Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Mandiant U.S.A. Cyber Security - Admin user only


  • This topic is locked This topic is locked
22 replies to this topic

#1 argeeleh

argeeleh

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 18 July 2013 - 10:37 PM

My laptop, (HP, Windows 7 with Norton Internet Security) was infected with the Mandiant U.S.A. Cyber Security on 7/15/2013 morning.  I have three user accounts, the only one that is infected is the Admin account.  The other two are fine.
 
Once I log into the admin account, the screen goes white and then it shows the Mandiant U.S.A. Cyber Security screen.  I tried to reboot with safe mode, but the system restarts right away, again, this only happens under the Admin account.  The other two accounts do not have admin privileges. 
 
I ran DSS.exe, but was not able to generate dds.txt or attach.txt files.  I read on other posts run RSIT.  Below is the log from RSIT

 

Please note that log was created from one of the two (non-admin) users that have not been infected.

 

 

Logfile of random's system information tool 1.09 (written by random/random)
Run by Samir & Fairuz at 2013-07-18 22:33:24
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 18 GB (7%) free of 275 GB
Total RAM: 3894 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:33 PM, on 7/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Samir & Fairuz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SelectionLinksBHO - {3352F334-A389-4004-A026-3A161A0C69A7} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16617 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 32926416
\??\C:\Windows\system32\conhost.exe "289986568-2025604186725211403835219725-1653520567-1756470410-15130163312141270033
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 2476
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {BBB6CC86-C322-4EE0-94E9-FCF081828E31}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart Prem C310 series#1306884361" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:209921 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:3224645 /prefetch:2
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:2896927 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe"
"C:\Users\Samir & Fairuz\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Communicator.job
C:\Windows\tasks\HPCeeScheduleForSamir Awad.job
C:\Windows\tasks\HPCeeScheduleForSAMIR$.job
C:\Windows\tasks\PC Optimizer Pro64 startups.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-24 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-16 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3352F334-A389-4004-A026-3A161A0C69A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-24 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-24 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-24 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-07-22 487424]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-07-19 1931024]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-08-31 611896]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 415256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-12-22 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-06-14 587320]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
""= []
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll [2010-09-16 464744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-18 22:27:00 ----D---- C:\Users\Samir & Fairuz\AppData\Roaming\HPAppData
2013-07-18 22:14:30 ----D---- C:\rsit
2013-07-18 22:14:30 ----D---- C:\Program Files\trend micro
2013-07-15 20:50:28 ----D---- C:\Windows\pss
2013-07-15 20:11:22 ----D---- C:\Windows\Minidump
2013-07-15 19:26:15 ----A---- C:\Windows\ntbtlog.txt
2013-07-11 03:38:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-07-11 03:38:25 ----A---- C:\Windows\system32\ieui.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iesysprep.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iesetup.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iernonce.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\ie4uinit.exe
2013-07-11 03:38:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-07-11 03:38:19 ----A---- C:\Windows\system32\iertutil.dll
2013-07-11 03:38:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-07-11 03:38:16 ----A---- C:\Windows\system32\msfeeds.dll
2013-07-11 03:38:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-07-11 03:38:15 ----A---- C:\Windows\system32\jscript.dll
2013-07-11 03:38:12 ----A---- C:\Windows\system32\jscript9.dll
2013-07-11 03:38:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-07-11 03:38:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-07-11 03:38:06 ----A---- C:\Windows\system32\urlmon.dll
2013-07-11 03:38:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-07-11 03:38:01 ----A---- C:\Windows\system32\jsproxy.dll
2013-07-11 03:37:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-07-11 03:37:57 ----A---- C:\Windows\system32\wininet.dll
2013-07-11 03:37:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-07-11 03:37:21 ----A---- C:\Windows\system32\ieframe.dll
2013-07-11 03:36:59 ----A---- C:\Windows\system32\mshtml.dll
2013-07-11 03:36:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-07-11 02:33:02 ----A---- C:\Windows\system32\qedit.dll
2013-07-11 02:33:01 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-07-11 02:32:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-07-11 02:32:55 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-07-11 02:32:01 ----A---- C:\Windows\system32\win32k.sys
2013-07-11 02:30:08 ----A---- C:\Windows\system32\DWrite.dll
2013-07-11 02:30:06 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-07-05 14:06:34 ----D---- C:\Program Files\iPod
2013-07-05 14:06:33 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:06:33 ----D---- C:\Program Files\iTunes
2013-07-05 14:06:33 ----D---- C:\Program Files (x86)\iTunes

======List of files/folders modified in the last 1 month======

2013-07-18 22:33:26 ----D---- C:\Windows\Temp
2013-07-18 22:32:42 ----D---- C:\Windows\Prefetch
2013-07-18 22:24:17 ----A---- C:\Windows\SYSWOW64\log.txt
2013-07-18 22:20:32 ----SHD---- C:\System Volume Information
2013-07-18 22:20:15 ----D---- C:\Windows\system32\config
2013-07-18 22:18:37 ----D---- C:\ProgramData\GameXN
2013-07-18 22:14:30 ----RD---- C:\Program Files
2013-07-18 17:17:42 ----D---- C:\Users\Samir & Fairuz\AppData\Roaming\Skype
2013-07-17 15:41:54 ----D---- C:\Windows\System32
2013-07-17 15:41:54 ----D---- C:\Windows\inf
2013-07-17 15:41:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-17 01:33:09 ----D---- C:\ProgramData\Recovery
2013-07-17 01:32:09 ----D---- C:\Windows\system32\LogFiles
2013-07-16 23:04:25 ----SD---- C:\Users\Samir & Fairuz\AppData\Roaming\Microsoft
2013-07-16 22:54:53 ----D---- C:\Windows\Tasks
2013-07-16 22:54:53 ----D---- C:\Windows\system32\wfp
2013-07-16 22:54:50 ----D---- C:\Windows\system32\wbem
2013-07-16 22:54:50 ----D---- C:\Windows
2013-07-16 22:53:54 ----D---- C:\Windows\SysWOW64
2013-07-16 22:53:54 ----D---- C:\Windows\system32\DriverStore
2013-07-16 22:53:54 ----D---- C:\Windows\system32\catroot2
2013-07-16 22:53:53 ----D---- C:\Windows\system32\CodeIntegrity
2013-07-16 22:53:48 ----D---- C:\ProgramData\RoxioNow
2013-07-16 22:53:47 ----D---- C:\ProgramData\Norton
2013-07-16 22:53:44 ----D---- C:\Windows\registration
2013-07-16 22:46:40 ----D---- C:\Windows\Logs
2013-07-16 07:23:40 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-12 16:16:04 ----SHD---- C:\Windows\Installer
2013-07-12 16:16:04 ----HD---- C:\Config.Msi
2013-07-12 16:11:15 ----D---- C:\Program Files (x86)
2013-07-11 05:38:40 ----D---- C:\Windows\Microsoft.NET
2013-07-11 05:38:39 ----RSD---- C:\Windows\assembly
2013-07-11 04:59:08 ----D---- C:\Windows\winsxs
2013-07-11 04:57:35 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 04:57:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 04:55:35 ----D---- C:\Program Files\Windows Defender
2013-07-11 04:55:35 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-11 04:55:35 ----D---- C:\Program Files (x86)\Internet Explorer
2013-07-11 04:55:33 ----D---- C:\Program Files\Internet Explorer
2013-07-11 04:38:20 ----D---- C:\ProgramData\Microsoft Help
2013-07-11 03:46:45 ----A---- C:\Windows\system32\MRT.exe
2013-07-11 03:39:53 ----D---- C:\Windows\system32\catroot
2013-07-05 14:06:33 ----HD---- C:\ProgramData
2013-06-25 08:27:11 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2010-06-15 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [2013-05-21 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [2013-05-23 1139800]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [2013-07-15 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-04-15 169048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-12-21 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130717.001\IDSvia64.sys [2013-06-04 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [2013-03-04 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [2013-03-04 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [2013-04-24 433752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2010-06-15 41272]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-03 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-16 138912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.004\ENG64.SYS [2013-07-16 126040]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.004\EX64.SYS [2013-07-16 2098776]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-06-14 8507392]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [2013-05-16 796760]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-07-22 515584]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-06-17 177312]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2010-08-16 39832]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2011-09-16 7680512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-12 232992]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-11 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-07-19 1429776]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2010-06-15 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-05-01 325656]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-07-19 838928]
R2 RoxioNow Service;RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2010-07-22 263168]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 256904]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-09 194032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]

-----------------EOF-----------------

 

 



BC AdBot (Login to Remove)

 


#2 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 18 July 2013 - 10:37 PM

My laptop, (HP, Windows 7 with Norton Internet Security) was infected with the Mandiant U.S.A. Cyber Security on 7/15/2013 morning.  I have three user accounts, the only one that is infected is the Admin account.  The other two are fine.
 
