Solved Windows command processor and possibly more

[Nereth]

Hello,

I am hoping someone can help me resolve my virus issues without need of a reformat D:

Here are the symptoms:

1) Windows command processor keeps asking me to give it permission to run. I haven't yet.

2) Some programs are currently acting very unpredictably outside of safe mode, example on some reboots, firefox won't start, on others it will. Just now it wasn't, then I decided to restart, then cancelled halfway through before confirming I wanted stuff closed, as a result the windows command processor thing closed itself seemingly permanently and then firefox was working again.

3) This means I often can't get antivirus programs to run outside of safe mode. Presumably next time I restart my computer I will lose the ability to run stuff outside of safe mode again.

4) I tried unsuccesfully to fix this on my own before coming here (probably was a mistake, I'm sorry ). This included running malwarebytes, a 1 month outdated copy of NOD32, and a system restore. System restore did nothing. NOD32 found Ramnit and couldn't clean it, which I pray was an error on its behalf because neither malwarebytes nor spyhunter (free version, can't remove stuff) found ramnit and I really don't want to have to reformat.

I am currently going through the 5 preliminary steps. Here is their status:

1) Could not run MSE - I managed to install it but it cannot manage to get an internet connection to update itself (despite my internet being connected). It won't run in safe mode so currently can't really deal with that. Skipping this step for now I guess? Can probably install it once the virus is removed from the system.

2) Running malwarebytes currently outside of safe mode, but as described above, my the virus seems to be inactive again after that partial reboot, so not sure if it will find it. Note that without safemode, I usually cannot run malwarebytes. Even the chameleon would not run properly yesterday, I could start it but it seemed unable to do anything of note. I forgot to write down what errors it threw. If we need to try again I will do so.

I have accidentally already started a full scan in malwarebytes, instead of a quick scan as recommended by the 5 step virus removal preliminary steps. I hope this is not an issue, the full scan is nearly complete as I write this. If necessary I will do a quick scan afterwards and repeat the steps. Please let me know.

3) No modifications found.

4) DDS instructions asked for attach.txt to be zipper and attached. Instructions from the sticky asked for all files to be posted, not attached. I wasn't sure what to do so I did both. Or at least, I tried to do both, but then the forum reported an error uploading, so I just pasted it instead.

5)

Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ahmad :: AHMAD-WORK [administrator]

2/11/2012 2:47:11 PM
mbam-log-2012-11-02 (14-47-11).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 487763
Time elapsed: 36 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Gmer log:

(empty)

DDS.txt

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by Ahmad at 15:52:39 on 2012-11-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.4739 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
d:\Program Files (x86)\Pingzapper\PZService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [PlayNC Launcher] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: D:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
StartupFolder: D:\PROGRA~1\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{700BA019-042B-40AC-A34E-ED48B320EFC3} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [TortoiseHgOverlayIconServer] D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\60nu6rwl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\60nu6rwl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; D:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-1 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-1 13592]
R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-2 399432]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-1 1258344]
R2 PingzapperSvc;Pingzapper Service;D:\Program Files (x86)\Pingzapper\PZService.exe [2012-8-25 679424]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
R2 StarWindServiceAE;StarWind AE Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-15 382312]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-1 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-1 786200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-2 25928]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2011-11-10 60184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-1 646248]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-2 116648]
S2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-2 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-2 250808]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-9-27 89160]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-2 22704]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-2 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-2 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 115168]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-8-17 109624]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2010-7-26 15360]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-11-02 06:46:27 9291768 ----a-w- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFFB410B-8406-4ABF-B5DB-BD940EE0CC78}\mpengine.dll
2012-11-02 06:17:24 101192 ----a-w- d:\Users\Ahmad\AmazingTit****.scr
2012-11-02 05:43:27 101192 ----a-w- d:\Users\Ahmad\LittleBitch.scr
2012-11-02 05:13:57 101192 ----a-w- d:\Users\Ahmad\BustyShemale.scr
2012-11-02 04:37:21 101192 ----a-w- d:\Users\Ahmad\BoyTreats.scr
2012-11-02 03:36:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-02 03:36:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-02 03:05:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-02 02:56:27 9309624 ----a-w- d:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A80A4948-0D72-41B6-B5B3-1ACC845D0411}\mpengine.dll
2012-11-01 18:44:02 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-01 18:44:01 110080 ----a-r- d:\Users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-01 18:44:01 -------- d-----w- C:\sh4ldr
2012-11-01 18:44:01 -------- d-----w- C:\Program Files\Enigma Software Group
2012-11-01 18:43:52 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-01 18:42:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-01 17:25:00 101192 --s---w- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
2012-11-01 17:25:00 -------- d-----w- d:\Users\Ahmad\AppData\Local\qdfwmqxf
2012-10-27 13:44:17 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-27 13:44:17 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-10-21 04:52:47 -------- d-----w- d:\ProgramData\Ask
2012-10-21 04:01:44 -------- d-----w- d:\Users\Ahmad\AppData\Roaming\Sony Creative Software Inc
2012-10-19 15:38:11 -------- d-----w- d:\Users\Ahmad\AppData\Local\StreamPrivacy
2012-10-18 18:56:45 -------- d-----w- d:\Users\Ahmad\AppData\Local\FFsplit
2012-10-18 10:22:48 -------- d-----w- C:\Program Files (x86)\Sony
2012-10-18 10:18:34 -------- d-----w- C:\Windows\System32\appmgmt
2012-10-18 09:46:26 -------- d-----w- d:\Users\Ahmad\AppData\Local\Sony
2012-10-16 07:11:52 -------- d-----w- d:\Users\Ahmad\AppData\Roaming\Blender Foundation
2012-10-16 07:11:31 -------- d-----w- d:\Users\Ahmad\.thumbnails
.
==================== Find3M ====================
.
2012-10-09 12:39:15 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 12:39:15 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-16 13:34:26 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-08-30 14:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 14:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 13:18:02 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-30 13:18:00 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
.
============= FINISH: 15:52:45.11 ===============

