · « **Reply #6 on:** January 08, 2011, 10:20:24 AM »

Hi SuperDave, here's the ESET list of found threats

C:\_OTL\MovedFiles\01072011_181016\C_Windows\M1K6H4A5.vbs   VBS/AutoRun.EJ worm   cleaned by deleting - quarantined
E:\Spiritual\software\bsss.exe   multiple threats   deleted - quarantined

and here's the log file

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.7930.16406 (WIN7_IE9_Beta.100831-2345)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=4bd5ee07eaf7e34791789a9fe2e98cbd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-08 05:14:46
# local_time=2011-01-08 08:14:46 (+0300, Arabic Standard Time)
# country="Iraq"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 414592 414592 0 0
# compatibility_mode=3588 16777214 85 85 865062 43349972 0 0
# compatibility_mode=5893 16776574 100 94 2166262 46953994 0 0
# compatibility_mode=8192 67108863 100 0 2890 2890 0 0
# scanned=105296
# found=2
# cleaned=2
# scan_time=2738
C:\_OTL\MovedFiles\01072011_181016\C_Windows\M1K6H4A5.vbs   VBS/AutoRun.EJ worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
E:\Spiritual\software\bsss.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C

Thanks.

SuperDave · « **Reply #7 on:** January 08, 2011, 12:14:19 PM »

How's everything running now? Any other issues?

wissamyoussif · « **Reply #8 on:** January 09, 2011, 10:52:25 AM »

Hi SuperDave, I've dumped Norton Internet Security 2010 which was installed in 3 of the computers I use, to the ComputerHope-recommended, free Avast! and Avira. Avast! still detects (and quarantines) the same virus every now and then (it's not on the machine whose security logs and reports I posted), still I can say that it looks like everything is under control. I used to use USB_GATE instead of Panda USB Vaccine but I've dumped that one too. Thanks again, friend.

SuperDave · « **Reply #9 on:** January 09, 2011, 07:22:47 PM »

You mentioned free Avast! and Avira. You're only supposed to run one AV program on your computer. More than one active AV can make a computer do some strange things. Let's do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

This will give you a new, clean Restore Point.
*********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

wissamyoussif · « **Reply #10 on:** January 10, 2011, 01:52:51 AM »

Dude, I'd already uninstalled NIS 2010 before I installed Avast! and Avira: do I still have to do the cleanup exactly in the same procedure?
And, honestly, does my (Thanks) count as a hit in your (Thanked) counter?
Thanks again.

SuperDave · « **Reply #11 on:** January 10, 2011, 01:46:47 PM »

Quote

Dude, I'd already uninstalled NIS 2010 before I installed Avast! and Avira: do I still have to do the cleanup exactly in the same procedure?
And, honestly, does my (Thanks) count as a hit in your (Thanked) counter?

But, do you still have Avast and Avira running on your computer? That would make two AV programs running at the same time.
Please do as much of the cleanup as possible and yes, the Thanked counter does work. That's how I get paid. LOL

wissamyoussif · « **Reply #12 on:** January 11, 2011, 09:55:59 AM »

Okay friend: cleanup done, softwares installed (one software per each category) and all my machines are doing great. Thanks a lot.

SuperDave · « **Reply #13 on:** January 11, 2011, 11:48:08 AM »

You're welcome. Tell your friends about us.

Computer Hope Forum

News:

Author Topic: Serious Virus (Read 8215 times)

wissamyoussif

Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus

wissamyoussif

Re: Serious Virus

SuperDave

Re: Serious Virus