Once I log into the admin account, the screen goes white and then it shows the Mandiant U.S.A. Cyber Security screen.  I tried to reboot with safe mode, but the system restarts right away, again, this only happens under the Admin account.  The other two accounts do not have admin privileges. 
 
I ran DSS.exe, but was not able to generate dds.txt or attach.txt files.  I read on other posts run RSIT.  Below is the log from RSIT

 

Please note that log was created from one of the two (non-admin) users that have not been infected.

 

 

Logfile of random's system information tool 1.09 (written by random/random)
Run by Samir & Fairuz at 2013-07-18 22:33:24
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 18 GB (7%) free of 275 GB
Total RAM: 3894 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:33 PM, on 7/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Samir & Fairuz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SelectionLinksBHO - {3352F334-A389-4004-A026-3A161A0C69A7} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16617 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 32926416
\??\C:\Windows\system32\conhost.exe "289986568-2025604186725211403835219725-1653520567-1756470410-15130163312141270033
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 2476
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {BBB6CC86-C322-4EE0-94E9-FCF081828E31}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart Prem C310 series#1306884361" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:209921 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:3224645 /prefetch:2
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5900 CREDAT:2896927 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe"
"C:\Users\Samir & Fairuz\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Communicator.job
C:\Windows\tasks\HPCeeScheduleForSamir Awad.job
C:\Windows\tasks\HPCeeScheduleForSAMIR$.job
C:\Windows\tasks\PC Optimizer Pro64 startups.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-24 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-16 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3352F334-A389-4004-A026-3A161A0C69A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-24 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-24 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll [2013-05-30 509776]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-24 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-07-22 487424]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-07-19 1931024]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-08-31 611896]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 415256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-12-22 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-06-14 587320]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
""= []
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll [2010-09-16 464744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-18 22:27:00 ----D---- C:\Users\Samir & Fairuz\AppData\Roaming\HPAppData
2013-07-18 22:14:30 ----D---- C:\rsit
2013-07-18 22:14:30 ----D---- C:\Program Files\trend micro
2013-07-15 20:50:28 ----D---- C:\Windows\pss
2013-07-15 20:11:22 ----D---- C:\Windows\Minidump
2013-07-15 19:26:15 ----A---- C:\Windows\ntbtlog.txt
2013-07-11 03:38:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-07-11 03:38:25 ----A---- C:\Windows\system32\ieui.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-07-11 03:38:21 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iesysprep.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iesetup.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\iernonce.dll
2013-07-11 03:38:21 ----A---- C:\Windows\system32\ie4uinit.exe
2013-07-11 03:38:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-07-11 03:38:19 ----A---- C:\Windows\system32\iertutil.dll
2013-07-11 03:38:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-07-11 03:38:16 ----A---- C:\Windows\system32\msfeeds.dll
2013-07-11 03:38:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-07-11 03:38:15 ----A---- C:\Windows\system32\jscript.dll
2013-07-11 03:38:12 ----A---- C:\Windows\system32\jscript9.dll
2013-07-11 03:38:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-07-11 03:38:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-07-11 03:38:06 ----A---- C:\Windows\system32\urlmon.dll
2013-07-11 03:38:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-07-11 03:38:01 ----A---- C:\Windows\system32\jsproxy.dll
2013-07-11 03:37:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-07-11 03:37:57 ----A---- C:\Windows\system32\wininet.dll
2013-07-11 03:37:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-07-11 03:37:21 ----A---- C:\Windows\system32\ieframe.dll
2013-07-11 03:36:59 ----A---- C:\Windows\system32\mshtml.dll
2013-07-11 03:36:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-07-11 02:33:02 ----A---- C:\Windows\system32\qedit.dll
2013-07-11 02:33:01 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-07-11 02:32:57 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-07-11 02:32:55 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-07-11 02:32:01 ----A---- C:\Windows\system32\win32k.sys
2013-07-11 02:30:08 ----A---- C:\Windows\system32\DWrite.dll
2013-07-11 02:30:06 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-07-05 14:06:34 ----D---- C:\Program Files\iPod
2013-07-05 14:06:33 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:06:33 ----D---- C:\Program Files\iTunes
2013-07-05 14:06:33 ----D---- C:\Program Files (x86)\iTunes

======List of files/folders modified in the last 1 month======

2013-07-18 22:33:26 ----D---- C:\Windows\Temp
2013-07-18 22:32:42 ----D---- C:\Windows\Prefetch
2013-07-18 22:24:17 ----A---- C:\Windows\SYSWOW64\log.txt
2013-07-18 22:20:32 ----SHD---- C:\System Volume Information
2013-07-18 22:20:15 ----D---- C:\Windows\system32\config
2013-07-18 22:18:37 ----D---- C:\ProgramData\GameXN
2013-07-18 22:14:30 ----RD---- C:\Program Files
2013-07-18 17:17:42 ----D---- C:\Users\Samir & Fairuz\AppData\Roaming\Skype
2013-07-17 15:41:54 ----D---- C:\Windows\System32
2013-07-17 15:41:54 ----D---- C:\Windows\inf
2013-07-17 15:41:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-17 01:33:09 ----D---- C:\ProgramData\Recovery
2013-07-17 01:32:09 ----D---- C:\Windows\system32\LogFiles
2013-07-16 23:04:25 ----SD---- C:\Users\Samir & Fairuz\AppData\Roaming\Microsoft
2013-07-16 22:54:53 ----D---- C:\Windows\Tasks
2013-07-16 22:54:53 ----D---- C:\Windows\system32\wfp
2013-07-16 22:54:50 ----D---- C:\Windows\system32\wbem
2013-07-16 22:54:50 ----D---- C:\Windows
2013-07-16 22:53:54 ----D---- C:\Windows\SysWOW64
2013-07-16 22:53:54 ----D---- C:\Windows\system32\DriverStore
2013-07-16 22:53:54 ----D---- C:\Windows\system32\catroot2
2013-07-16 22:53:53 ----D---- C:\Windows\system32\CodeIntegrity
2013-07-16 22:53:48 ----D---- C:\ProgramData\RoxioNow
2013-07-16 22:53:47 ----D---- C:\ProgramData\Norton
2013-07-16 22:53:44 ----D---- C:\Windows\registration
2013-07-16 22:46:40 ----D---- C:\Windows\Logs
2013-07-16 07:23:40 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-12 16:16:04 ----SHD---- C:\Windows\Installer
2013-07-12 16:16:04 ----HD---- C:\Config.Msi
2013-07-12 16:11:15 ----D---- C:\Program Files (x86)
2013-07-11 05:38:40 ----D---- C:\Windows\Microsoft.NET
2013-07-11 05:38:39 ----RSD---- C:\Windows\assembly
2013-07-11 04:59:08 ----D---- C:\Windows\winsxs
2013-07-11 04:57:35 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 04:57:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 04:55:35 ----D---- C:\Program Files\Windows Defender
2013-07-11 04:55:35 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-11 04:55:35 ----D---- C:\Program Files (x86)\Internet Explorer
2013-07-11 04:55:33 ----D---- C:\Program Files\Internet Explorer
2013-07-11 04:38:20 ----D---- C:\ProgramData\Microsoft Help
2013-07-11 03:46:45 ----A---- C:\Windows\system32\MRT.exe
2013-07-11 03:39:53 ----D---- C:\Windows\system32\catroot
2013-07-05 14:06:33 ----HD---- C:\ProgramData
2013-06-25 08:27:11 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2010-06-15 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [2013-05-21 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [2013-05-23 1139800]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [2013-07-15 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-04-15 169048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-12-21 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130717.001\IDSvia64.sys [2013-06-04 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [2013-03-04 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [2013-03-04 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [2013-04-24 433752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2010-06-15 41272]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-03 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-16 138912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.004\ENG64.SYS [2013-07-16 126040]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.004\EX64.SYS [2013-07-16 2098776]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-06-14 8507392]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [2013-05-16 796760]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-07-22 515584]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-06-17 177312]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2010-08-16 39832]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2011-09-16 7680512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-12 232992]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-11 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-07-19 1429776]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2010-06-15 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-05-01 325656]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-07-19 838928]
R2 RoxioNow Service;RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2010-07-22 263168]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 256904]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-09 194032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]

-----------------EOF-----------------

 

 

Attached Files



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 19 July 2013 - 12:39 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2013 - 11:13 AM

Thank you Marius for helping me out.  Just to let you know, I work many hours will be following your instructions when I get home at night.  Thanks for you patience.