attach.txt
(too large, splitting across two posts)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/07/2012 2:42:20 PM
System Uptime: 2/11/2012 11:33:05 AM (4 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-M
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 31.882 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 575.757 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 2/11/2012 1:55:21 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Altium Designer Release 10
AN-SOF100 v2.7
µTorrent
Bandicam
Bandisoft MPEG-1 Decoder
COSMOSM 2012 x64 Edition (2010/290)
Crystal Reports for Visual Studio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition
ESET NOD32 Antivirus
FFsplit version Alpha
FormatFactory 3.00
Fraps (remove only)
GOM Player
GOMTV Streamer
Google Earth
Google Update Helper
Guild Wars 2
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Lineage II
LTspice IV
Malwarebytes Anti-Malware version 1.65.1.1000
MATLAB Component Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Help Viewer 1.0
Microsoft Office 2003 Web Components
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Movie Maker
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
NVIDIA 3D Vision Controller Driver 302.82
NVIDIA 3D Vision Driver 302.82
NVIDIA Control Panel 302.82
NVIDIA Graphics Driver 302.82
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.9.10
NVIDIA Update Components
Opera 12.00
Pando Media Booster
Photo Common
Photo Gallery
Pingzapper version 1.1.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 5.10
SolidWorks 2012 x64 Edition SP0
SolidWorks eDrawings 2012 x64 Edition SP0
SolidWorks Explorer 2012 SP0 x64 Edition
SolidWorks Flow Simulation 2012 SP0 x64 Edition
Spyder3Pro
SpyHunter
Sql Server Customer Experience Improvement Program
StarCraft II
Steam
SteelSeries Xai Laser Mouse
Super Meat Boy
TortoiseHg 2.4.1 (x64)
TowerVPN 1.0.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vegas Pro 12.0 (64-bit)
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.2
Web Deployment Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
WinZip 16.0
World of Warcraft
Xvid Video Codec
.

 

[Nereth]

attach.txt (continued)

==== Event Viewer Messages From Past Week ========
.
2/11/2012 2:46:35 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 2:46:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 2:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 2:44:15 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 2:44:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 2:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 2:44:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1150.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 2:44:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1150.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 2:42:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 12:42:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 12:42:39 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 12:42:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:42:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:42:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 12:16:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 11:51:13 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:51:08 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:51:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:50:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:50:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:44:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 11:40:49 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:40:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:40:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:40:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:40:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:40:10 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
2/11/2012 11:39:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:39:30 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:39:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:39:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:39:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/11/2012 11:38:31 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Ahmad-Work\Ahmad Error Code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:38:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
2/11/2012 11:38:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
2/11/2012 11:38:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.8904.0 Previous Engine Version: Engine Type: Antimalware User: Ahmad-Work\Ahmad Error Code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
2/11/2012 11:38:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.139.1140.0 Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Full User: Ahmad-Work\Ahmad Current Engine Version: 1.1.8904.0 Previous Engine Version: Error code: 0x80508007 Error description: Your computer is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
2/11/2012 11:37:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 11:37:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/11/2012 11:32:03 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 11:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/11/2012 11:30:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/11/2012 11:29:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 11:29:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/11/2012 11:29:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/11/2012 11:29:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/11/2012 11:29:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/11/2012 11:29:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv spldr Wanarpv6
2/11/2012 11:29:38 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
2/11/2012 10:55:48 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: Not enough storage is available to process this command.
2/11/2012 1:53:25 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
2/11/2012 1:30:42 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/11/2012 1:30:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/11/2012 1:30:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eamonm ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/11/2012 1:30:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

Note from poster:

I am aware that, at least to me, it looks like my computer is fine right now - If this is the case, I think this is a result of the half-shutdown thing I mentioned earlier. After I post this, I am going to reset my computer and check that the symptoms of the viruses still exist. I will edit this post and mention whether the viruses are still noticeable. I am aware that I may need to repeat this 5 step process after restart while the viruses are active (I would likely then have to do it in safe mode). Please let me know if this is the case. If they do not show up, I am aware that it does not necessarily mean my computer is clean, and I will await further instruction.

Thankyou for your help,
-Nereth

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Nereth]

Hello, and thankyou very much for your lightning-quick response!

Some notes:

1) Upon restart, in normal (not safe) mode, the virus was indeed back. Firefox was extremely unstable and the screens kept turning black, and the computer kept freezing - as a result I chose to download and run ComboFix in safe mode.

2) In safe mode, although I was able to turn off the real time protection from MSE, I was not able to find a way to turn off NOD32s protection (since the GUI is not the same in safe mode, I couldn't figure out how). I am unsure if NOD32 even has real time protection in safe mode.

3) Combofix was complaining about MSE (which I had turned off) and NOD32 (which I couldn't turn off), but I ran it anyway :O

4) Does it matter that I am not saving and running these programs from the desktop as instructed? I hope not - my desktop is cluttered enough as it is! Please let me know.

Combofix Log:

