Windows command processor and possibly more

Solved
By Nereth
Nov 2, 2012
Topic Status:
Not open for further replies.
  1. Hello,

    I am hoping someone can help me resolve my virus issues without need of a reformat D:

    Here are the symptoms:

    1) Windows command processor keeps asking me to give it permission to run. I haven't yet.

    2) Some programs are currently acting very unpredictably outside of safe mode, example on some reboots, firefox won't start, on others it will. Just now it wasn't, then I decided to restart, then cancelled halfway through before confirming I wanted stuff closed, as a result the windows command processor thing closed itself seemingly permanently and then firefox was working again.

    3) This means I often can't get antivirus programs to run outside of safe mode. Presumably next time I restart my computer I will lose the ability to run stuff outside of safe mode again.

    4) I tried unsuccesfully to fix this on my own before coming here (probably was a mistake, I'm sorry :( ). This included running malwarebytes, a 1 month outdated copy of NOD32, and a system restore. System restore did nothing. NOD32 found Ramnit and couldn't clean it, which I pray was an error on its behalf because neither malwarebytes nor spyhunter (free version, can't remove stuff) found ramnit and I really don't want to have to reformat.

    I am currently going through the 5 preliminary steps. Here is their status:

    1) Could not run MSE - I managed to install it but it cannot manage to get an internet connection to update itself (despite my internet being connected). It won't run in safe mode so currently can't really deal with that. Skipping this step for now I guess? Can probably install it once the virus is removed from the system.

    2) Running malwarebytes currently outside of safe mode, but as described above, my the virus seems to be inactive again after that partial reboot, so not sure if it will find it. Note that without safemode, I usually cannot run malwarebytes. Even the chameleon would not run properly yesterday, I could start it but it seemed unable to do anything of note. I forgot to write down what errors it threw. If we need to try again I will do so.

    I have accidentally already started a full scan in malwarebytes, instead of a quick scan as recommended by the 5 step virus removal preliminary steps. I hope this is not an issue, the full scan is nearly complete as I write this. If necessary I will do a quick scan afterwards and repeat the steps. Please let me know.

    3) No modifications found.

    4) DDS instructions asked for attach.txt to be zipper and attached. Instructions from the sticky asked for all files to be posted, not attached. I wasn't sure what to do so I did both. Or at least, I tried to do both, but then the forum reported an error uploading, so I just pasted it instead.

    5)

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.02.01

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Ahmad :: AHMAD-WORK [administrator]

    2/11/2012 2:47:11 PM
    mbam-log-2012-11-02 (14-47-11).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 487763
    Time elapsed: 36 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Gmer log:

    (empty)

    DDS.txt

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
    Run by Ahmad at 15:52:39 on 2012-11-02
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.4739 [GMT 8:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    d:\Program Files (x86)\Pingzapper\PZService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [PlayNC Launcher] <no file>
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    StartupFolder: D:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    StartupFolder: D:\PROGRA~1\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{700BA019-042B-40AC-A34E-ED48B320EFC3} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [TortoiseHgOverlayIconServer] D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\60nu6rwl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\60nu6rwl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; D:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-1 16152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-1 13592]
    R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-2 399432]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-1 1258344]
    R2 PingzapperSvc;Pingzapper Service;D:\Program Files (x86)\Pingzapper\PZService.exe [2012-8-25 679424]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
    R2 StarWindServiceAE;StarWind AE Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-15 382312]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-1 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-1 786200]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-2 25928]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2011-11-10 60184]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-1 646248]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-2 116648]
    S2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-2 676936]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-2 250808]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-9-27 89160]
    S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-2 22704]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-2 1431888]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-2 116648]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 115168]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-8-17 109624]
    S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2010-7-26 15360]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-11-02 06:46:27 9291768 ----a-w- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFFB410B-8406-4ABF-B5DB-BD940EE0CC78}\mpengine.dll
    2012-11-02 06:17:24 101192 ----a-w- d:\Users\Ahmad\AmazingTit****.scr
    2012-11-02 05:43:27 101192 ----a-w- d:\Users\Ahmad\LittleBitch.scr
    2012-11-02 05:13:57 101192 ----a-w- d:\Users\Ahmad\BustyShemale.scr
    2012-11-02 04:37:21 101192 ----a-w- d:\Users\Ahmad\BoyTreats.scr
    2012-11-02 03:36:53 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-11-02 03:36:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-11-02 03:05:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-02 02:56:27 9309624 ----a-w- d:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A80A4948-0D72-41B6-B5B3-1ACC845D0411}\mpengine.dll
    2012-11-01 18:44:02 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
    2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
    2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
    2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
    2012-11-01 18:44:01 -------- d-----w- C:\sh4ldr
    2012-11-01 18:44:01 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-11-01 18:43:52 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-11-01 18:42:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-11-01 17:25:00 101192 --s---w- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    2012-11-01 17:25:00 -------- d-----w- d:\Users\Ahmad\AppData\Local\qdfwmqxf
    2012-10-27 13:44:17 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-10-27 13:44:17 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2012-10-21 04:52:47 -------- d-----w- d:\ProgramData\Ask
    2012-10-21 04:01:44 -------- d-----w- d:\Users\Ahmad\AppData\Roaming\Sony Creative Software Inc
    2012-10-19 15:38:11 -------- d-----w- d:\Users\Ahmad\AppData\Local\StreamPrivacy
    2012-10-18 18:56:45 -------- d-----w- d:\Users\Ahmad\AppData\Local\FFsplit
    2012-10-18 10:22:48 -------- d-----w- C:\Program Files (x86)\Sony
    2012-10-18 10:18:34 -------- d-----w- C:\Windows\System32\appmgmt
    2012-10-18 09:46:26 -------- d-----w- d:\Users\Ahmad\AppData\Local\Sony
    2012-10-16 07:11:52 -------- d-----w- d:\Users\Ahmad\AppData\Roaming\Blender Foundation
    2012-10-16 07:11:31 -------- d-----w- d:\Users\Ahmad\.thumbnails
    .
    ==================== Find3M ====================
    .
    2012-10-09 12:39:15 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 12:39:15 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-16 13:34:26 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2012-08-30 14:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-30 14:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 13:18:02 71680 ----a-w- C:\Windows\System32\frapsv64.dll
    2012-08-30 13:18:00 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
    .
    ============= FINISH: 15:52:45.11 ===============