#5 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2013 - 04:00 PM

Marius,  Here are the two files.  Please note that when I first ran the exe file, it told me I have the old version and asked if I wanted to update.  I declined not know what is the best option.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Samir & Fairuz (administrator) on 19-07-2013 15:54:24
Running from C:\Users\Samir & Fairuz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV6H09R1
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-22] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Kids\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Kids\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Kids\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-22] (Google Inc.)
HKU\Kids\...\Run: [Facebook Update] - "C:\Users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-04] (Facebook Inc.)
HKU\Kids\...\Policies\system: [LogonHoursAction] 2
HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Samir Awad\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Samir Awad\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Samir Awad\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2040 2011-09-16] ()
HKU\Samir Awad\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Samir Awad\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [347008 2011-09-10] (EasyBits Software AS)
HKU\Samir Awad\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Samir Awad\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Samir Awad\...\Policies\system: [LogonHoursAction] 2
HKU\Samir Awad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Samir Awad\...\Winlogon: [Shell] explorer.exe,C:\Users\Samir Awad\AppData\Roaming\cache.dat <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm014YYus&ptb=19AD8608-0B1E-4C5B-98DF-E592DD369655&psa=&ind=2011062717&ptnrS=XQxdm014YYus&si=&st=sb&n=77de61bd&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3352F334-A389-4004-A026-3A161A0C69A7} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Updater By SweetPacks) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0
CHR Extension: (Norton Identity Protection) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
CHR Extension: (Gmail) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Samir Awad\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130718.001\IDSvia64.sys [513184 2013-06-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130718.001\IDSvia64.sys [513184 2013-06-04] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.033\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.033\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.033\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130718.033\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-19 15:53 - 2013-07-19 15:53 - 00000000 ____D C:\FRST
2013-07-18 22:18 - 2013-07-18 22:33 - 00050753 _____ C:\Users\Samir & Fairuz\Desktop\RSIT 7-18-2013.txt
2013-07-18 22:14 - 2013-07-18 22:33 - 00000000 ____D C:\Program Files\trend micro
2013-07-18 22:14 - 2013-07-18 22:14 - 00000000 ____D C:\rsit
2013-07-18 22:13 - 2013-07-18 22:13 - 00935175 _____ C:\Users\Samir & Fairuz\Desktop\RSITx64.exe
2013-07-17 22:07 - 2013-07-17 22:07 - 00688992 ____R (Swearware) C:\Users\Samir & Fairuz\Desktop\dds.com
2013-07-17 21:55 - 2013-07-17 21:55 - 00688992 _____ (Swearware) C:\Users\Samir & Fairuz\Downloads\dds.com
2013-07-16 22:57 - 2013-07-18 17:17 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2F3530E3-A931-4157-BF9E-C1BD6F7008A8}
2013-07-16 20:23 - 2013-07-16 20:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{79307668-753B-48D4-AA5E-FB4C645FDBBE}
2013-07-16 15:33 - 2013-07-16 15:43 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Microsoft Games
2013-07-16 10:42 - 2013-07-16 10:42 - 00000000 ____D C:\Users\Kids\Desktop\iphone pictures 4
2013-07-16 08:23 - 2013-07-16 08:30 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2013-07-16 08:16 - 2013-07-16 08:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{16830AA1-44E5-4844-95A8-5A89347704E3}
2013-07-15 20:50 - 2013-07-16 16:21 - 00000000 ____D C:\Windows\pss
2013-07-15 20:15 - 2013-07-15 20:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{A67CC648-F42A-4389-96C3-10E96DF1D9DF}
2013-07-15 20:11 - 2013-07-15 20:11 - 353035999 _____ C:\Windows\MEMORY.DMP
2013-07-15 20:11 - 2013-07-15 20:11 - 00272104 _____ C:\Windows\Minidump\071513-24507-01.dmp
2013-07-15 20:11 - 2013-07-15 20:11 - 00000000 ____D C:\Windows\Minidump
2013-07-15 19:51 - 2013-07-15 19:52 - 00002632 _____ C:\Users\Kids\Desktop\Rkill.txt
2013-07-15 19:51 - 2013-07-15 19:52 - 00000000 ____D C:\Users\Kids\Desktop\rkill
2013-07-15 19:51 - 2013-07-15 19:51 - 01004672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill64.com
2013-07-15 19:50 - 2013-07-15 19:50 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill.com
2013-07-15 17:42 - 2013-07-15 17:42 - 00003090 _____ C:\Users\Samir & Fairuz\Desktop\Norton Online Backup.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003043 _____ C:\Users\Samir & Fairuz\Desktop\HP Power Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003028 _____ C:\Users\Samir & Fairuz\Desktop\Sprint.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003014 _____ C:\Users\Samir & Fairuz\Desktop\eBay.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002996 _____ C:\Users\Samir & Fairuz\Desktop\HP MovieStore.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002956 _____ C:\Users\Samir & Fairuz\Desktop\Welcome to Fences.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002950 _____ C:\Users\Samir & Fairuz\Desktop\HP CloudDrive.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002926 _____ C:\Users\Samir & Fairuz\Desktop\HP Documentation.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002921 _____ C:\Users\Samir & Fairuz\Desktop\HP MediaSmart SmartMenu.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002914 _____ C:\Users\Samir & Fairuz\Desktop\Snapfish.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002888 _____ C:\Users\Samir & Fairuz\Desktop\HP Recovery Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002883 _____ C:\Users\Samir & Fairuz\Desktop\Microsoft Office 2010.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002790 _____ C:\Users\Samir & Fairuz\Desktop\Play HP Games.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002785 _____ C:\Users\Samir & Fairuz\Desktop\HP Photo Creations.lnk
2013-07-15 06:39 - 2013-07-15 06:39 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{710B3498-338A-4FA4-8552-E43569B323FD}
2013-07-15 06:31 - 2013-07-16 23:57 - 00000004 _____ C:\Users\Samir Awad\AppData\Roaming\cache.ini
2013-07-11 17:51 - 2013-07-13 07:59 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{96B3838C-60E8-47E0-B360-89F34C00B0FF}
2013-07-11 03:38 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:38 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:38 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:38 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:38 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:38 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:38 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:38 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:37 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:37 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:37 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:37 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:36 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:36 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:33 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 02:33 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 02:32 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 02:32 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 02:32 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 02:30 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 02:30 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:44 - 2013-07-05 17:45 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{E9FF2F39-84AF-43C2-95EE-0C7A714DDC5A}
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 14:06 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iPod
2013-06-30 12:24 - 2013-06-30 12:24 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2845D3BC-19CE-46A5-8820-2FD0F557B35D}
2013-06-25 16:29 - 2013-06-25 18:22 - 00000000 ____D C:\Users\Samir Awad\Desktop\patti
2013-06-24 10:42 - 2013-06-24 10:42 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Unity
2013-06-24 10:36 - 2013-06-24 10:36 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\Unity
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{5DF71BED-670E-43EE-8155-C20C2D23B80D}