ComboFix 12-10-31.03 - Ahmad 02/11/2012 16:40:13.1.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.6624 [GMT 8:00]
Running from: d:\users\Ahmad\Desktop\Downloaded youtube songs\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
d:\users\Ahmad\AmazingTit****.scr
d:\users\Ahmad\AppData\Local\7e5dac6d1.log
d:\users\Ahmad\AppData\Local\assembly\tmp
d:\users\Ahmad\AppData\Local\bgqplpgm.log
d:\users\Ahmad\AppData\Local\cdgijwjg.log
d:\users\Ahmad\AppData\Local\fyeauish.log
d:\users\Ahmad\AppData\Local\lsofilem.log
d:\users\Ahmad\AppData\Local\mfkgmfkd.log
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35DA69BE-5951-436D-BDE4-3C5C553AE984}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51A65351-774F-417D-8315-91545247E73A}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8098FAA2-0130-4332-8D46-9FB01801AB92}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F67A50FA-E1CD-4BFA-B225-2F1803C7E4F3}.xps
d:\users\Ahmad\AppData\Local\oxbdveog.log
d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
d:\users\Ahmad\AppData\Local\smtoponx.log
d:\users\Ahmad\BoyTreats.scr
d:\users\Ahmad\BustyShemale.scr
d:\users\Ahmad\LittleBitch.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-02 03:05 . 2012-09-29 11:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 18:44 . 2012-06-22 04:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- C:\sh4ldr
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- c:\program files\Enigma Software Group
2012-11-01 18:43 . 2012-11-01 18:44 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-01 18:42 . 2012-11-01 18:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-01 17:25 . 2012-11-02 08:42 -------- d-----w- d:\users\Ahmad\AppData\Local\qdfwmqxf
2012-11-01 17:25 . 2012-11-01 17:25 101192 --s---w- d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
2012-10-21 04:01 . 2012-10-21 04:01 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony Creative Software Inc
2012-10-19 15:38 . 2012-10-19 17:20 -------- d-----w- d:\users\Ahmad\AppData\Local\StreamPrivacy
2012-10-18 18:56 . 2012-10-18 18:56 -------- d-----w- d:\users\Ahmad\AppData\Local\FFsplit
2012-10-18 10:37 . 2012-10-18 10:37 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Publish Providers
2012-10-18 10:22 . 2012-10-18 10:22 -------- d-----w- c:\program files (x86)\Sony
2012-10-18 10:18 . 2012-10-18 10:18 -------- d-----w- c:\windows\system32\appmgmt
2012-10-18 09:46 . 2012-10-18 10:22 -------- d-----w- d:\users\Ahmad\AppData\Local\Sony
2012-10-18 09:42 . 2012-10-18 11:16 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony
2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Blender Foundation
2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\.thumbnails
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:39 . 2012-07-01 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 12:39 . 2012-07-01 16:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-16 13:34 . 2012-09-16 13:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-30 14:03 . 2012-08-30 14:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 14:03 . 2012-08-30 14:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 13:18 . 2012-08-30 13:18 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"AlcoholAutomount"="d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-09-18 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
yjwjwqhv.exe [2012-11-2 101192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-16 1258344]
R2 PingzapperSvc;Pingzapper Service;d:\program files (x86)\Pingzapper\PZService.exe [2012-06-11 679424]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-15 382312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-09-26 89160]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-02 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-08-17 109624]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 12:39]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]
"TortoiseHgOverlayIconServer"="d:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-06-08 47616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-YjwJwqhv - d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-GOM Player - d:\program files (x86)\GRETECH\GomPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 16:43:22
ComboFix-quarantined-files.txt 2012-11-02 08:43
.
Pre-Run: 34,131,980,288 bytes free
Post-Run: 34,497,056,768 bytes free
.
- - End Of File - - A54053AD78474E5AD02FBE61C29FF953

 

[Jay Pfoutz]

It's best to save to the Desktop and then run them. If we need to run scripts, the tools need to be easily accessible.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

 

[Nereth]

Hi there,

I have been trying to do as many scans as possible outside of safe mode for 'realism' but I am wandering if it is screwing anything up (e.g. aswMBR mentioned some kind of 'engine error', see log). Please let me know if I should be doing these in safe mode at all (I have to go back into safe mode each time I want to make/read a post here or download a file anyway XD )

1) TDSS killer report 500kb, zipped and uploaded.
2) aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-03 01:57:29
-----------------------------
01:57:29.859 OS Version: Windows x64 6.1.7600
01:57:29.859 Number of processors: 8 586 0x3A09
01:57:29.859 ComputerName: AHMAD-WORK UserName: Ahmad
01:57:30.020 Initialize success
01:59:17.291 AVAST engine error: 8
01:59:34.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:59:34.178 Disk 0 Vendor: SPCC_SSD 332A Size: 114473MB BusType: 3
01:59:34.179 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
01:59:34.180 Disk 1 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
01:59:34.181 Disk 0 MBR read successfully
01:59:34.182 Disk 0 MBR scan
01:59:34.184 Disk 0 Windows 7 default MBR code
01:59:34.185 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:59:34.186 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
01:59:34.189 Disk 0 scanning C:\Windows\system32\drivers
01:59:35.075 Service scanning
01:59:37.630 Modules scanning
01:59:37.633 Scan finished successfully
02:00:44.632 Disk 0 MBR has been saved successfully to "d:\Users\Ahmad\Desktop\MBR.dat"
02:00:44.635 The log file has been saved successfully to "d:\Users\Ahmad\Desktop\aswMBR.txt"

3) MBRscan renamed as a .txt and uploaded per your request.

Thankyou for your continued help!

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[Nereth]

Hi there!

Scans complete.

Combofix still seems to be reporting that my antivirus programs were enabled. I am quite sure I disabled both MSE and NOD32 before I used it however. Perhaps it is referring to the programs themselves rather than their 'active protection' status.

Combofix log:

ComboFix 12-10-31.03 - Ahmad 02/11/2012 16:40:13.1.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8148.6624 [GMT 8:00]
Running from: d:\users\Ahmad\Desktop\Downloaded youtube songs\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
d:\users\Ahmad\AmazingTit****.scr
d:\users\Ahmad\AppData\Local\7e5dac6d1.log
d:\users\Ahmad\AppData\Local\assembly\tmp
d:\users\Ahmad\AppData\Local\bgqplpgm.log
d:\users\Ahmad\AppData\Local\cdgijwjg.log
d:\users\Ahmad\AppData\Local\fyeauish.log
d:\users\Ahmad\AppData\Local\lsofilem.log
d:\users\Ahmad\AppData\Local\mfkgmfkd.log
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35DA69BE-5951-436D-BDE4-3C5C553AE984}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51A65351-774F-417D-8315-91545247E73A}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8098FAA2-0130-4332-8D46-9FB01801AB92}.xps
d:\users\Ahmad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F67A50FA-E1CD-4BFA-B225-2F1803C7E4F3}.xps
d:\users\Ahmad\AppData\Local\oxbdveog.log
d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
d:\users\Ahmad\AppData\Local\smtoponx.log
d:\users\Ahmad\BoyTreats.scr
d:\users\Ahmad\BustyShemale.scr
d:\users\Ahmad\LittleBitch.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-02 03:36 . 2012-11-02 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-02 03:05 . 2012-09-29 11:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 18:44 . 2012-06-22 04:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- C:\sh4ldr
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-01 18:44 . 2012-11-01 18:44 110080 ----a-r- d:\users\Ahmad\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-01 18:44 . 2012-11-01 18:44 -------- d-----w- c:\program files\Enigma Software Group
2012-11-01 18:43 . 2012-11-01 18:44 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-01 18:42 . 2012-11-01 18:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-01 17:25 . 2012-11-02 08:42 -------- d-----w- d:\users\Ahmad\AppData\Local\qdfwmqxf
2012-11-01 17:25 . 2012-11-01 17:25 101192 --s---w- d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
2012-10-21 04:01 . 2012-10-21 04:01 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony Creative Software Inc
2012-10-19 15:38 . 2012-10-19 17:20 -------- d-----w- d:\users\Ahmad\AppData\Local\StreamPrivacy
2012-10-18 18:56 . 2012-10-18 18:56 -------- d-----w- d:\users\Ahmad\AppData\Local\FFsplit
2012-10-18 10:37 . 2012-10-18 10:37 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Publish Providers
2012-10-18 10:22 . 2012-10-18 10:22 -------- d-----w- c:\program files (x86)\Sony
2012-10-18 10:18 . 2012-10-18 10:18 -------- d-----w- c:\windows\system32\appmgmt
2012-10-18 09:46 . 2012-10-18 10:22 -------- d-----w- d:\users\Ahmad\AppData\Local\Sony
2012-10-18 09:42 . 2012-10-18 11:16 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Sony
2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\AppData\Roaming\Blender Foundation
2012-10-16 07:11 . 2012-10-16 07:11 -------- d-----w- d:\users\Ahmad\.thumbnails
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:39 . 2012-07-01 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 12:39 . 2012-07-01 16:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-16 13:34 . 2012-09-16 13:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-30 14:03 . 2012-08-30 14:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 14:03 . 2012-08-30 14:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 13:18 . 2012-08-30 13:18 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"AlcoholAutomount"="d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-09-18 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
d:\users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
yjwjwqhv.exe [2012-11-2 101192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-16 1258344]
R2 PingzapperSvc;Pingzapper Service;d:\program files (x86)\Pingzapper\PZService.exe [2012-06-11 679424]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-15 382312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-09-26 89160]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-02 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 116648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-08-17 109624]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 12:39]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 11:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]
"TortoiseHgOverlayIconServer"="d:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-06-08 47616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-26 16:21; info@youtube-mp3.org; d:\users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-YjwJwqhv - d:\users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-GOM Player - d:\program files (x86)\GRETECH\GomPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-02 16:43:22
ComboFix-quarantined-files.txt 2012-11-02 08:43
.
Pre-Run: 34,131,980,288 bytes free
Post-Run: 34,497,056,768 bytes free
.
- - End Of File - - A54053AD78474E5AD02FBE61C29FF953

AdwCleaner log

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 02:06:12
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Ahmad - AHMAD-WORK
# Boot Mode : Normal
# Running from : D:\Users\Ahmad\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\searchplugins\Conduit.xml
File Deleted : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\searchplugins\search.xml
Folder Deleted : d:\ProgramData\Ask
Folder Deleted : d:\ProgramData\InstallMate
Folder Deleted : d:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\prefs.js

Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT[...]
Deleted : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
Deleted : user_pref("tfp.CT2653012", true);

-\\ Opera v12.0.1467.0

File : d:\Users\Ahmad\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1635 octets] - [04/11/2012 02:06:12]

########## EOF - d:\AdwCleaner[S1].txt - [1695 octets] ##########

Note that I ended up running Adwcleaner twice by accident, this is the log of the first run. The second appeared to be clean (I can post it as well if you like).

Thanks for your continued help,
-Nereth

 

[Jay Pfoutz]

You're welcome...next scan...

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Copy the code below in the quotebox, go back to OTL and paste it in the Custom Scans/Fixes box:
  
  

  DRIVES
  SHOWHIDDEN
  msconfig
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %systemroot%\system32\sysprep
  c:\*.xpi /s /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  ipnathlp.dll
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop

• Click the Run Scan button. The scan will not take long.
  • When the scan completes, it usually opens two notepad windows. OTL.Txt (Displayed on screen) and Extras.Txt (minimized). These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of OTL.txt and paste it to your next reply. I will let you know if I need the Extras.txt.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr


I'll be back tomorrow sometime. I'm out of the office for the remainder of the day.

 

[Nereth]

Done it - I accidentally had a text file with that custom scan stuff open during half of the scan (closed it when I remembered you wanted all windows closed), and nod32 popped up saying it found ramnit as well during the scan. Not sure if this effects the scan results or not. Let me know if you want it scanned again.

In any case, the OTL.txt is 136Kb so I will have to split it across 3 replies.

Looking forward to your help next time you are in your office Hopefully we can get my computer functional outside of safe mode again eventually!

Regards,
Nereth

OTL.txt Part 1:

OTL logfile created on: 4/11/2012 2:44:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Ahmad\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.96 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 75.00% Memory free
15.91 Gb Paging File | 13.78 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 31.30 Gb Free Space | 28.03% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 583.68 Gb Free Space | 62.66% Space Free | Partition Type: NTFS