    attach.txt
    (too large, splitting across two posts)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/07/2012 2:42:20 PM
    System Uptime: 2/11/2012 11:33:05 AM (4 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-M
    Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 31.882 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 575.757 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP64: 2/11/2012 1:55:21 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Altium Designer Release 10
    AN-SOF100 v2.7
    µTorrent
    Bandicam
    Bandisoft MPEG-1 Decoder
    COSMOSM 2012 x64 Edition (2010/290)
    Crystal Reports for Visual Studio
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dotfuscator Software Services - Community Edition
    ESET NOD32 Antivirus
    FFsplit version Alpha
    FormatFactory 3.00
    Fraps (remove only)
    GOM Player
    GOMTV Streamer
    Google Earth
    Google Update Helper
    Guild Wars 2
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Lineage II
    LTspice IV
    Malwarebytes Anti-Malware version 1.65.1.1000
    MATLAB Component Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Help Viewer 1.0
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Movie Maker
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT Redists
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCsoft Launcher
    NVIDIA 3D Vision Controller Driver 302.82
    NVIDIA 3D Vision Driver 302.82
    NVIDIA Control Panel 302.82
    NVIDIA Graphics Driver 302.82
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.9.10
    NVIDIA Update Components
    Opera 12.00
    Pando Media Booster
    Photo Common
    Photo Gallery
    Pingzapper version 1.1.2
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype™ 5.10
    SolidWorks 2012 x64 Edition SP0
    SolidWorks eDrawings 2012 x64 Edition SP0
    SolidWorks Explorer 2012 SP0 x64 Edition
    SolidWorks Flow Simulation 2012 SP0 x64 Edition
    Spyder3Pro
    SpyHunter
    Sql Server Customer Experience Improvement Program
    StarCraft II
    Steam
    SteelSeries Xai Laser Mouse
    Super Meat Boy
    TortoiseHg 2.4.1 (x64)
    TowerVPN 1.0.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Vegas Pro 12.0 (64-bit)
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 2.0.2
    Web Deployment Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (64-bit)
    WinZip 16.0
    World of Warcraft
    Xvid Video Codec
    .
  2. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    attach.txt (continued)

    ==== Event Viewer Messages From Past Week ========
    .
    2/11/2012 2:46:35 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 2:46:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 2:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 2:44:15 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 2:44:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 2:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 2:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1150.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1150.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 2:42:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 12:42:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 12:42:39 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 12:42:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 12:16:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 11:51:13 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:51:08 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:51:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:44:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 11:40:49 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:40:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:40:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:40:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:40:10 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    2/11/2012 11:39:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:39:30 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:39:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
    2/11/2012 11:38:31 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:38:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
    2/11/2012 11:38:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
    2/11/2012 11:38:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
    2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
    2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
    2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
    2/11/2012 11:37:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 11:37:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    2/11/2012 11:32:03 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 11:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/11/2012 11:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/11/2012 11:29:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 11:29:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/11/2012 11:29:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/11/2012 11:29:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/11/2012 11:29:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/11/2012 11:29:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv spldr Wanarpv6
    2/11/2012 11:29:38 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/11/2012 10:55:48 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: Not enough storage is available to process this command.
    2/11/2012 1:53:25 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    2/11/2012 1:30:42 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/11/2012 1:30:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eamonm ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================

    Note from poster:

    I am aware that, at least to me, it looks like my computer is fine right now - If this is the case, I think this is a result of the half-shutdown thing I mentioned earlier. After I post this, I am going to reset my computer and check that the symptoms of the viruses still exist. I will edit this post and mention whether the viruses are still noticeable. I am aware that I may need to repeat this 5 step process after restart while the viruses are active (I would likely then have to do it in safe mode). Please let me know if this is the case. If they do not show up, I am aware that it does not necessarily mean my computer is clean, and I will await further instruction.

    Thankyou for your help,
    -Nereth
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hello, and thankyou very much for your lightning-quick response!

    Some notes:

    1) Upon restart, in normal (not safe) mode, the virus was indeed back. Firefox was extremely unstable and the screens kept turning black, and the computer kept freezing - as a result I chose to download and run ComboFix in safe mode.

    2) In safe mode, although I was able to turn off the real time protection from MSE, I was not able to find a way to turn off NOD32s protection (since the GUI is not the same in safe mode, I couldn't figure out how). I am unsure if NOD32 even has real time protection in safe mode.

    3) Combofix was complaining about MSE (which I had turned off) and NOD32 (which I couldn't turn off), but I ran it anyway :O

    4) Does it matter that I am not saving and running these programs from the desktop as instructed? I hope not - my desktop is cluttered enough as it is! Please let me know.

    Combofix Log:

    ComboFix 12-10-31.03 - Ahmad 02/11/2012 16:40:13.1.8 - x64 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.6624 [GMT 8:00]
    Running from: d:\users\Ahmad\Desktop\Downloaded youtube songs\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    D:\install.exe
    d:\users\Ahmad\AmazingTit****.scr
    d:\users\Ahmad\AppData\Local\7e5dac6d1.log
    d:\users\Ahmad\AppData\Local\assembly\tmp
    d:\users\Ahmad\AppData\Local\bgqplpgm.log
    d:\users\Ahmad\AppData\Local\cdgijwjg.log
    d:\users\Ahmad\AppData\Local\fyeauish.log
    d:\users\Ahmad\AppData\Local\lsofilem.log
    d:\users\Ahmad\AppData\Local\mfkgmfkd.log
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35DA69BE-5951-436D-BDE4-3C5C553AE984}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51A65351-774F-417D-8315-91545247E73A}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8098FAA2-0130-4332-8D46-9FB01801AB92}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F67A50FA-E1CD-4BFA-B225-2F1803C7E4F3}.xps
    d:\users\Ahmad\AppData\Local\oxbdveog.log
    d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
    d:\users\Ahmad\AppData\Local\smtoponx.log
    d:\users\Ahmad\BoyTreats.scr
    d:\users\Ahmad\BustyShemale.scr
    d:\users\Ahmad\LittleBitch.scr
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-11-02 03:05 . 2012-09-29 11:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-01 18:44 . 2012-06-22 04:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
    2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- C:\sh4ldr
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
    2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- c:\program files\Enigma Software Group
    2012-11-01 18:43 . 2012-11-01 18:44 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-11-01 18:42 . 2012-11-01 18:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-11-01 17:25 . 2012-11-02 08:42 -------- d-----w- d:\users\Ahmad\AppData\Local\qdfwmqxf
    2012-11-01 17:25 . 2012-11-01 17:25 101192 --s---w- d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    2012-10-21 04:01 . 2012-10-21 04:01 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony Creative Software Inc
    2012-10-19 15:38 . 2012-10-19 17:20 -------- d-----w- d:\users\Ahmad\AppData\Local\StreamPrivacy
    2012-10-18 18:56 . 2012-10-18 18:56 -------- d-----w- d:\users\Ahmad\AppData\Local\FFsplit
    2012-10-18 10:37 . 2012-10-18 10:37 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Publish Providers
    2012-10-18 10:22 . 2012-10-18 10:22 -------- d-----w- c:\program files (x86)\Sony
    2012-10-18 10:18 . 2012-10-18 10:18 -------- d-----w- c:\windows\system32\appmgmt
    2012-10-18 09:46 . 2012-10-18 10:22 -------- d-----w- d:\users\Ahmad\AppData\Local\Sony
    2012-10-18 09:42 . 2012-10-18 11:16 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony
    2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Blender Foundation
    2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\.thumbnails
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 12:39 . 2012-07-01 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 12:39 . 2012-07-01 16:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-16 13:34 . 2012-09-16 13:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-08-30 14:03 . 2012-08-30 14:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 14:03 . 2012-08-30 14:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-30 13:18 . 2012-08-30 13:18 71680 ----a-w- c:\windows\system32\frapsv64.dll
    2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "AlcoholAutomount"="d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-09-18 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    yjwjwqhv.exe [2012-11-2 101192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
    R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-16 1258344]
    R2 PingzapperSvc;Pingzapper Service;d:\program files (x86)\Pingzapper\PZService.exe [2012-06-11 679424]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-15 382312]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-09-26 89160]
    R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-02 1431888]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-08-17 109624]
    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 12:39]
    .
    2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
    .
    2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]
    "TortoiseHgOverlayIconServer"="d:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-06-08 47616]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKCU-Run-YjwJwqhv - d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-GOM Player - d:\program files (x86)\GRETECH\GomPlayer\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-02 16:43:22
    ComboFix-quarantined-files.txt 2012-11-02 08:43
    .
    Pre-Run: 34,131,980,288 bytes free
    Post-Run: 34,497,056,768 bytes free
    .
    - - End Of File - - A54053AD78474E5AD02FBE61C29FF953
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's best to save to the Desktop and then run them. If we need to run scripts, the tools need to be easily accessible.