==================== One Month Modified Files and Folders =======

2013-07-19 15:53 - 2013-07-19 15:53 - 00000000 ____D C:\FRST
2013-07-19 15:50 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 15:50 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 15:43 - 2013-03-03 10:50 - 00000000 ____D C:\Users\Samir & Fairuz\AppData\Roaming\Skype
2013-07-19 15:23 - 2012-06-17 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 15:20 - 2012-01-03 07:06 - 00000334 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-19 15:16 - 2011-12-22 12:54 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-19 15:11 - 2011-02-08 03:39 - 01500899 _____ C:\Windows\WindowsUpdate.log
2013-07-19 13:10 - 2012-05-19 20:42 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job
2013-07-18 22:33 - 2013-07-18 22:18 - 00050753 _____ C:\Users\Samir & Fairuz\Desktop\RSIT 7-18-2013.txt
2013-07-18 22:33 - 2013-07-18 22:14 - 00000000 ____D C:\Program Files\trend micro
2013-07-18 22:21 - 2011-12-22 12:54 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 22:21 - 2011-06-27 07:16 - 00000420 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-07-18 22:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 22:21 - 2009-07-13 23:51 - 00080434 _____ C:\Windows\setupact.log
2013-07-18 22:18 - 2011-09-10 11:08 - 00000000 ____D C:\ProgramData\GameXN
2013-07-18 22:14 - 2013-07-18 22:14 - 00000000 ____D C:\rsit
2013-07-18 22:13 - 2013-07-18 22:13 - 00935175 _____ C:\Users\Samir & Fairuz\Desktop\RSITx64.exe
2013-07-18 19:44 - 2011-09-19 21:09 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\ZumoDrive
2013-07-18 18:57 - 2012-05-19 20:42 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job
2013-07-18 17:17 - 2013-07-16 22:57 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2F3530E3-A931-4157-BF9E-C1BD6F7008A8}
2013-07-18 17:16 - 2011-07-31 10:29 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\go
2013-07-17 22:07 - 2013-07-17 22:07 - 00688992 ____R (Swearware) C:\Users\Samir & Fairuz\Desktop\dds.com
2013-07-17 21:55 - 2013-07-17 21:55 - 00688992 _____ (Swearware) C:\Users\Samir & Fairuz\Downloads\dds.com
2013-07-17 15:41 - 2009-07-14 00:13 - 00730532 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 01:33 - 2010-10-16 11:55 - 00000000 ____D C:\ProgramData\Recovery
2013-07-16 23:57 - 2013-07-15 06:31 - 00000004 _____ C:\Users\Samir Awad\AppData\Roaming\cache.ini
2013-07-16 23:57 - 2011-06-01 08:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\CrashDumps
2013-07-16 22:59 - 2012-02-27 23:32 - 00000000 ____D C:\Users\Samir & Fairuz
2013-07-16 22:56 - 2011-05-30 10:36 - 00000000 ____D C:\Users\Samir Awad\Tracing
2013-07-16 22:53 - 2012-02-27 23:41 - 00000000 ____D C:\Users\Kids
2013-07-16 22:53 - 2011-05-29 16:01 - 00000000 ____D C:\Users\Samir Awad
2013-07-16 22:53 - 2011-02-08 04:04 - 00000000 ____D C:\ProgramData\Norton
2013-07-16 22:53 - 2011-02-08 04:01 - 00000000 ____D C:\ProgramData\RoxioNow
2013-07-16 22:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-16 20:23 - 2013-07-16 20:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{79307668-753B-48D4-AA5E-FB4C645FDBBE}
2013-07-16 16:21 - 2013-07-15 20:50 - 00000000 ____D C:\Windows\pss
2013-07-16 16:09 - 2011-02-08 03:44 - 00121252 _____ C:\Windows\PFRO.log
2013-07-16 15:43 - 2013-07-16 15:33 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Microsoft Games
2013-07-16 10:42 - 2013-07-16 10:42 - 00000000 ____D C:\Users\Kids\Desktop\iphone pictures 4
2013-07-16 08:30 - 2013-07-16 08:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2013-07-16 08:16 - 2013-07-16 08:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{16830AA1-44E5-4844-95A8-5A89347704E3}
2013-07-16 07:24 - 2011-05-31 20:07 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-16 07:23 - 2011-11-08 19:01 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-15 20:16 - 2013-07-15 20:15 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{A67CC648-F42A-4389-96C3-10E96DF1D9DF}
2013-07-15 20:11 - 2013-07-15 20:11 - 353035999 _____ C:\Windows\MEMORY.DMP
2013-07-15 20:11 - 2013-07-15 20:11 - 00272104 _____ C:\Windows\Minidump\071513-24507-01.dmp
2013-07-15 20:11 - 2013-07-15 20:11 - 00000000 ____D C:\Windows\Minidump
2013-07-15 19:52 - 2013-07-15 19:51 - 00002632 _____ C:\Users\Kids\Desktop\Rkill.txt
2013-07-15 19:52 - 2013-07-15 19:51 - 00000000 ____D C:\Users\Kids\Desktop\rkill
2013-07-15 19:51 - 2013-07-15 19:51 - 01004672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill64.com
2013-07-15 19:50 - 2013-07-15 19:50 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill.com
2013-07-15 17:42 - 2013-07-15 17:42 - 00003090 _____ C:\Users\Samir & Fairuz\Desktop\Norton Online Backup.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003043 _____ C:\Users\Samir & Fairuz\Desktop\HP Power Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003028 _____ C:\Users\Samir & Fairuz\Desktop\Sprint.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003014 _____ C:\Users\Samir & Fairuz\Desktop\eBay.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002996 _____ C:\Users\Samir & Fairuz\Desktop\HP MovieStore.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002956 _____ C:\Users\Samir & Fairuz\Desktop\Welcome to Fences.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002950 _____ C:\Users\Samir & Fairuz\Desktop\HP CloudDrive.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002926 _____ C:\Users\Samir & Fairuz\Desktop\HP Documentation.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002921 _____ C:\Users\Samir & Fairuz\Desktop\HP MediaSmart SmartMenu.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002914 _____ C:\Users\Samir & Fairuz\Desktop\Snapfish.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002888 _____ C:\Users\Samir & Fairuz\Desktop\HP Recovery Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002883 _____ C:\Users\Samir & Fairuz\Desktop\Microsoft Office 2010.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002790 _____ C:\Users\Samir & Fairuz\Desktop\Play HP Games.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002785 _____ C:\Users\Samir & Fairuz\Desktop\HP Photo Creations.lnk
2013-07-15 06:39 - 2013-07-15 06:39 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{710B3498-338A-4FA4-8552-E43569B323FD}
2013-07-13 07:59 - 2013-07-11 17:51 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{96B3838C-60E8-47E0-B360-89F34C00B0FF}
2013-07-12 20:50 - 2013-06-02 14:10 - 00000000 ____D C:\Users\Samir Awad\Desktop\cruise
2013-07-12 16:11 - 2011-12-22 12:54 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 16:11 - 2011-12-22 12:54 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 04:58 - 2009-07-13 23:45 - 00436720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 04:57 - 2013-03-14 07:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 04:57 - 2013-03-14 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 04:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 04:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 04:38 - 2011-06-06 19:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 03:46 - 2011-05-29 22:43 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 16:55 - 2011-05-29 23:35 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSAMIR$
2013-07-07 16:55 - 2011-05-29 23:35 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForSAMIR$.job
2013-07-05 17:45 - 2013-07-05 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{E9FF2F39-84AF-43C2-95EE-0C7A714DDC5A}
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 14:06 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iPod
2013-07-05 11:48 - 2012-09-15 08:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Skype
2013-07-01 23:05 - 2011-11-01 19:49 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSamir Awad.job
2013-07-01 22:56 - 2011-06-05 09:59 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Skype
2013-06-30 12:24 - 2013-06-30 12:24 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2845D3BC-19CE-46A5-8820-2FD0F557B35D}
2013-06-27 09:47 - 2012-03-21 19:16 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Google
2013-06-25 18:22 - 2013-06-25 16:29 - 00000000 ____D C:\Users\Samir Awad\Desktop\patti
2013-06-25 08:27 - 2011-11-01 19:49 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSamir Awad
2013-06-25 08:24 - 2012-03-21 22:12 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\CrashDumps
2013-06-24 22:05 - 2011-12-09 23:56 - 00000000 ____D C:\Users\Samir Awad\Documents\Outlook Files
2013-06-24 10:42 - 2013-06-24 10:42 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Unity
2013-06-24 10:36 - 2013-06-24 10:36 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\Unity
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{5DF71BED-670E-43EE-8155-C20C2D23B80D}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-952981719-3757993927-2282463420-1001\$ea862fa9f0256ac5ef9f2a8a40c50e2a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