Computer Name: AHMAD-WORK | User Name: Ahmad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/04 02:40:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
PRC - [2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Local\Temp\qouecsjc.exe
PRC - [2012/10/25 12:37:15 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/18 18:45:04 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/16 08:20:00 | 001,258,344 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/06/15 16:46:36 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/06/11 11:57:30 | 000,679,424 | -HS- | M] () -- d:\Program Files (x86)\Pingzapper\PZService.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012/01/05 03:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/09/27 11:53:04 | 001,855,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Local\Temp\qouecsjc.exe
MOD - [2012/10/25 12:37:14 | 020,317,008 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/25 12:37:12 | 001,099,616 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/10/25 12:37:12 | 000,902,480 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/10/25 12:37:12 | 000,190,816 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/25 12:37:12 | 000,123,232 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/04 13:52:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/07/04 13:52:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/07/04 13:52:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\70fa575573e3622876afd9f530909289\IAStorCommon.ni.dll
MOD - [2012/07/04 13:52:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/04 13:52:40 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e848795e832377c95afb598ec1bfcb7d\IAStorUtil.ni.dll
MOD - [2012/07/04 13:52:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/04 13:52:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/04 13:52:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/04 13:52:28 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/04 13:52:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/10 16:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/02 12:15:24 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/09/27 04:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2011/08/17 20:04:36 | 000,109,624 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/02 21:45:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/25 12:37:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/09 20:39:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/02 12:12:57 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/02 12:12:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/06/16 08:20:00 | 001,258,344 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/15 16:46:36 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/11 11:57:30 | 000,679,424 | -HS- | M] () [Auto | Running] -- d:\Program Files (x86)\Pingzapper\PZService.exe -- (PingzapperSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/16 03:54:13 | 004,295,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/01/05 23:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/02 00:28:04 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/06/22 12:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 14:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 03:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 03:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 03:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/29 17:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/03/30 22:27:42 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/03/17 23:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 67 16 78 97 B3 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: info@youtube-mp3.org:1.0.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/08/30 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 21:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/30 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 21:45:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/01 22:35:04 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Extensions
[2012/10/23 20:22:30 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions
[2012/07/02 14:46:34 | 000,000,000 | ---D | M] (Image Zoom) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/09/26 16:21:03 | 000,006,796 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\info@youtube-mp3.org.xpi
[2011/10/30 14:04:02 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/28 22:18:37 | 000,685,019 | ---- | M] () (No name found) -- d:\Users\Ahmad\AppData\Roaming\Mozilla\Firefox\Profiles\uot65xz2.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/11/02 21:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 21:45:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/02 21:45:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/02 21:45:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/02 16:42:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [YjwJwqhv] d:\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe ()
O4 - Startup: d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700BA019-042B-40AC-A34E-ED48B320EFC3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[Nereth]