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  6. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hi there,

    I have been trying to do as many scans as possible outside of safe mode for 'realism' but I am wandering if it is screwing anything up (e.g. aswMBR mentioned some kind of 'engine error', see log). Please let me know if I should be doing these in safe mode at all (I have to go back into safe mode each time I want to make/read a post here or download a file anyway XD )

    1) TDSS killer report 500kb, zipped and uploaded.
    2) aswMBR.txt:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-03 01:57:29
    -----------------------------
    01:57:29.859 OS Version: Windows x64 6.1.7600
    01:57:29.859 Number of processors: 8 586 0x3A09
    01:57:29.859 ComputerName: AHMAD-WORK UserName: Ahmad
    01:57:30.020 Initialize success
    01:59:17.291 AVAST engine error: 8
    01:59:34.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    01:59:34.178 Disk 0 Vendor: SPCC_SSD 332A Size: 114473MB BusType: 3
    01:59:34.179 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
    01:59:34.180 Disk 1 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
    01:59:34.181 Disk 0 MBR read successfully
    01:59:34.182 Disk 0 MBR scan
    01:59:34.184 Disk 0 Windows 7 default MBR code
    01:59:34.185 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    01:59:34.186 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    01:59:34.189 Disk 0 scanning C:\Windows\system32\drivers
    01:59:35.075 Service scanning
    01:59:37.630 Modules scanning
    01:59:37.633 Scan finished successfully
    02:00:44.632 Disk 0 MBR has been saved successfully to "d:\Users\Ahmad\Desktop\MBR.dat"
    02:00:44.635 The log file has been saved successfully to "d:\Users\Ahmad\Desktop\aswMBR.txt"

    3) MBRscan renamed as a .txt and uploaded per your request.

    Thankyou for your continued help!

    Attached Files:

  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  8. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hi there!

    Scans complete.

    Combofix still seems to be reporting that my antivirus programs were enabled. I am quite sure I disabled both MSE and NOD32 before I used it however. Perhaps it is referring to the programs themselves rather than their 'active protection' status.

    Combofix log:

    ComboFix 12-10-31.03 - Ahmad 02/11/2012 16:40:13.1.8 - x64 NETWORK
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.6624 [GMT 8:00]
    Running from: d:\users\Ahmad\Desktop\Downloaded youtube songs\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    D:\install.exe
    d:\users\Ahmad\AmazingTit****.scr
    d:\users\Ahmad\AppData\Local\7e5dac6d1.log
    d:\users\Ahmad\AppData\Local\assembly\tmp
    d:\users\Ahmad\AppData\Local\bgqplpgm.log
    d:\users\Ahmad\AppData\Local\cdgijwjg.log
    d:\users\Ahmad\AppData\Local\fyeauish.log
    d:\users\Ahmad\AppData\Local\lsofilem.log
    d:\users\Ahmad\AppData\Local\mfkgmfkd.log
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35DA69BE-5951-436D-BDE4-3C5C553AE984}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51A65351-774F-417D-8315-91545247E73A}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8098FAA2-0130-4332-8D46-9FB01801AB92}.xps
    d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F67A50FA-E1CD-4BFA-B225-2F1803C7E4F3}.xps
    d:\users\Ahmad\AppData\Local\oxbdveog.log
    d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
    d:\users\Ahmad\AppData\Local\smtoponx.log
    d:\users\Ahmad\BoyTreats.scr
    d:\users\Ahmad\BustyShemale.scr
    d:\users\Ahmad\LittleBitch.scr
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-11-02 03:05 . 2012-09-29 11:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-01 18:44 . 2012-06-22 04:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
    2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- C:\sh4ldr
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
    2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
    2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- c:\program files\Enigma Software Group
    2012-11-01 18:43 . 2012-11-01 18:44 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-11-01 18:42 . 2012-11-01 18:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-11-01 17:25 . 2012-11-02 08:42 -------- d-----w- d:\users\Ahmad\AppData\Local\qdfwmqxf
    2012-11-01 17:25 . 2012-11-01 17:25 101192 --s---w- d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    2012-10-21 04:01 . 2012-10-21 04:01 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony Creative Software Inc
    2012-10-19 15:38 . 2012-10-19 17:20 -------- d-----w- d:\users\Ahmad\AppData\Local\StreamPrivacy
    2012-10-18 18:56 . 2012-10-18 18:56 -------- d-----w- d:\users\Ahmad\AppData\Local\FFsplit
    2012-10-18 10:37 . 2012-10-18 10:37 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Publish Providers
    2012-10-18 10:22 . 2012-10-18 10:22 -------- d-----w- c:\program files (x86)\Sony
    2012-10-18 10:18 . 2012-10-18 10:18 -------- d-----w- c:\windows\system32\appmgmt
    2012-10-18 09:46 . 2012-10-18 10:22 -------- d-----w- d:\users\Ahmad\AppData\Local\Sony
    2012-10-18 09:42 . 2012-10-18 11:16 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony
    2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Blender Foundation
    2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\.thumbnails
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 12:39 . 2012-07-01 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 12:39 . 2012-07-01 16:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-16 13:34 . 2012-09-16 13:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-08-30 14:03 . 2012-08-30 14:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 14:03 . 2012-08-30 14:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-30 13:18 . 2012-08-30 13:18 71680 ----a-w- c:\windows\system32\frapsv64.dll
    2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "AlcoholAutomount"="d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-09-18 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    yjwjwqhv.exe [2012-11-2 101192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
    R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-16 1258344]
    R2 PingzapperSvc;Pingzapper Service;d:\program files (x86)\Pingzapper\PZService.exe [2012-06-11 679424]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-15 382312]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-09-26 89160]
    R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-02 1431888]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-08-17 109624]
    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 12:39]
    .
    2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
    .
    2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]
    "TortoiseHgOverlayIconServer"="d:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-06-08 47616]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKCU-Run-YjwJwqhv - d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-GOM Player - d:\program files (x86)\GRETECH\GomPlayer\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-02 16:43:22
    ComboFix-quarantined-files.txt 2012-11-02 08:43
    .
    Pre-Run: 34,131,980,288 bytes free
    Post-Run: 34,497,056,768 bytes free
    .
    - - End Of File - - A54053AD78474E5AD02FBE61C29FF953

    AdwCleaner log

    # AdwCleaner v2.006 - Logfile created 11/04/2012 at 02:06:12
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Ahmad - AHMAD-WORK
    # Boot Mode : Normal
    # Running from : D:\Users\Ahmad\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\searchplugins\Conduit.xml
    File Deleted : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\searchplugins\search.xml
    Folder Deleted : d:\ProgramData\Ask
    Folder Deleted : d:\ProgramData\InstallMate
    Folder Deleted : d:\ProgramData\Premium

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\prefs.js

    Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT[...]
    Deleted : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
    Deleted : user_pref("tfp.CT2653012", true);

    -\\ Opera v12.0.1467.0

    File : d:\Users\Ahmad\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1635 octets] - [04/11/2012 02:06:12]

    ########## EOF - d:\AdwCleaner[S1].txt - [1695 octets] ##########

    Note that I ended up running Adwcleaner twice by accident, this is the log of the first run. The second appeared to be clean (I can post it as well if you like).