Files to move or delete:
====================
C:\Users\Samir Awad\AppData\Roaming\cache.dat
C:\Users\Samir Awad\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-13 00:17

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by Samir & Fairuz at 2013-07-19 15:55:51
Running from C:\Users\Samir & Fairuz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV6H09R1
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Applian Director (x32 Version: 2.1)
Audacity 1.3.13 (Unicode) (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.1.361.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
BufferChm (x32 Version: 140.0.212.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
C310 (x32 Version: 140.0.304.000)
Cake Mania (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco Connect (x32 Version: 1.4.11245.0)
Clone2Go Video Converter Professional 2.0.0 (x32)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
CyberLink DVD Suite (x32 Version: 7.0.3320)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Energy Star Digital Logo (x32 Version: 1.0.1)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (x32 Version: 1.0.1.312.19219)
Final Drive Nitro (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth (x32 Version: 7.1.1.1580)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 140.0.211.000)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Documentation (x32 Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.1.5)
HP MediaSmart DVD (x32 Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (x32 Version: 4.2.4604)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart Webcam (x32 Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.023)
HP MovieStore (x32 Version: 2.0.2)
HP Photo Creations (x32 Version: 1.0.0.6972)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Power Manager (x32 Version: 1.2.3)
HP Quick Launch (x32 Version: 2.4.4)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Software Framework (x32 Version: 4.1.8.1)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HP Wireless Assistant (Version: 4.0.10.0)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Hulu Desktop (HKCU Version: 0.9.13)
iCloud (Version: 2.1.2.8)
IDT Audio (x32 Version: 1.0.6292.0)
Imaging Device Functions 14.0 (Version: 14.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel® Wireless Display (Version: 1.2.21.0)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.6.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (x32 Version: 6.0.290)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.3220)
LightScribe System Software (x32 Version: 1.18.18.1)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (x32 Version: 20.4.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4419)
PowerDirector (x32 Version: 8.0.3320)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000)
QuickTime (x32 Version: 7.74.80.86)
QuickTransfer (x32 Version: 140.0.98.000)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Recovery Manager (x32 Version: 5.5.3223)
Replay Video Capture 6 (x32 Version: 6.0.6.1)
RoxioNow Player (x32 Version: 1.9.5.101)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
Skype Toolbars (x32 Version: 5.3.7280)
Skype™ 6.3 (x32 Version: 6.3.105)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
SolveigMM Video Splitter (x32 Version: 3.6.1301.16)
Status (x32 Version: 140.0.256.000)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Times Reader (x32 Version: 2.055)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
TurboTax 2011 (x32)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2837)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0449)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0212)
TurboTax 2011 wksiper (x32 Version: 011.000.1545)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
WebReg (x32 Version: 140.0.212.017)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Yahoo! Detect (x32)
Yahoo! Software Update (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

10-07-2013 12:15:33 Scheduled Checkpoint
11-07-2013 08:00:21 Windows Update
16-07-2013 21:26:34 Restore Operation

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {068BA945-7EC2-45F3-AF74-58FA6731176E} - System32\Tasks\{7D144B16-0B7D-4C44-B383-6A87BDA9EFDE} => C:\Program Files\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {107692F3-57A1-422A-9F9B-BD8C785A6E33} - System32\Tasks\{773D0299-A5C3-4A94-83BE-14048DB8C38A} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {13D4623C-ABF8-425F-9064-26B4FAE74CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1C98A6CC-5D4B-4F0C-88CE-9F8BE478AC17} - System32\Tasks\{9688A36A-A25B-4FE7-9F7B-4156E6D9E163} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {1CFEDD94-0055-4C9F-B011-9FA4E2F1EF06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22] (Google Inc.)
Task: {249EA819-4F3C-4D5B-A6AA-F73EC62409BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core => C:\Users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-04] (Facebook Inc.)
Task: {49B8E086-D5C8-4320-8735-C0C80120CB7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {53289FB6-E926-4B2F-B59D-36E4D329C6C7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {56149053-1118-489B-83AD-0B7AEA737DB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {605860AE-554A-41AA-BB61-A25071857ECF} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-01-03] ()
Task: {6519C811-6A84-4B80-A64C-CB6ED9745EDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-05] (Hewlett-Packard)
Task: {68B397DA-F018-46BF-BAFF-5A56EE745E31} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {68CC6034-13F9-42C0-888C-6560476B634D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {756C0EFC-9804-480E-B905-0263D1024C51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {87344AE9-0CAA-4ECA-AE5B-1A752DFF87E3} - System32\Tasks\{1CD45E4A-5785-4A77-9036-42ED6FDF128C} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {91B3231A-65BD-46A9-8699-E569B383E870} - System32\Tasks\{846B9287-9C87-4A68-98F7-2688C691A1C9} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {9904B75F-0C1C-4181-801F-7F9F326498A3} - System32\Tasks\{02EA1646-FD59-4C86-8159-82991F361192} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {A91D1130-B44C-490D-B082-98D4FB23B664} - System32\Tasks\HPCeeScheduleForSAMIR$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {AE277FCD-6804-4B93-849E-B617AA4EFADB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA => C:\Users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-04] (Facebook Inc.)
Task: {AFA4F917-95A1-4830-BE78-9BF6FFD5B91A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22] (Google Inc.)
Task: {B6E88708-CEA9-4AC4-A37E-15B8263A4BEA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {BAB7A221-9844-4F24-93C7-A4F36E8001E6} - System32\Tasks\{D4FF5A26-BEFA-48CD-8734-3EFC962D5930} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {C2F0C245-A5EA-4E22-A75E-25A7F8A47A8F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CBAF302D-D80A-435E-8D01-447826F9C3BC} - System32\Tasks\HPCeeScheduleForSamir Awad => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D1BB7BF2-A35C-440C-A1F6-A982CA1916B8} - System32\Tasks\WPD\SqmUpload_S-1-5-21-952981719-3757993927-2282463420-1006 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {E1ED89CE-4557-4AFB-BCE3-747E671772EC} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe No File
Task: {E439039B-CC15-4313-8CC8-946713DB659B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {EDC120F0-406D-4E04-A46D-86BCB4203C64} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {EE6B09C8-76E5-40E8-B6CC-611A45D1B612} - System32\Tasks\WPD\SqmUpload_S-1-5-21-952981719-3757993927-2282463420-1007 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {F4094C81-B886-4BCE-AA0D-782770BBCC8A} - System32\Tasks\{3E0F1956-6384-4999-98CF-6E8654C73AED} => C:\Program Files\Internet Explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {FD81A5E1-7153-4FE2-AA03-1E78A4CFC6C7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job => C:\Users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job => C:\Users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSamir Awad.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSAMIR$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:11:05 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

System errors:
=============
Error: (07/18/2013 10:21:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/18/2013 10:21:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/18/2013 10:21:28 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/18/2013 10:21:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/17/2013 09:37:25 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/16/2013 10:55:21 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/16/2013 10:55:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (07/16/2013 10:55:07 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2013 10:55:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/16/2013 10:46:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:41:53 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:41:50 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Samir.local. Addr 192.168.1.105

Error: (07/19/2013 03:11:08 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.1:32768    4 samir.local. Addr 192.168.1.1

Error: (07/19/2013 03:11:05 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Samir.local already in use; will try Samir-2.local instead