OTL.txt Part 2

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {33D8CD4B-1E5E-12F3-4660-A5FE06230BD4} - Internet Explorer
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {6FB93458-1DBC-82F0-A942-1E780D04D14B} - Browser Customizations
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A67C2E6C-14B8-F04E-C142-E49A81D5822F} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E2F7C6E6-37BD-E5EA-F0B1-9FBA283D313C} - Microsoft Windows Media Player 12.0
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 02:40:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
[2012/11/04 01:59:28 | 004,996,578 | ---- | C] (Swearware) -- d:\Users\Ahmad\Desktop\ComboFix.exe
[2012/11/03 01:51:52 | 004,731,392 | ---- | C] (AVAST Software) -- d:\Users\Ahmad\Desktop\aswMBR.exe
[2012/11/03 01:45:22 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/03 01:45:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/11/03 01:45:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/11/03 01:45:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/11/03 01:45:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/03 01:45:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/11/03 01:45:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/03 01:45:22 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/03 01:45:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/03 01:45:22 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/03 01:45:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/03 01:45:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/11/03 01:45:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/11/03 01:45:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/11/03 01:45:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/11/03 01:44:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/11/03 01:44:10 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/11/03 01:44:10 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/11/03 01:39:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/03 01:38:27 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- d:\Users\Ahmad\Desktop\tdsskiller.exe
[2012/11/02 21:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/02 16:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/02 16:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/02 16:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/02 16:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/02 16:37:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/02 14:45:40 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\cleaning
[2012/11/02 11:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/02 11:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/02 11:05:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/02 11:04:41 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- d:\Users\Ahmad\Desktop\mbam.exe
[2012/11/02 11:02:19 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- d:\Users\Ahmad\Desktop\rkill.com
[2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/11/02 02:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/02 02:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/11/02 01:25:00 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\qdfwmqxf
[2012/10/23 16:16:44 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\CAD t2 (AHMAD-PC)
[2012/10/23 16:15:48 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\Predator V12 (AHMAD-PC)
[2012/10/23 14:45:58 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\fraps vids
[2012/10/21 12:52:56 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012/10/21 12:01:44 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Sony Creative Software Inc
[2012/10/19 23:38:11 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\StreamPrivacy
[2012/10/19 02:56:45 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\FFsplit
[2012/10/18 18:37:48 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Publish Providers
[2012/10/18 18:22:48 | 000,000,000 | ---D | C] -- d:\ProgramData\Sony
[2012/10/18 18:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/10/18 18:18:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/18 17:46:26 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\Sony
[2012/10/18 17:42:37 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Sony
[2012/10/18 12:15:54 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\WOW Vids
[2012/10/17 01:40:59 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\compressed vids
[2012/10/16 15:11:52 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Roaming\Blender Foundation
[2012/10/16 15:11:31 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\.thumbnails
[2012/10/09 23:33:38 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\Desktop\skype xfer 1
[2 d:\Users\Ahmad\Desktop\*.tmp files -> d:\Users\Ahmad\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/04 02:44:33 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 02:44:33 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 02:42:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 02:42:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 02:42:11 | 2112,511,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 02:40:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Ahmad\Desktop\OTL.exe
[2012/11/04 02:27:22 | 000,874,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 02:27:22 | 000,732,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 02:27:22 | 000,150,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 02:00:26 | 000,540,977 | ---- | M] () -- d:\Users\Ahmad\Desktop\adwcleaner.exe
[2012/11/04 02:00:18 | 004,996,578 | ---- | M] (Swearware) -- d:\Users\Ahmad\Desktop\ComboFix.exe
[2012/11/03 01:52:20 | 004,731,392 | ---- | M] (AVAST Software) -- d:\Users\Ahmad\Desktop\aswMBR.exe
[2012/11/03 01:51:08 | 000,098,290 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_03.11.2012_01.42.26_log.zip
[2012/11/03 01:38:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- d:\Users\Ahmad\Desktop\tdsskiller.exe
[2012/11/02 16:42:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/02 15:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 15:27:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 14:42:45 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/02 11:04:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- d:\Users\Ahmad\Desktop\mbam.exe
[2012/11/02 11:02:45 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- d:\Users\Ahmad\Desktop\rkill.com
[2012/11/02 02:44:01 | 000,002,114 | ---- | M] () -- d:\Users\Ahmad\Desktop\SpyHunter.lnk
[2012/11/02 01:25:00 | 000,101,192 | --S- | M] () -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
[2012/10/29 12:51:28 | 000,000,000 | ---- | M] () -- d:\Users\Ahmad\AppData\Local\Temptable.xml
[2012/10/21 16:29:18 | 000,012,688 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg
[2012/10/21 16:15:41 | 031,790,964 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.mp4
[2012/10/21 16:08:41 | 000,011,352 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg.bak
[2012/10/21 15:58:21 | 176,245,035 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.mp4
[2012/10/21 15:51:42 | 000,146,616 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg
[2012/10/21 15:49:03 | 000,146,616 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg.bak
[2012/10/21 13:41:40 | 000,519,296 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4.sfk
[2012/10/21 13:31:01 | 176,506,215 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4
[2012/10/21 12:52:56 | 000,001,005 | ---- | M] () -- d:\Users\Ahmad\Desktop\Format Factory.lnk
[2012/10/21 12:23:00 | 131,624,551 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2.mp4
[2012/10/21 12:11:42 | 000,011,352 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC E2.veg
[2012/10/18 20:55:38 | 250,360,276 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC S1.mp4
[2012/10/18 20:44:12 | 000,017,704 | ---- | M] () -- d:\Users\Ahmad\Documents\DWC S1.veg
[2012/10/18 18:37:34 | 000,002,436 | ---- | M] () -- d:\Users\Ahmad\Documents\Register Vegas Pro.htm
[2012/10/16 15:06:13 | 037,666,703 | ---- | M] () -- d:\Users\Ahmad\Desktop\blender-2.64a-release-windows64.exe
[2012/10/15 16:02:07 | 022,937,177 | ---- | M] () -- d:\Users\Ahmad\Desktop\My Movie.mp4
[2012/10/09 20:39:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 20:39:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/09 12:14:52 | 000,012,945 | ---- | M] () -- d:\Users\Ahmad\donate1.png
[2012/10/09 12:14:51 | 000,011,119 | ---- | M] () -- d:\Users\Ahmad\donate03.png
[2 d:\Users\Ahmad\Desktop\*.tmp files -> d:\Users\Ahmad\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/04 02:00:26 | 000,540,977 | ---- | C] () -- d:\Users\Ahmad\Desktop\adwcleaner.exe
[2012/11/03 01:51:08 | 000,098,290 | ---- | C] () -- C:\TDSSKiller.2.8.15.0_03.11.2012_01.42.26_log.zip
[2012/11/02 16:39:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/02 16:39:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/02 16:39:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/02 16:39:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/02 16:39:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/02 11:28:42 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/02 02:44:02 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2012/11/02 02:44:01 | 000,002,114 | ---- | C] () -- d:\Users\Ahmad\Desktop\SpyHunter.lnk
[2012/11/02 01:25:00 | 000,101,192 | --S- | C] () -- d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe
[2012/10/28 17:09:33 | 000,000,000 | ---- | C] () -- d:\Users\Ahmad\AppData\Local\Temptable.xml
[2012/10/21 16:15:08 | 031,790,964 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.mp4
[2012/10/21 16:08:41 | 000,012,688 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg
[2012/10/21 16:08:41 | 000,011,352 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P2.veg.bak
[2012/10/21 13:41:27 | 000,519,296 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4.sfk
[2012/10/21 13:28:06 | 176,506,215 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1 v2mp4.mp4
[2012/10/21 13:20:06 | 176,245,035 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.mp4
[2012/10/21 13:09:52 | 000,146,616 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg.bak
[2012/10/21 13:09:52 | 000,146,616 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2 P1.veg
[2012/10/21 12:52:56 | 000,001,005 | ---- | C] () -- d:\Users\Ahmad\Desktop\Format Factory.lnk
[2012/10/21 12:20:22 | 131,624,551 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2.mp4
[2012/10/21 12:11:42 | 000,011,352 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC E2.veg
[2012/10/18 20:51:58 | 250,360,276 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC S1.mp4
[2012/10/18 20:44:12 | 000,017,704 | ---- | C] () -- d:\Users\Ahmad\Documents\DWC S1.veg
[2012/10/18 18:15:27 | 000,002,436 | ---- | C] () -- d:\Users\Ahmad\Documents\Register Vegas Pro.htm
[2012/10/16 15:05:36 | 037,666,703 | ---- | C] () -- d:\Users\Ahmad\Desktop\blender-2.64a-release-windows64.exe
[2012/10/15 16:01:42 | 022,937,177 | ---- | C] () -- d:\Users\Ahmad\Desktop\My Movie.mp4
[2012/10/09 12:14:40 | 000,012,945 | ---- | C] () -- d:\Users\Ahmad\donate1.png
[2012/10/09 12:14:40 | 000,011,119 | ---- | C] () -- d:\Users\Ahmad\donate03.png
[2012/09/26 03:24:51 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/26 03:24:51 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/07/30 22:43:20 | 006,996,125 | ---- | C] () -- d:\Users\Ahmad\DSC_6092.jpg
[2012/07/30 22:43:20 | 003,993,320 | ---- | C] () -- d:\Users\Ahmad\DSC_6091.jpg
[2012/07/29 21:09:50 | 000,149,811 | ---- | C] () -- d:\Users\Ahmad\IMG_2644.jpg
[2012/07/29 21:09:50 | 000,135,680 | ---- | C] () -- d:\Users\Ahmad\IMG_2643.jpg
[2012/07/29 21:09:50 | 000,094,974 | ---- | C] () -- d:\Users\Ahmad\IMG_2645.jpg
[2012/07/28 20:24:10 | 001,908,717 | ---- | C] () -- d:\Users\Ahmad\scan-side1.jpg
[2012/07/28 20:24:10 | 001,880,979 | ---- | C] () -- d:\Users\Ahmad\Scan-side2.jpg
[2012/07/26 19:00:57 | 182,213,604 | ---- | C] () -- d:\Users\Ahmad\TV-003141.rar
[2012/07/26 19:00:57 | 182,212,858 | ---- | C] () -- d:\Users\Ahmad\TV-003138.rar
[2012/07/26 19:00:57 | 182,174,078 | ---- | C] () -- d:\Users\Ahmad\TV-003139.rar
[2012/07/26 19:00:57 | 182,172,719 | ---- | C] () -- d:\Users\Ahmad\TV-003132.rar
[2012/07/26 19:00:57 | 182,163,364 | ---- | C] () -- d:\Users\Ahmad\TV-003144.rar
[2012/07/26 19:00:57 | 182,111,756 | ---- | C] () -- d:\Users\Ahmad\TV-003135.rar
[2012/07/26 19:00:57 | 182,097,290 | ---- | C] () -- d:\Users\Ahmad\TV-003142.rar
[2012/07/26 19:00:57 | 182,092,492 | ---- | C] () -- d:\Users\Ahmad\TV-003136.rar
[2012/07/26 19:00:57 | 182,051,558 | ---- | C] () -- d:\Users\Ahmad\TV-003137.rar
[2012/07/26 19:00:57 | 182,029,046 | ---- | C] () -- d:\Users\Ahmad\TV-003143.rar
[2012/07/26 19:00:57 | 181,959,805 | ---- | C] () -- d:\Users\Ahmad\TV-003145.rar
[2012/07/26 19:00:57 | 181,931,299 | ---- | C] () -- d:\Users\Ahmad\TV-003134.rar
[2012/07/26 19:00:57 | 181,861,484 | ---- | C] () -- d:\Users\Ahmad\TV-003131.rar
[2012/07/26 19:00:57 | 181,838,518 | ---- | C] () -- d:\Users\Ahmad\TV-003140.rar
[2012/07/26 19:00:57 | 181,810,899 | ---- | C] () -- d:\Users\Ahmad\TV-003133.rar
[2012/07/22 20:58:25 | 000,000,083 | ---- | C] () -- d:\Users\Ahmad\mercurial.ini
[2012/07/22 02:06:58 | 000,004,165 | ---- | C] () -- d:\Users\Ahmad\AppData\Roaming\LTspiceIV.ini
[2012/07/18 19:01:17 | 000,007,605 | ---- | C] () -- d:\Users\Ahmad\AppData\Local\Resmon.ResmonCfg
[2012/07/04 02:24:33 | 000,000,734 | ---- | C] () -- d:\Users\Ahmad\AppData\Roaming\DriveCalculator Preferences
[2012/07/03 15:24:21 | 000,000,122 | ---- | C] () -- C:\Windows\solvermfc.INI
[2012/07/03 01:32:44 | 000,879,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/02 13:54:13 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/02 12:18:12 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/07/01 15:01:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/07/01 15:00:55 | 000,040,304 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/15 16:46:44 | 000,426,344 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/19 15:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 15:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