    Thanks for your continued help,
    -Nereth
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome...next scan...

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, go back to OTL and paste it in the Custom Scans/Fixes box:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it usually opens two notepad windows. OTL.Txt (Displayed on screen) and Extras.Txt (minimized). These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of OTL.txt and paste it to your next reply. I will let you know if I need the Extras.txt.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr


    I'll be back tomorrow sometime. I'm out of the office for the remainder of the day.
  10. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Done it - I accidentally had a text file with that custom scan stuff open during half of the scan (closed it when I remembered you wanted all windows closed), and nod32 popped up saying it found ramnit as well during the scan. Not sure if this effects the scan results or not. Let me know if you want it scanned again.

    In any case, the OTL.txt is 136Kb so I will have to split it across 3 replies.

    Looking forward to your help next time you are in your office :) Hopefully we can get my computer functional outside of safe mode again eventually!

    Regards,
    Nereth

    OTL.txt Part 1:

    OTL logfile created on: 4/11/2012 2:44:45 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Ahmad\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.96 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 75.00% Memory free
    15.91 Gb Paging File | 13.78 Gb Available in Paging File | 86.63% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 31.30 Gb Free Space | 28.03% Space Free | Partition Type: NTFS
    Drive D: | 931.51 Gb Total Space | 583.68 Gb Free Space | 62.66% Space Free | Partition Type: NTFS

    Computer Name: AHMAD-WORK | User Name: Ahmad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/04 02:40:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
    PRC - [2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Local\Temp\qouecsjc.exe
    PRC - [2012/10/25 12:37:15 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/18 18:45:04 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/16 08:20:00 | 001,258,344 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/06/15 16:46:36 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/06/11 11:57:30 | 000,679,424 | -HS- | M] () -- d:\Program Files (x86)\Pingzapper\PZService.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2012/01/05 03:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/09/27 11:53:04 | 001,855,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
    PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Local\Temp\qouecsjc.exe
    MOD - [2012/10/25 12:37:14 | 020,317,008 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/10/25 12:37:12 | 001,099,616 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/10/25 12:37:12 | 000,902,480 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/10/25 12:37:12 | 000,190,816 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/10/25 12:37:12 | 000,123,232 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/07/04 13:52:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
    MOD - [2012/07/04 13:52:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
    MOD - [2012/07/04 13:52:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\70fa575573e3622876afd9f530909289\IAStorCommon.ni.dll
    MOD - [2012/07/04 13:52:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
    MOD - [2012/07/04 13:52:40 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e848795e832377c95afb598ec1bfcb7d\IAStorUtil.ni.dll
    MOD - [2012/07/04 13:52:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
    MOD - [2012/07/04 13:52:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
    MOD - [2012/07/04 13:52:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
    MOD - [2012/07/04 13:52:28 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
    MOD - [2012/07/04 13:52:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/10 16:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/07/02 12:15:24 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/09/27 04:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2011/08/17 20:04:36 | 000,109,624 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/11/02 21:45:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/25 12:37:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/10/09 20:39:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/02 12:12:57 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/07/02 12:12:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2012/06/16 08:20:00 | 001,258,344 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/06/15 16:46:36 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/06/11 11:57:30 | 000,679,424 | -HS- | M] () [Auto | Running] -- d:\Program Files (x86)\Pingzapper\PZService.exe -- (PingzapperSvc)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/16 03:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2012/01/05 23:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
    SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/07/02 00:28:04 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/06/22 12:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/03/01 14:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/05 03:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/01/05 03:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/01/05 03:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/09/29 17:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/03/30 22:27:42 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2010/03/17 23:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 67 16 78 97 B3 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledAddons: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
    FF - prefs.js..extensions.enabledAddons: info@youtube-mp3.org:1.0.4
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/08/30 17:23:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 21:45:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/30 17:23:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 21:45:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/01 22:35:04 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Extensions
    [2012/10/23 20:22:30 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions
    [2012/07/02 14:46:34 | 000,000,000 | ---D | M] (Image Zoom) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    [2012/09/26 16:21:03 | 000,006,796 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
    [2011/10/30 14:04:02 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/03/28 22:18:37 | 000,685,019 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
    [2012/11/02 21:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/02 21:45:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/02 21:45:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/02 21:45:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/11/02 16:42:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [YjwJwqhv] d:\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe ()
    O4 - Startup: d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700BA019-042B-40AC-A34E-ED48B320EFC3}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  11. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    OTL.txt Part 2