CodeIntegrity Errors:
===================================
  Date: 2012-04-06 09:03:28.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-06 09:03:28.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3893.86 MB
Available physical RAM: 1968.04 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5290.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:268.82 GB) (Free:17.28 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:28.97 GB) (Free:4.25 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DE1C2D32)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 20 July 2013 - 05:07 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\n. ATTENTION! ====> ZeroAccess
    HKU\Samir Awad\...\Winlogon: [Shell] explorer.exe,C:\Users\Samir Awad\AppData\Roaming\cache.dat <==== ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 - {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm014YYus&ptb=19AD8608-0B1E-4C5B-98DF-E592DD369655&psa=&ind=2011062717&ptnrS=XQxdm014YYus&si=&st=sb&n=77de61bd&searchfor={searchTerms}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
    SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO-x32: No Name - {3352F334-A389-4004-A026-3A161A0C69A7} -  No File
    CHR Extension: (Updater By SweetPacks) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0
    CHR Extension: (SweetPacks Chrome Extension) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
    
    C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\n
    C:\Users\Samir Awad\AppData\Roaming\cache.dat
    C:\$Recycle.Bin\S-1-5-21-952981719-3757993927-2282463420-1001\$ea862fa9f0256ac5ef9f2a8a40c50e2a
    C:\Users\Samir Awad\AppData\Roaming\cache.ini
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 20 July 2013 - 08:46 AM

I apparently did not save the frst64.exe on the laptop, I just ran the exe file, it generated the txt files in notepad and I copied and paste from there.  I can't seem to find the txt files.  Sorry for mix-up.  Please advice



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 21 July 2013 - 07:24 AM

Then download it again from the link in my first reply and run the fix as posted above.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 21 July 2013 - 11:03 AM

Here is the FRST file.  No Addition file was created

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by Samir & Fairuz (administrator) on 21-07-2013 10:57:04
Running from C:\Users\Samir & Fairuz\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-22] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Samir Awad\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Samir Awad\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Samir Awad\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2040 2011-09-16] ()
HKU\Samir Awad\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Samir Awad\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [347008 2011-09-10] (EasyBits Software AS)
HKU\Samir Awad\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Samir Awad\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Samir Awad\...\Policies\system: [LogonHoursAction] 2
HKU\Samir Awad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Samir Awad\...\Winlogon: [Shell] explorer.exe,C:\Users\Samir Awad\AppData\Roaming\cache.dat <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {ac2e4ae7-2d16-45ea-991c-2441dfd05696} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm014YYus&ptb=19AD8608-0B1E-4C5B-98DF-E592DD369655&psa=&ind=2011062717&ptnrS=XQxdm014YYus&si=&st=sb&n=77de61bd&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={EC2EE9FC-A7BE-11E2-A532-B086246198AF}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3352F334-A389-4004-A026-3A161A0C69A7} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Updater By SweetPacks) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0
CHR Extension: (Norton Identity Protection) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0
CHR Extension: (Gmail) - C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Samir Awad\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-06-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-06-04] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-21 10:55 - 2013-07-21 10:55 - 01779345 _____ (Farbar) C:\Users\Samir & Fairuz\Desktop\FRST64.exe
2013-07-20 08:19 - 2013-07-20 08:19 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 15:53 - 2013-07-19 15:53 - 00000000 ____D C:\FRST
2013-07-18 22:18 - 2013-07-18 22:33 - 00050753 _____ C:\Users\Samir & Fairuz\Desktop\RSIT 7-18-2013.txt
2013-07-18 22:14 - 2013-07-18 22:33 - 00000000 ____D C:\Program Files\trend micro
2013-07-18 22:14 - 2013-07-18 22:14 - 00000000 ____D C:\rsit
2013-07-18 22:13 - 2013-07-18 22:13 - 00935175 _____ C:\Users\Samir & Fairuz\Desktop\RSITx64.exe
2013-07-17 22:07 - 2013-07-17 22:07 - 00688992 ____R (Swearware) C:\Users\Samir & Fairuz\Desktop\dds.com
2013-07-17 21:55 - 2013-07-17 21:55 - 00688992 _____ (Swearware) C:\Users\Samir & Fairuz\Downloads\dds.com
2013-07-16 22:57 - 2013-07-18 17:17 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2F3530E3-A931-4157-BF9E-C1BD6F7008A8}
2013-07-16 20:23 - 2013-07-16 20:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{79307668-753B-48D4-AA5E-FB4C645FDBBE}
2013-07-16 15:33 - 2013-07-16 15:43 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Microsoft Games
2013-07-16 10:42 - 2013-07-16 10:42 - 00000000 ____D C:\Users\Kids\Desktop\iphone pictures 4
2013-07-16 08:23 - 2013-07-16 08:30 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2013-07-16 08:16 - 2013-07-16 08:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{16830AA1-44E5-4844-95A8-5A89347704E3}
2013-07-15 20:50 - 2013-07-16 16:21 - 00000000 ____D C:\Windows\pss
2013-07-15 20:15 - 2013-07-15 20:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{A67CC648-F42A-4389-96C3-10E96DF1D9DF}
2013-07-15 20:11 - 2013-07-15 20:11 - 353035999 _____ C:\Windows\MEMORY.DMP
2013-07-15 20:11 - 2013-07-15 20:11 - 00272104 _____ C:\Windows\Minidump\071513-24507-01.dmp
2013-07-15 20:11 - 2013-07-15 20:11 - 00000000 ____D C:\Windows\Minidump
2013-07-15 19:51 - 2013-07-15 19:52 - 00002632 _____ C:\Users\Kids\Desktop\Rkill.txt
2013-07-15 19:51 - 2013-07-15 19:52 - 00000000 ____D C:\Users\Kids\Desktop\rkill
2013-07-15 19:51 - 2013-07-15 19:51 - 01004672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill64.com
2013-07-15 19:50 - 2013-07-15 19:50 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill.com
2013-07-15 17:42 - 2013-07-15 17:42 - 00003090 _____ C:\Users\Samir & Fairuz\Desktop\Norton Online Backup.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003043 _____ C:\Users\Samir & Fairuz\Desktop\HP Power Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003028 _____ C:\Users\Samir & Fairuz\Desktop\Sprint.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003014 _____ C:\Users\Samir & Fairuz\Desktop\eBay.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002996 _____ C:\Users\Samir & Fairuz\Desktop\HP MovieStore.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002956 _____ C:\Users\Samir & Fairuz\Desktop\Welcome to Fences.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002950 _____ C:\Users\Samir & Fairuz\Desktop\HP CloudDrive.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002926 _____ C:\Users\Samir & Fairuz\Desktop\HP Documentation.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002921 _____ C:\Users\Samir & Fairuz\Desktop\HP MediaSmart SmartMenu.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002914 _____ C:\Users\Samir & Fairuz\Desktop\Snapfish.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002888 _____ C:\Users\Samir & Fairuz\Desktop\HP Recovery Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002883 _____ C:\Users\Samir & Fairuz\Desktop\Microsoft Office 2010.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002790 _____ C:\Users\Samir & Fairuz\Desktop\Play HP Games.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002785 _____ C:\Users\Samir & Fairuz\Desktop\HP Photo Creations.lnk
2013-07-15 06:39 - 2013-07-15 06:39 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{710B3498-338A-4FA4-8552-E43569B323FD}
2013-07-15 06:31 - 2013-07-16 23:57 - 00000004 _____ C:\Users\Samir Awad\AppData\Roaming\cache.ini
2013-07-11 17:51 - 2013-07-13 07:59 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{96B3838C-60E8-47E0-B360-89F34C00B0FF}
2013-07-11 03:38 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:38 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:38 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:38 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:38 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:38 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 03:38 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:38 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:38 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:38 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:38 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:37 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:37 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:37 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:37 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:36 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:36 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:33 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 02:33 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 02:32 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 02:32 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 02:32 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 02:30 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 02:30 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:44 - 2013-07-05 17:45 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{E9FF2F39-84AF-43C2-95EE-0C7A714DDC5A}
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 14:06 - 2013-07-05 14:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 14:06 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iPod
2013-06-30 12:24 - 2013-06-30 12:24 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2845D3BC-19CE-46A5-8820-2FD0F557B35D}
2013-06-25 16:29 - 2013-06-25 18:22 - 00000000 ____D C:\Users\Samir Awad\Desktop\patti
2013-06-24 10:42 - 2013-06-24 10:42 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Unity
2013-06-24 10:36 - 2013-06-24 10:36 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\Unity
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{5DF71BED-670E-43EE-8155-C20C2D23B80D}