[Nereth]

OTL.txt Part 3

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SPCC SSD110
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EALX-009BA0
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0

[2012/09/06 18:44:46 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/01 18:31:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/07/02 20:01:07 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 12:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2012/07/01 23:09:48 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache

< %systemroot%\system32\sysprep >

< c:\*.xpi /s /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %appdata%\*.* >
[2012/07/04 02:24:33 | 000,000,734 | ---- | M] () -- d:\Users\Ahmad\AppData\Roaming\DriveCalculator Preferences
[2012/08/15 21:45:48 | 000,004,165 | ---- | M] () -- d:\Users\Ahmad\AppData\Roaming\LTspiceIV.ini

< MD5 for: AFD.SYS >
[2011/12/28 11:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 12:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2009/07/14 07:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 12:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 17:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/12/28 11:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/28 11:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 14:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 14:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 14:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 14:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 14:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/14 09:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/14 09:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 21:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2011/02/25 14:33:28 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=2BAFD52623B3DF4133051F6FB7D3D844 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.20909_none_728fcff92e9f18d5\volsnap.sys
[2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
[2011/02/25 14:28:30 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\SysNative\drivers\volsnap.sys
[2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_172b2b408bc1849e\volsnap.sys
[2011/02/25 14:36:10 | 000,295,296 | ---- | M] (Microsoft Corporation) MD5=C9D0EAF58D6BA71E128E715EA43AD87D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16767_none_71c3512c15b3f0dc\volsnap.sys
[2011/02/25 14:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 15:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  O4 - HKCU..\Run: [YjwJwqhv] d:\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe ()
  O4 - Startup: d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe ()
  [2012/11/02 01:25:00 | 000,000,000 | ---D | C] -- d:\Users\Ahmad\AppData\Local\qdfwmqxf
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Also, let me know if Normal Mode is accessible.

 

[Nereth]

You're amazing =D

The symptoms, at least, are gone in normal mode - this includes both the windows command processor popup and the inability to run most programs.

In terms of the scan, it only took about 10s to run - short enough that I didn't have too much time to pay attention, but I'm not sure if it actually ended up hiding my desktop and start menu?

Here is the log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YjwJwqhv deleted successfully.
d:\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe moved successfully.
File move failed. d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe scheduled to be moved on reboot.
d:\Users\Ahmad\AppData\Local\qdfwmqxf folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
d:\Users\Ahmad\Desktop\cmd.bat deleted successfully.
d:\Users\Ahmad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ahmad
->Temp folder emptied: 122244274 bytes
->Temporary Internet Files folder emptied: 11276897 bytes
->Java cache emptied: 3540010 bytes
->FireFox cache emptied: 66715223 bytes
->Opera cache emptied: 5795453 bytes
->Flash cache emptied: 82772 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1126326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46421832 bytes
RecycleBin emptied: 734028743 bytes

Total Files Cleaned = 946.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11052012_110944

Files\Folders moved on Reboot...
d:\Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe moved successfully.
d:\Users\Ahmad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Awaiting further instruction =D

Many thanks,
Nereth

 

[Jay Pfoutz]

Right on!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

If it all appears to be good after that, we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
  
  Caution: Only use the Registry feature if you are very familiar with the registry.
  Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
  
  Security Check
  
  Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Nereth]

Hi,

Bad news from the Eset scan Some 500 odd infections of various versions of Ramnit. As I understand it, the number of infections indicate that this isn't a false positive, and Ramnit is kind of a 'give up and reformat' virus, but I will wait to hear from you first.