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {33D8CD4B-1E5E-12F3-4660-A5FE06230BD4} - Internet Explorer
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {6FB93458-1DBC-82F0-A942-1E780D04D14B} - Browser Customizations
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A67C2E6C-14B8-F04E-C142-E49A81D5822F} - Browser Customizations
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E2F7C6E6-37BD-E5EA-F0B1-9FBA283D313C} - Microsoft Windows Media Player 12.0
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
    Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
    Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
    Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
    Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/04 02:40:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
    [2012/11/04 01:59:28 | 004,996,578 | ---- | C] (Swearware) -- d:\Users\Ahmad\Desktop\ComboFix.exe
    [2012/11/03 01:51:52 | 004,731,392 | ---- | C] (AVAST Software) -- d:\Users\Ahmad\Desktop\aswMBR.exe
    [2012/11/03 01:45:22 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/03 01:45:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2012/11/03 01:45:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012/11/03 01:45:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2012/11/03 01:45:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/03 01:45:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012/11/03 01:45:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/03 01:45:22 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/03 01:45:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/03 01:45:22 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/03 01:45:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/03 01:45:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2012/11/03 01:45:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2012/11/03 01:45:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2012/11/03 01:45:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2012/11/03 01:44:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/11/03 01:44:10 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/11/03 01:44:10 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/11/03 01:39:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/03 01:38:27 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- d:\Users\Ahmad\Desktop\tdsskiller.exe
    [2012/11/02 21:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/11/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/02 16:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/02 16:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/02 16:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/02 16:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/02 16:37:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/02 14:45:40 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\cleaning
    [2012/11/02 11:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/11/02 11:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/11/02 11:05:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/02 11:04:41 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- d:\Users\Ahmad\Desktop\mbam.exe
    [2012/11/02 11:02:19 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- d:\Users\Ahmad\Desktop\rkill.com
    [2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    [2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/11/02 02:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/11/02 01:25:00 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\qdfwmqxf
    [2012/10/23 16:16:44 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\CAD t2 (AHMAD-PC)
    [2012/10/23 16:15:48 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\Predator V12 (AHMAD-PC)
    [2012/10/23 14:45:58 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\fraps vids
    [2012/10/21 12:52:56 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    [2012/10/21 12:01:44 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Sony Creative Software Inc
    [2012/10/19 23:38:11 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\StreamPrivacy
    [2012/10/19 02:56:45 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\FFsplit
    [2012/10/18 18:37:48 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Publish Providers
    [2012/10/18 18:22:48 | 000,000,000 | ---D | C] -- d:\ProgramData\Sony
    [2012/10/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
    [2012/10/18 18:18:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2012/10/18 17:46:26 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\Sony
    [2012/10/18 17:42:37 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Sony
    [2012/10/18 12:15:54 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\WOW Vids
    [2012/10/17 01:40:59 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\compressed vids
    [2012/10/16 15:11:52 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Blender Foundation
    [2012/10/16 15:11:31 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\.thumbnails
    [2012/10/09 23:33:38 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\skype xfer 1
    [2 d:\Users\Ahmad\Desktop\*.tmp files -> d:\Users\Ahmad\Desktop\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/04 02:44:33 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/04 02:44:33 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/04 02:42:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/04 02:42:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/04 02:42:11 | 2112,511,999 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/04 02:40:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
    [2012/11/04 02:27:22 | 000,874,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/04 02:27:22 | 000,732,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/04 02:27:22 | 000,150,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/04 02:00:26 | 000,540,977 | ---- | M] () -- d:\Users\Ahmad\Desktop\adwcleaner.exe
    [2012/11/04 02:00:18 | 004,996,578 | ---- | M] (Swearware) -- d:\Users\Ahmad\Desktop\ComboFix.exe
    [2012/11/03 01:52:20 | 004,731,392 | ---- | M] (AVAST Software) -- d:\Users\Ahmad\Desktop\aswMBR.exe
    [2012/11/03 01:51:08 | 000,098,290 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_03.11.2012_01.42.26_log.zip
    [2012/11/03 01:38:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- d:\Users\Ahmad\Desktop\tdsskiller.exe
    [2012/11/02 16:42:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/02 15:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/02 15:27:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/02 14:42:45 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/11/02 11:04:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- d:\Users\Ahmad\Desktop\mbam.exe
    [2012/11/02 11:02:45 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- d:\Users\Ahmad\Desktop\rkill.com
    [2012/11/02 02:44:01 | 000,002,114 | ---- | M] () -- d:\Users\Ahmad\Desktop\SpyHunter.lnk
    [2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    [2012/10/29 12:51:28 | 000,000,000 | ---- | M] () -- d:\Users\Ahmad\AppData\Local\Temptable.xml
    [2012/10/21 16:29:18 | 000,012,688 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg
    [2012/10/21 16:15:41 | 031,790,964 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.mp4
    [2012/10/21 16:08:41 | 000,011,352 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg.bak
    [2012/10/21 15:58:21 | 176,245,035 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.mp4
    [2012/10/21 15:51:42 | 000,146,616 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg
    [2012/10/21 15:49:03 | 000,146,616 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg.bak
    [2012/10/21 13:41:40 | 000,519,296 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4.sfk
    [2012/10/21 13:31:01 | 176,506,215 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4
    [2012/10/21 12:52:56 | 000,001,005 | ---- | M] () -- d:\Users\Ahmad\Desktop\Format Factory.lnk
    [2012/10/21 12:23:00 | 131,624,551 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2.mp4
    [2012/10/21 12:11:42 | 000,011,352 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2.veg
    [2012/10/18 20:55:38 | 250,360,276 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC S1.mp4
    [2012/10/18 20:44:12 | 000,017,704 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC S1.veg
    [2012/10/18 18:37:34 | 000,002,436 | ---- | M] () -- d:\Users\Ahmad\Documents\Register Vegas Pro.htm
    [2012/10/16 15:06:13 | 037,666,703 | ---- | M] () -- d:\Users\Ahmad\Desktop\blender-2.64a-release-windows64.exe
    [2012/10/15 16:02:07 | 022,937,177 | ---- | M] () -- d:\Users\Ahmad\Desktop\My Movie.mp4
    [2012/10/09 20:39:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/10/09 20:39:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/10/09 12:14:52 | 000,012,945 | ---- | M] () -- d:\Users\Ahmad\donate1.png
    [2012/10/09 12:14:51 | 000,011,119 | ---- | M] () -- d:\Users\Ahmad\donate03.png
    [2 d:\Users\Ahmad\Desktop\*.tmp files -> d:\Users\Ahmad\Desktop\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/04 02:00:26 | 000,540,977 | ---- | C] () -- d:\Users\Ahmad\Desktop\adwcleaner.exe
    [2012/11/03 01:51:08 | 000,098,290 | ---- | C] () -- C:\TDSSKiller.2.8.15.0_03.11.2012_01.42.26_log.zip
    [2012/11/02 16:39:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/02 16:39:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/02 16:39:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/02 16:39:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/02 16:39:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/02 11:28:42 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/11/02 02:44:02 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
    [2012/11/02 02:44:01 | 000,002,114 | ---- | C] () -- d:\Users\Ahmad\Desktop\SpyHunter.lnk
    [2012/11/02 01:25:00 | 000,101,192 | --S- | C] () -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
    [2012/10/28 17:09:33 | 000,000,000 | ---- | C] () -- d:\Users\Ahmad\AppData\Local\Temptable.xml
    [2012/10/21 16:15:08 | 031,790,964 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.mp4
    [2012/10/21 16:08:41 | 000,012,688 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg
    [2012/10/21 16:08:41 | 000,011,352 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg.bak
    [2012/10/21 13:41:27 | 000,519,296 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4.sfk
    [2012/10/21 13:28:06 | 176,506,215 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4
    [2012/10/21 13:20:06 | 176,245,035 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.mp4
    [2012/10/21 13:09:52 | 000,146,616 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg.bak
    [2012/10/21 13:09:52 | 000,146,616 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg
    [2012/10/21 12:52:56 | 000,001,005 | ---- | C] () -- d:\Users\Ahmad\Desktop\Format Factory.lnk
    [2012/10/21 12:20:22 | 131,624,551 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2.mp4
    [2012/10/21 12:11:42 | 000,011,352 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2.veg
    [2012/10/18 20:51:58 | 250,360,276 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC S1.mp4
    [2012/10/18 20:44:12 | 000,017,704 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC S1.veg
    [2012/10/18 18:15:27 | 000,002,436 | ---- | C] () -- d:\Users\Ahmad\Documents\Register Vegas Pro.htm
    [2012/10/16 15:05:36 | 037,666,703 | ---- | C] () -- d:\Users\Ahmad\Desktop\blender-2.64a-release-windows64.exe
    [2012/10/15 16:01:42 | 022,937,177 | ---- | C] () -- d:\Users\Ahmad\Desktop\My Movie.mp4
    [2012/10/09 12:14:40 | 000,012,945 | ---- | C] () -- d:\Users\Ahmad\donate1.png
    [2012/10/09 12:14:40 | 000,011,119 | ---- | C] () -- d:\Users\Ahmad\donate03.png
    [2012/09/26 03:24:51 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/09/26 03:24:51 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/07/30 22:43:20 | 006,996,125 | ---- | C] () -- d:\Users\Ahmad\DSC_6092.jpg
    [2012/07/30 22:43:20 | 003,993,320 | ---- | C] () -- d:\Users\Ahmad\DSC_6091.jpg
    [2012/07/29 21:09:50 | 000,149,811 | ---- | C] () -- d:\Users\Ahmad\IMG_2644.jpg
    [2012/07/29 21:09:50 | 000,135,680 | ---- | C] () -- d:\Users\Ahmad\IMG_2643.jpg
    [2012/07/29 21:09:50 | 000,094,974 | ---- | C] () -- d:\Users\Ahmad\IMG_2645.jpg
    [2012/07/28 20:24:10 | 001,908,717 | ---- | C] () -- d:\Users\Ahmad\scan-side1.jpg
    [2012/07/28 20:24:10 | 001,880,979 | ---- | C] () -- d:\Users\Ahmad\Scan-side2.jpg
    [2012/07/26 19:00:57 | 182,213,604 | ---- | C] () -- d:\Users\Ahmad\TV-003141.rar
    [2012/07/26 19:00:57 | 182,212,858 | ---- | C] () -- d:\Users\Ahmad\TV-003138.rar
    [2012/07/26 19:00:57 | 182,174,078 | ---- | C] () -- d:\Users\Ahmad\TV-003139.rar
    [2012/07/26 19:00:57 | 182,172,719 | ---- | C] () -- d:\Users\Ahmad\TV-003132.rar
    [2012/07/26 19:00:57 | 182,163,364 | ---- | C] () -- d:\Users\Ahmad\TV-003144.rar
    [2012/07/26 19:00:57 | 182,111,756 | ---- | C] () -- d:\Users\Ahmad\TV-003135.rar
    [2012/07/26 19:00:57 | 182,097,290 | ---- | C] () -- d:\Users\Ahmad\TV-003142.rar
    [2012/07/26 19:00:57 | 182,092,492 | ---- | C] () -- d:\Users\Ahmad\TV-003136.rar
    [2012/07/26 19:00:57 | 182,051,558 | ---- | C] () -- d:\Users\Ahmad\TV-003137.rar
    [2012/07/26 19:00:57 | 182,029,046 | ---- | C] () -- d:\Users\Ahmad\TV-003143.rar
    [2012/07/26 19:00:57 | 181,959,805 | ---- | C] () -- d:\Users\Ahmad\TV-003145.rar
    [2012/07/26 19:00:57 | 181,931,299 | ---- | C] () -- d:\Users\Ahmad\TV-003134.rar
    [2012/07/26 19:00:57 | 181,861,484 | ---- | C] () -- d:\Users\Ahmad\TV-003131.rar
    [2012/07/26 19:00:57 | 181,838,518 | ---- | C] () -- d:\Users\Ahmad\TV-003140.rar
    [2012/07/26 19:00:57 | 181,810,899 | ---- | C] () -- d:\Users\Ahmad\TV-003133.rar
    [2012/07/22 20:58:25 | 000,000,083 | ---- | C] () -- d:\Users\Ahmad\mercurial.ini
    [2012/07/22 02:06:58 | 000,004,165 | ---- | C] () -- d:\Users\Ahmad\AppData\Roaming\LTspiceIV.ini
    [2012/07/18 19:01:17 | 000,007,605 | ---- | C] () -- d:\Users\Ahmad\AppData\Local\Resmon.ResmonCfg
    [2012/07/04 02:24:33 | 000,000,734 | ---- | C] () -- d:\Users\Ahmad\AppData\Roaming\DriveCalculator Preferences
    [2012/07/03 15:24:21 | 000,000,122 | ---- | C] () -- C:\Windows\solvermfc.INI
    [2012/07/03 01:32:44 | 000,879,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/02 13:54:13 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2012/07/02 12:18:12 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2012/07/01 15:01:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/07/01 15:00:55 | 000,040,304 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/06/15 16:46:44 | 000,426,344 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/19 15:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2011/09/19 15:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
  12. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    OTL.txt Part 3