==================== One Month Modified Files and Folders =======

2013-07-21 10:55 - 2013-07-21 10:55 - 01779345 _____ (Farbar) C:\Users\Samir & Fairuz\Desktop\FRST64.exe
2013-07-21 10:53 - 2013-03-03 10:50 - 00000000 ____D C:\Users\Samir & Fairuz\AppData\Roaming\Skype
2013-07-21 10:23 - 2012-06-17 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 10:20 - 2012-01-03 07:06 - 00000334 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-21 10:17 - 2011-02-08 03:39 - 01532419 _____ C:\Windows\WindowsUpdate.log
2013-07-21 10:16 - 2011-12-22 12:54 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-21 10:04 - 2012-05-19 20:42 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job
2013-07-20 21:31 - 2012-05-19 20:42 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job
2013-07-20 16:16 - 2011-12-22 12:54 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 14:42 - 2011-06-27 07:16 - 00000420 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-07-20 08:22 - 2013-07-20 08:19 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 15:53 - 2013-07-19 15:53 - 00000000 ____D C:\FRST
2013-07-19 15:50 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 15:50 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 22:33 - 2013-07-18 22:18 - 00050753 _____ C:\Users\Samir & Fairuz\Desktop\RSIT 7-18-2013.txt
2013-07-18 22:33 - 2013-07-18 22:14 - 00000000 ____D C:\Program Files\trend micro
2013-07-18 22:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 22:21 - 2009-07-13 23:51 - 00080434 _____ C:\Windows\setupact.log
2013-07-18 22:18 - 2011-09-10 11:08 - 00000000 ____D C:\ProgramData\GameXN
2013-07-18 22:14 - 2013-07-18 22:14 - 00000000 ____D C:\rsit
2013-07-18 22:13 - 2013-07-18 22:13 - 00935175 _____ C:\Users\Samir & Fairuz\Desktop\RSITx64.exe
2013-07-18 19:44 - 2011-09-19 21:09 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\ZumoDrive
2013-07-18 17:17 - 2013-07-16 22:57 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2F3530E3-A931-4157-BF9E-C1BD6F7008A8}
2013-07-18 17:16 - 2011-07-31 10:29 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\go
2013-07-17 22:07 - 2013-07-17 22:07 - 00688992 ____R (Swearware) C:\Users\Samir & Fairuz\Desktop\dds.com
2013-07-17 21:55 - 2013-07-17 21:55 - 00688992 _____ (Swearware) C:\Users\Samir & Fairuz\Downloads\dds.com
2013-07-17 15:41 - 2009-07-14 00:13 - 00730532 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 01:33 - 2010-10-16 11:55 - 00000000 ____D C:\ProgramData\Recovery
2013-07-16 23:57 - 2013-07-15 06:31 - 00000004 _____ C:\Users\Samir Awad\AppData\Roaming\cache.ini
2013-07-16 23:57 - 2011-06-01 08:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\CrashDumps
2013-07-16 22:59 - 2012-02-27 23:32 - 00000000 ____D C:\Users\Samir & Fairuz
2013-07-16 22:56 - 2011-05-30 10:36 - 00000000 ____D C:\Users\Samir Awad\Tracing
2013-07-16 22:53 - 2012-02-27 23:41 - 00000000 ____D C:\Users\Kids
2013-07-16 22:53 - 2011-05-29 16:01 - 00000000 ____D C:\Users\Samir Awad
2013-07-16 22:53 - 2011-02-08 04:04 - 00000000 ____D C:\ProgramData\Norton
2013-07-16 22:53 - 2011-02-08 04:01 - 00000000 ____D C:\ProgramData\RoxioNow
2013-07-16 22:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-16 20:23 - 2013-07-16 20:23 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{79307668-753B-48D4-AA5E-FB4C645FDBBE}
2013-07-16 16:21 - 2013-07-15 20:50 - 00000000 ____D C:\Windows\pss
2013-07-16 16:09 - 2011-02-08 03:44 - 00121252 _____ C:\Windows\PFRO.log
2013-07-16 15:43 - 2013-07-16 15:33 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Microsoft Games
2013-07-16 10:42 - 2013-07-16 10:42 - 00000000 ____D C:\Users\Kids\Desktop\iphone pictures 4
2013-07-16 08:30 - 2013-07-16 08:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\.minecraft
2013-07-16 08:16 - 2013-07-16 08:16 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{16830AA1-44E5-4844-95A8-5A89347704E3}
2013-07-16 07:24 - 2011-05-31 20:07 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-16 07:23 - 2011-11-08 19:01 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-15 20:16 - 2013-07-15 20:15 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{A67CC648-F42A-4389-96C3-10E96DF1D9DF}
2013-07-15 20:11 - 2013-07-15 20:11 - 353035999 _____ C:\Windows\MEMORY.DMP
2013-07-15 20:11 - 2013-07-15 20:11 - 00272104 _____ C:\Windows\Minidump\071513-24507-01.dmp
2013-07-15 20:11 - 2013-07-15 20:11 - 00000000 ____D C:\Windows\Minidump
2013-07-15 19:52 - 2013-07-15 19:51 - 00002632 _____ C:\Users\Kids\Desktop\Rkill.txt
2013-07-15 19:52 - 2013-07-15 19:51 - 00000000 ____D C:\Users\Kids\Desktop\rkill
2013-07-15 19:51 - 2013-07-15 19:51 - 01004672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill64.com
2013-07-15 19:50 - 2013-07-15 19:50 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Kids\Downloads\rkill.com
2013-07-15 17:42 - 2013-07-15 17:42 - 00003090 _____ C:\Users\Samir & Fairuz\Desktop\Norton Online Backup.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003043 _____ C:\Users\Samir & Fairuz\Desktop\HP Power Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003028 _____ C:\Users\Samir & Fairuz\Desktop\Sprint.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00003014 _____ C:\Users\Samir & Fairuz\Desktop\eBay.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002996 _____ C:\Users\Samir & Fairuz\Desktop\HP MovieStore.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002956 _____ C:\Users\Samir & Fairuz\Desktop\Welcome to Fences.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002950 _____ C:\Users\Samir & Fairuz\Desktop\HP CloudDrive.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002926 _____ C:\Users\Samir & Fairuz\Desktop\HP Documentation.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002921 _____ C:\Users\Samir & Fairuz\Desktop\HP MediaSmart SmartMenu.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002914 _____ C:\Users\Samir & Fairuz\Desktop\Snapfish.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002888 _____ C:\Users\Samir & Fairuz\Desktop\HP Recovery Manager.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002883 _____ C:\Users\Samir & Fairuz\Desktop\Microsoft Office 2010.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002790 _____ C:\Users\Samir & Fairuz\Desktop\Play HP Games.lnk
2013-07-15 17:42 - 2013-07-15 17:42 - 00002785 _____ C:\Users\Samir & Fairuz\Desktop\HP Photo Creations.lnk
2013-07-15 06:39 - 2013-07-15 06:39 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{710B3498-338A-4FA4-8552-E43569B323FD}
2013-07-13 07:59 - 2013-07-11 17:51 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{96B3838C-60E8-47E0-B360-89F34C00B0FF}
2013-07-12 20:50 - 2013-06-02 14:10 - 00000000 ____D C:\Users\Samir Awad\Desktop\cruise
2013-07-12 16:11 - 2011-12-22 12:54 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 16:11 - 2011-12-22 12:54 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 04:58 - 2009-07-13 23:45 - 00436720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 04:57 - 2013-03-14 07:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 04:57 - 2013-03-14 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 04:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 04:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 04:38 - 2011-06-06 19:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 16:55 - 2011-05-29 23:35 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSAMIR$
2013-07-07 16:55 - 2011-05-29 23:35 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForSAMIR$.job
2013-07-05 17:45 - 2013-07-05 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{E9FF2F39-84AF-43C2-95EE-0C7A714DDC5A}
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iTunes
2013-07-05 14:07 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-05 14:06 - 2013-07-05 14:06 - 00000000 ____D C:\Program Files\iPod
2013-07-05 11:48 - 2012-09-15 08:23 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Skype
2013-07-01 23:05 - 2011-11-01 19:49 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSamir Awad.job
2013-07-01 22:56 - 2011-06-05 09:59 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Skype
2013-06-30 12:24 - 2013-06-30 12:24 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{2845D3BC-19CE-46A5-8820-2FD0F557B35D}
2013-06-27 09:47 - 2012-03-21 19:16 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\Google
2013-06-25 18:22 - 2013-06-25 16:29 - 00000000 ____D C:\Users\Samir Awad\Desktop\patti
2013-06-25 08:27 - 2011-11-01 19:49 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSamir Awad
2013-06-25 08:24 - 2012-03-21 22:12 - 00000000 ____D C:\Users\SAMIR&~1\AppData\Local\CrashDumps
2013-06-24 22:05 - 2011-12-09 23:56 - 00000000 ____D C:\Users\Samir Awad\Documents\Outlook Files
2013-06-24 10:42 - 2013-06-24 10:42 - 00000000 ____D C:\Users\Samir Awad\AppData\Roaming\Unity
2013-06-24 10:36 - 2013-06-24 10:36 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\Unity
2013-06-24 00:57 - 2011-05-29 22:43 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-21 17:44 - 2013-06-21 17:44 - 00000000 ____D C:\Users\Samir Awad\AppData\Local\{5DF71BED-670E-43EE-8155-C20C2D23B80D}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-952981719-3757993927-2282463420-1001\$ea862fa9f0256ac5ef9f2a8a40c50e2a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\@
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\L
C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\U