    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: SPCC SSD110
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD10EALX-009BA0
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 112.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 932.00GB
    Starting Offset: 1048576
    Hidden sectors: 0

    [2012/09/06 18:44:46 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/07/01 18:31:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/07/02 20:01:07 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
    [2009/07/14 12:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
    [2012/07/01 23:09:48 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache

    < %systemroot%\system32\sysprep >

    < c:\*.xpi /s /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %appdata%\*.* >
    [2012/07/04 02:24:33 | 000,000,734 | ---- | M] () -- d:\Users\Ahmad\AppData\Roaming\DriveCalculator Preferences
    [2012/08/15 21:45:48 | 000,004,165 | ---- | M] () -- d:\Users\Ahmad\AppData\Roaming\LTspiceIV.ini

    < MD5 for: AFD.SYS >
    [2011/12/28 11:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/28 12:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2009/07/14 07:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/28 12:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2010/11/20 17:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/12/28 11:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/28 11:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
    [2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 14:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 14:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 14:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 14:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 14:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/14 09:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/14 09:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
    [2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 21:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2011/02/25 14:33:28 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=2BAFD52623B3DF4133051F6FB7D3D844 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.20909_none_728fcff92e9f18d5\volsnap.sys
    [2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
    [2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
    [2011/02/25 14:28:30 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
    [2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\SysNative\drivers\volsnap.sys
    [2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_172b2b408bc1849e\volsnap.sys
    [2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16767_none_71c3512c15b3f0dc\volsnap.sys
    [2011/02/25 14:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 15:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
    [2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < End of report >
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
    Also, let me know if Normal Mode is accessible. :)
  14. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    You're amazing =D

    The symptoms, at least, are gone in normal mode - this includes both the windows command processor popup and the inability to run most programs.

    In terms of the scan, it only took about 10s to run - short enough that I didn't have too much time to pay attention, but I'm not sure if it actually ended up hiding my desktop and start menu?

    Here is the log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YjwJwqhv deleted successfully.
    d:\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe moved successfully.
    File move failed. d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe scheduled to be moved on reboot.
    d:\Users\Ahmad\AppData\Local\qdfwmqxf folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    d:\Users\Ahmad\Desktop\cmd.bat deleted successfully.
    d:\Users\Ahmad\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Ahmad
    ->Temp folder emptied: 122244274 bytes
    ->Temporary Internet Files folder emptied: 11276897 bytes
    ->Java cache emptied: 3540010 bytes
    ->FireFox cache emptied: 66715223 bytes
    ->Opera cache emptied: 5795453 bytes
    ->Flash cache emptied: 82772 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 190389 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1126326 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46421832 bytes
    RecycleBin emptied: 734028743 bytes

    Total Files Cleaned = 946.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11052012_110944

    Files\Folders moved on Reboot...
    d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe moved successfully.
    d:\Users\Ahmad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Awaiting further instruction =D

    Many thanks,
    Nereth
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Right on! :)

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    If it all appears to be good after that, we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

      Caution: Only use the Registry feature if you are very familiar with the registry.
      Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

      Security Check

      Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
      • Save it to your Desktop.
      • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
      • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  16. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hi,

    Bad news from the Eset scan :( Some 500 odd infections of various versions of Ramnit. As I understand it, the number of infections indicate that this isn't a false positive, and Ramnit is kind of a 'give up and reformat' virus, but I will wait to hear from you first.

    I didn't proceed with the rest of the steps since if there *is* something we can do I suspect we will need these programs again?

    Log needs to be split into two parts, here is the first:

    C:\Games\StarCraft II\Support\ErrorReporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\StarCraft II\Support\fmodex_4_28_08.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\StarCraft II\Support\fmodex_4_28_09.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\StarCraft II\Support\icuin44.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\StarCraft II\Support\icuuc44.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\StarCraft II\Support\RzAPM.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Games\World of Warcraft\DivxDecoder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    C:\Qoobox\Quarantine\d\Users\Ahmad\AmazingTit****.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    C:\Qoobox\Quarantine\d\Users\Ahmad\BoyTreats.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    C:\Qoobox\Quarantine\d\Users\Ahmad\BustyShemale.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    C:\Qoobox\Quarantine\d\Users\Ahmad\LittleBitch.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    C:\Qoobox\Quarantine\d\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    D:\Fraps\frapslcd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\3.3.5\DivxDecoder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\3.3.5\ijl15.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\avcodec-54.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\avdevice-53.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\avfilter-2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\avformat-54.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\avutil-51.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\Awesomium.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\DumpTruck.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\FirefallClient.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\hwstats.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\HWStats.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\libx264-124.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\postproc-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\swresample-0.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\twitch.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\unzip32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\system\bin\Microsoft.VC90.CRT\msvcm90.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\Firefall\Firefall\uninstall\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\ALAudio.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\avcodec-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\avformat-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\avutil-50.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\bdcap32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\beecrypt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\D3DDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\DefOpenAL32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\DSETUP.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\encvag.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\Fire.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\fmodex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\IFC23.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\IpDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\msxml4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\npkpdb.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\NSplash.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\ogg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\vcomp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\vorbis.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\vorbisfile.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\Window.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\WinDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2\System\wrap_oal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2 launcher\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2 launcher\PMBWrapperLib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2 launcher\UnRar.Net.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Games\L2 launcher\XDelta.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files\TortoiseHg\Pageant.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files\WinRAR\RarExt32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files\WinRAR\Formats\ace32loader.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Alcohol Soft\Alcohol 120\MSIMG32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Alcohol Soft\Alcohol 120\pfctoc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\LiteZip.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\ANSOF100.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\an_3dpattern.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\an_polar.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\an_smith.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\an_xychart.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\borlndmm.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\cc3250mt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\liblinsolver_mcr\toolbox\stateflow\stateflow\sf.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\AN-SOF100 v2.7\MCR\Setup.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FFsplit\ffmpeg.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\BCGCBPRO1800u100.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFInst.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\MediaInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\ShellEx_101.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\avdevice-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\drvc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\FFMpeg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\js32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\libebml.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\mkvmerge.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\mp4box.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\PicConvert.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\postproc-51.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMEncoder.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\timidity.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\wavpack.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\dshownative.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\pthreadGC2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\aslcodec_dshow.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\CLRVIDDC.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\clrviddd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\CtWbJpg.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\icmw_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ir41_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ir50_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ivvideo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\LCMW2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\LCODCCMW2E.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\lsvxdec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\m3jp2k32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\qpeg32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\qtmlClient.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\rt32dcmp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\tvqdec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vmnc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp4vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp5vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp6vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp7vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264core.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264dec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vsshdsd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vsswlt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\wms10dmod.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\mplayer\unrar.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffmpeg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_kernelDeint.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_liba52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libdts.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libfaad2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libmad.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_samplerate.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_unrar.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_wmv9.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\TomsMoComp_ff.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avs.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avss.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\dxr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mkx.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mkzlib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mp4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\ogm.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\ts.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\helixprodctrl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\msvcp71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\codecs\erv3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\codecs\erv4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\common\rembrdcst.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\dnet3260.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\drvc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv10.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv20.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv30.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv40.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\plugins\rmwrtr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\plugins\smplfsys.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiodelaycomp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiofmtconverter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiolimiter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiolosslesscodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiometer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audioresampler.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\avireader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\capture.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\dsreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\encsession.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\eventpack.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\log.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\logobserverfile.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\mediasink.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\movreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\mpeg4audiopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\packetsource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\qtreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rbsbroadcast.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmmerge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmsessionformat.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmtools.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmwriter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnaudiocodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnaudiopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnvideocodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnvideopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videocolorconverter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videodupframedropper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videolumaadj.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videonoisefilter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videoprogressive.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videoresizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\LTC\LTspiceIV\moveexe.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\LTC\LTspiceIV\scad3.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\LTC\LTspiceIV\unlink.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\MCRCustomActions.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\bridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\comcli.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\compiler.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\ctfarchiver.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dfdlg100.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dformd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dforrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\DXEnumerator.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\hdf5.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\hg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\icuin24.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\icuuc24.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\JavaAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\JAWTAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\jmi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libguide40.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwcli.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwlapack.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwservices.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libut.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mclmcr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mcr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_def.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p4p.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mlautoregister.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\MMCodecChooser.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\MMUtils.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mpath.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mwoles05.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mwregsvr.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\m_dispatcher.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\nativejava.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\PreviewWindow.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\rxtxSerial.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\udd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\uiw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\VideoDeviceChooser.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\VideoFormatInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\WindowsAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\xerces-c_2_1_0.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mclcom71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mclmcrrt71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mfc71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\msvcp71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mwcommgr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mwcomutil.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\PrintImage.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\java\jre\win32\jre1.4.2_04\javaws\JavaWebStart.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\java\jre\win32\jre1.4.2_04\javaws\javawspl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\perlcore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\PerlCRT.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\perlez.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\PerlSE.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\attrs\attrs.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\B\B.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Data\Dumper\Dumper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Fcntl\Fcntl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\IO\IO.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Opcode\Opcode.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\POSIX\POSIX.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\SDBM_File\SDBM_File.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Socket\Socket.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Compress\Zlib\Zlib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\DBD\mysql\mysql.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\DBI\DBI.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\MIME\Base64\Base64.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Storable\Storable.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Win32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\AdminMisc\AdminMisc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\API\API.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\ChangeNotify\ChangeNotify.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Clipboard\Clipboard.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Console\Console.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Event\Event.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\File\File.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\FileSecurity\FileSecurity.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Internet\Internet.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\IPC\IPC.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Mutex\Mutex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\NetAdmin\NetAdmin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\NetResource\NetResource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\ODBC\ODBC.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\OLE\OLE.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\PerfLib\PerfLib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Pipe\Pipe.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Process\Process.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Registry\Registry.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Semaphore\Semaphore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Service\Service.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Setupsup\Setupsup.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Shortcut\Shortcut.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Sound\Sound.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\WinError\WinError.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32API\Net\Net.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32API\Registry\Registry.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\XML\Parser\Expat\Expat.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\XML\Parser\Expat\bin\xmlparse.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\winaudioplayer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\winaudiorecorder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\@avifile\private\avi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MatlabDataSink.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MatlabDataSource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MMCodecChooserMex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\VideoDeviceChooserMex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\WinMMFileInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\src\AudioPlayer\Release\winaudioplayer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\src\AudioRecorder\Release\winaudiorecorder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\imagesci\private\rtifc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\imagesci\private\wtifc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\iofun\memgetbyte.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\iofun\memmap.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\verctrl\verctrl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\winfun\ddeadv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\winfun\ddeunadv.dll a variant of Win32/Ramnit.AM virus deleted - quarantine
  17. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Second half of ESET log