Files to move or delete:
====================
C:\Users\Samir Awad\AppData\Roaming\cache.dat
C:\Users\Samir Awad\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-13 00:17

==================== End Of Log ============================



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 21 July 2013 - 11:32 PM

Do the frst fix as shown above and run Combofix afterwards.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 22 July 2013 - 07:29 AM

Below are the fixlog and combofix logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by Samir & Fairuz at 2013-07-22 06:32:28 Run:1
Running from C:\Users\Samir & Fairuz\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Samir Awad\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key deleted successfully.
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3352F334-A389-4004-A026-3A161A0C69A7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3352F334-A389-4004-A026-3A161A0C69A7} => Key not found.
C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Moved successfully.
C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Moved successfully.
"C:\Users\SAMIR&~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-18\$ea862fa9f0256ac5ef9f2a8a40c50e2a\n" => File/Directory not found.
C:\Users\Samir Awad\AppData\Roaming\cache.dat => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-952981719-3757993927-2282463420-1001\$ea862fa9f0256ac5ef9f2a8a40c50e2a => Moved successfully.
C:\Users\Samir Awad\AppData\Roaming\cache.ini => Moved successfully.

==== End of Fixlog ====

 

 

 

ComboFix 13-07-22.01 - Samir & Fairuz 07/22/2013   6:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1686 [GMT -5:00]
Running from: c:\users\Samir & Fairuz\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DictionaryBossEI
c:\program files (x86)\FunWebProducts
c:\users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA496B9E-5EC5-4995-A401-951053621434}.xps
c:\users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ECB6F0E0-47E0-4F4B-BBEB-22406265D329}.xps
c:\users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F15FDECE-EB4C-4F2A-A8D0-E3586777542B}.xps
c:\users\Samir Awad\Documents\~WRL2312.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))
.
.
2013-07-22 12:01 . 2013-07-22 12:01 -------- d-----w- c:\users\Samir Awad\AppData\Local\temp
2013-07-22 12:01 . 2013-07-22 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-22 11:41 . 2013-07-22 11:41 -------- d-----w- c:\users\Samir & Fairuz\AppData\Roaming\HPAppData
2013-07-20 13:19 . 2013-07-20 13:22 -------- d-----w- c:\windows\system32\MRT
2013-07-19 20:53 . 2013-07-19 20:53 -------- d-----w- C:\FRST
2013-07-19 03:14 . 2013-07-19 03:33 -------- d-----w- c:\program files\trend micro
2013-07-19 03:14 . 2013-07-19 03:14 -------- d-----w- C:\rsit
2013-07-16 20:33 . 2013-07-16 20:43 -------- d-----w- c:\users\Samir & Fairuz\AppData\Local\Microsoft Games
2013-07-16 13:23 . 2013-07-16 13:30 -------- d-----w- c:\users\Kids\AppData\Roaming\.minecraft
2013-07-11 08:37 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-11 08:37 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-07-11 08:37 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-11 08:36 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-07-11 07:33 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 07:33 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 07:33 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 07:33 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 07:33 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 07:33 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 07:33 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 07:33 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 07:33 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 07:32 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 07:32 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 07:32 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 07:31 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 07:31 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 07:30 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 07:30 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-05 19:06 . 2013-07-05 19:06 -------- d-----w- c:\program files\iPod
2013-07-05 19:06 . 2013-07-05 19:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-05 19:06 . 2013-07-05 19:07 -------- d-----w- c:\program files\iTunes
2013-07-05 19:06 . 2013-07-05 19:07 -------- d-----w- c:\program files (x86)\iTunes
2013-06-24 15:42 . 2013-06-24 15:42 -------- d-----w- c:\users\Samir Awad\AppData\Roaming\Unity
2013-06-24 15:36 . 2013-06-24 15:36 -------- d-----w- c:\users\Samir Awad\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 05:57 . 2011-05-30 03:43 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-17 23:59 . 2011-02-08 09:04 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-13 21:44 . 2012-06-17 17:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 21:44 . 2011-07-06 03:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-23 05:25 . 2013-06-07 13:28 1139800 ----a-w- c:\windows\system32\drivers\NISx64\1404000.028\symefa64.sys
2013-05-21 05:02 . 2013-06-07 13:28 493656 ----a-w- c:\windows\system32\drivers\NISx64\1404000.028\symds64.sys
2013-05-16 05:02 . 2013-06-07 13:28 796760 ----a-w- c:\windows\system32\drivers\NISx64\1404000.028\srtsp64.sys
2013-05-15 14:16 . 2011-08-24 01:58 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-13 21:45 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 21:45 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 21:45 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 21:45 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 21:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 21:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 21:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 21:45 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 21:45 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 21:45 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 21:45 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 21:45 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 21:49 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-26 05:51 . 2013-06-13 21:49 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-13 21:49 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-13 21:45 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-25 00:43 . 2013-06-07 13:28 433752 ----a-w- c:\windows\system32\drivers\NISx64\1404000.028\symnets.sys
2011-06-27 21:09 . 2011-06-29 22:06 161728 ----a-w- c:\program files (x86)\v4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001_bdd\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130719.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130719.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 02:17 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 21:44]
.
2013-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007Core.job
- c:\users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 23:52]
.
2013-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952981719-3757993927-2282463420-1007UA.job
- c:\users\Kids\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-20 23:52]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 17:54]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 17:54]
.
2013-07-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-01-03 12:04]
.
2013-07-02 c:\windows\Tasks\HPCeeScheduleForSamir Awad.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-07-07 c:\windows\Tasks\HPCeeScheduleForSAMIR$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-07-22  07:22:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-22 12:22
.
Pre-Run: 27,606,065,152 bytes free
Post-Run: 30,726,918,144 bytes free
.
- - End Of File - - 1D02F307FD1D59A42B329A2E9CA5408F
D41D8CD98F00B204E9800998ECF8427E
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 22 July 2013 - 07:55 AM

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 22 July 2013 - 08:48 PM

Here is the log from ESET

 

C:\FRST\Quarantine\cache.dat a variant of Win32/Kryptik.BFUV trojan
C:\Users\Samir Awad\AppData\LocalLow\DictionaryBossEI\Installr\Cache\0156D0FB.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Samir Awad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\791f9322-68a91568 Java/Exploit.Agent.NNK trojan
C:\Users\Samir Awad\Pictures\External Drive\PC Backup\Documents and Settings\Home CPU\My Documents\My Received Files\messengerdiscovery.exe Win32/TrojanDownloader.IstBar.NAU Trojan

 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:59 PM

Posted 23 July 2013 - 12:09 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 argeeleh

argeeleh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 July 2013 - 04:17 PM

When I do step 1, I keep getting a message that the Norton Internet Security is still running "real time scanner".  I disabled Smart Firewall and anti-Virus Auto Protect.  How can I disable "real time scanner".  Or should I run combofix anyways?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users