    D:\Program Files (x86)\Pingzapper\Engine\libeay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Pingzapper\Engine\putty_pz.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Pingzapper\Libs\libcef.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Pingzapper\Libs\libeay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Pingzapper\Libs\ssleay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\ApexFramework_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Clothing_Legacy_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Clothing_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Destructible_Legacy_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Destructible_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\binkw32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\cudart32_41_22.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\EasyHook32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\fbxsdk_20113_1.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\fbxsdk_20113_1d.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Microsoft.Xna.Framework.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\nvtt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\NxCharacter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXCooking.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXCore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXDevice.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXExtensions.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXLoader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\SteamWrapper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\3dnow\libmemcpy3dn_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_attachment_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_ftp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_rar_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_smb_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_tcp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_udp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libcdda_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdtv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libidummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\librtp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libscreen_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libsdp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvcd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfixed32_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_file_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libkate_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libquicktime_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libstl_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libt140_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libx264_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libdummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libgestures_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libntservice_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libau_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libgme_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libh264_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libimage_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\liblive555_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmod_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libps_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libpva_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libreal_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libts_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libty_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Recorded games\sZxJvjf a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    D:\Users\Ahmad\AppData\Local\assembly\dl3\XMTRMJK9.D5Z\8NQ0RJAO.OXJ\ad6ebae5\005ad78d_04cfca01\UnRar.Net.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\AppData\Local\assembly\dl3\XMTRMJK9.D5Z\8NQ0RJAO.OXJ\ad6ebae5\17f3fba9_1c8ccd01\UnRar.Net.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\AppData\LocalLow\Sun\Java\jre1.7.0_05\lzma.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Desktop\ISOs\Altium.Designer.v10.0.iSO-HS\Altium\7za.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Desktop\ISOs\Altium.Designer.v10.0.iSO-HS\Altium\Private License Server Setup\Setup\Setup.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelEventLog.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelReviewer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelView.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Downloads\LTspiceIV.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Ahmad\Downloads\RogueKiller.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\odeditor.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\AccessibleMarshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\crashreporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\freebl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\IA2Marshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\javaxpcomglue.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\js3250.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\mozcrt19.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nspr4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nss3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssckbi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssdbm3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssutil3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plc4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plds4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\smime3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\softokn3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\sqlite3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\ssl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\updater.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpcom.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpcshell.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpidl.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpt_dump.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpt_link.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xul.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xulrunner-stub.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xulrunner.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plugins\npnul32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\odeditor.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\AccessibleMarshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\crashreporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\freebl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\IA2Marshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\javaxpcomglue.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\js3250.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\mozcrt19.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nspr4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nss3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssckbi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssdbm3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssutil3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plc4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plds4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\smime3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\softokn3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\sqlite3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\ssl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\updater.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpcom.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpcshell.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpidl.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpt_dump.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpt_link.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xul.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xulrunner-stub.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xulrunner.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plugins\npnul32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
    D:\_OTL\MovedFiles\11052012_110944\d_Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
    D:\_OTL\MovedFiles\11052012_110944\d_Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Win32/Ramnit is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

    The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

    The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

    The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

    Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

    If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

    Removal method:

    It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

    I recommend the following articles to read:
    Guides for format and reinstall:

    http://www.helpmyos.com/tutorials-s...-your-operating-system-the-easy-way-t1307.htm

    However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
    If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

    Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
  19. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hi there,

    So I guess I will take your advice and reformat - and this time make sure I actually have running antivirus software at all times.

    However, I am a bit confused. The wording of your post indicates that I only need to reinstall the OS, rather than just reformat the entire hard drive. Is this actually the case? Would the virus not survive in the non-OS-related files? This will really be quite quick and painless if I can save my programs I think, but I'm not sure that is the case.

    Assuming that I do have to do a full reformat and lose everything, there are various files, and some programs, which I would really hate to lose. How can I accurately test for the presence of the virus, and safely transfer them to the new install if they are clean?

    Also I am worried that it might have gone onto my android device when I used it as USB storage a week or two ago (And the USB stick I used just two days ago D:). Is there a way to check this and possibly clean these devices?

    Thanks for your time,
    Nereth
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry, you cannot save the programs. No files are salvageable sadly.

    The only thing we can do is to continue to scan the system with three different scans that can disinfect it all, you'd have to test the files you'd like to keep and see if they still open. If not, they're damaged beyond repair.

    I doubt it gone on to the Android device. Find a free antivirus for Android on the App Store, and scan to see for sure.
  21. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Ok then, well if I can choose between having a bunch of infected files and having a bunch of broken files on my computer, I will definitely choose broken files, since that way it is both obvious what needs replacing, and not likely to ruin the new install if I mess up.

    So definitely my choice is to "kill it with fire" so to speak, and see what survives afterwards :p

    Lead on, and let us crush this virus!

    =D

    By the way, can you tell me what file types are generally at risk? I read somewhere that even .TXTs and .DOCs are potential risks, I need to be careful of corrupting those if that is the case, it would be worth my time to print or copy and paste some of them out first or something since there is some important work that could be lost otherwise.

    Thanks for your help,
    -Nereth
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    All file types.

    Once the file is infected, it gets damaged, and may be impossible to access...

    Here is the scan list:


    Norman Malware Cleaner

    Please download Norman Malware Cleaner and save to your desktop.
    alternate download link
    • Double-click on Norman_Malware_Cleaner.exe to start the program.
    • Read the End User License Agreement and click the Accept button to open the scanning window.
    • Click Start Scan to begin.
    • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
    • After the scan has finished, a log file with the date (I.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
    Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.

    Panda ActiveScan

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
  23. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    I'm going to have to sleep (Australia!) before I can go through with that, but I will just ask one more question before I do so I can be clear on what will be happening when I get to this tomorrow:

    If a file is going to be inaccessible due to the virus, is it going to be inaccessible even before the AV processes above? Or is it the scanning/curing process that can break them? Judging by what ESETs scan did (deleted infected .DLLs etc and therefore broke some programs), I can understand that a lot of programs will break, but what about documents? Could an otherwise accessible document become broken or deleted after we go through with these fixes? If so I should go through and try to salvage them first before doing this as I don't know if they will come out corrupted, if not, I can just wait and see.
    DragonMaster Jay likes this.
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It will be inaccessible before and/or after the AV processes - Just depends.

    Sometimes the virus breaks them, sometimes the removal tools break them - Just depends.

    Programs will probably continue breaking. Programs are nontransferable anyway, unless they're portable versions (most aren't).
  25. Nereth

    Nereth Newcomer, in training Topic Starter Posts: 24

    Hi there,

    Sorry to keep asking these questions - if that's the case, I read somewhere a while ago while researching this stuff that there was a way to make a USB flash disk safe for use with this virus, despite the fact that they are usually an infection vector for it. Something like cleaning the flash disk, and then putting some kind of file into it that would prevent the virus from transferring itself on. I'm not sure if I misunderstood this or not, but if this is possible, would you be able to help me do this?

    Best regards,
    Nereth
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.