I didn't proceed with the rest of the steps since if there *is* something we can do I suspect we will need these programs again?

Log needs to be split into two parts, here is the first:

C:\Games\StarCraft II\Support\ErrorReporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\StarCraft II\Support\fmodex_4_28_08.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\StarCraft II\Support\fmodex_4_28_09.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\StarCraft II\Support\icuin44.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\StarCraft II\Support\icuuc44.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\StarCraft II\Support\RzAPM.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Games\World of Warcraft\DivxDecoder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
C:\Qoobox\Quarantine\d\Users\Ahmad\AmazingTit****.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
C:\Qoobox\Quarantine\d\Users\Ahmad\BoyTreats.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
C:\Qoobox\Quarantine\d\Users\Ahmad\BustyShemale.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
C:\Qoobox\Quarantine\d\Users\Ahmad\LittleBitch.scr.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
C:\Qoobox\Quarantine\d\Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe.vir a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
D:\Fraps\frapslcd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\3.3.5\DivxDecoder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\3.3.5\ijl15.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\avcodec-54.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\avdevice-53.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\avfilter-2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\avformat-54.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\avutil-51.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\Awesomium.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\DumpTruck.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\FirefallClient.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\hwstats.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\HWStats.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\libx264-124.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\postproc-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\swresample-0.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\twitch.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\unzip32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\system\bin\Microsoft.VC90.CRT\msvcm90.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\Firefall\Firefall\uninstall\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\ALAudio.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\avcodec-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\avformat-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\avutil-50.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\bdcap32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\beecrypt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\D3DDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\DefOpenAL32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\DSETUP.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\encvag.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\Fire.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\fmodex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\IFC23.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\IpDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\msxml4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\npkpdb.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\NSplash.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\ogg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\vcomp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\vorbis.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\vorbisfile.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\Window.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\WinDrv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2\System\wrap_oal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2 launcher\7z.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2 launcher\PMBWrapperLib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2 launcher\UnRar.Net.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Games\L2 launcher\XDelta.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files\TortoiseHg\Pageant.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files\WinRAR\RarExt32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files\WinRAR\Formats\ace32loader.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Alcohol Soft\Alcohol 120\MSIMG32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Alcohol Soft\Alcohol 120\pfctoc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Alcohol Soft\Alcohol 120\Plugins\Helper\LiteZip.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\ANSOF100.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\an_3dpattern.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\an_polar.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\an_smith.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\an_xychart.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\borlndmm.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\cc3250mt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\liblinsolver_mcr\toolbox\stateflow\stateflow\sf.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\AN-SOF100 v2.7\MCR\Setup.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FFsplit\ffmpeg.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\BCGCBPRO1800u100.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFInst.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\MediaInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\ShellEx_101.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\avdevice-52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\drvc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\FFMpeg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\js32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\libebml.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\mkvmerge.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\mp4box.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\PicConvert.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\postproc-51.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMEncoder.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\timidity.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\wavpack.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\dshownative.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\pthreadGC2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\aslcodec_dshow.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\CLRVIDDC.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\clrviddd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\CtWbJpg.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\icmw_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ir41_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ir50_32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\ivvideo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\LCMW2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\LCODCCMW2E.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\lsvxdec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\m3jp2k32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\qpeg32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\qtmlClient.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\rt32dcmp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\tvqdec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vmnc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp4vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp5vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp6vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vp7vfw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264core.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vssh264dec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vsshdsd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\vsswlt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\codecs\wms10dmod.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\mplayer\unrar.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffmpeg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_kernelDeint.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_liba52.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libdts.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libfaad2.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_libmad.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_samplerate.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_unrar.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ff_wmv9.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\TomsMoComp_ff.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avs.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\avss.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\dxr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mkx.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mkzlib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\mp4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\ogm.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\Haali\ts.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\helixprodctrl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\msvcp71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\pncrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\codecs\erv3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\codecs\erv4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\common\rembrdcst.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\dnet3260.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\drvc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv10.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv20.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv30.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\decodecs\rv40.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\plugins\rmwrtr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\plugins\smplfsys.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiodelaycomp.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiofmtconverter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiolimiter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiolosslesscodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audiometer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\audioresampler.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\avireader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\capture.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\dsreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\encsession.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\eventpack.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\log.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\logobserverfile.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\mediasink.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\movreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\mpeg4audiopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\packetsource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\qtreader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rbsbroadcast.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmmerge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmsessionformat.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmtools.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rmwriter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnaudiocodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnaudiopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnvideocodec.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\rnvideopacketizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videocolorconverter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videodupframedropper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videolumaadj.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videonoisefilter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videoprogressive.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMCodecs\tools\videoresizer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\LTC\LTspiceIV\moveexe.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\LTC\LTspiceIV\scad3.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\LTC\LTspiceIV\unlink.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\MCRCustomActions.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\bridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\comcli.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\compiler.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\ctfarchiver.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dfdlg100.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dformd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\dforrt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\DXEnumerator.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\hdf5.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\hg.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\icuin24.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\icuuc24.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\JavaAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\JAWTAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\jmi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libguide40.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwcli.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwlapack.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libmwservices.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\libut.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mclmcr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mcr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_def.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mkl_p4p.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mlautoregister.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\MMCodecChooser.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\MMUtils.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mpath.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mwoles05.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\mwregsvr.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\m_dispatcher.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\nativejava.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\PreviewWindow.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\rxtxSerial.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\udd.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\uiw.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\VideoDeviceChooser.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\VideoFormatInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\WindowsAccessBridge.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\bin\win32\xerces-c_2_1_0.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mclcom71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mclmcrrt71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mfc71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\msvcp71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\msvcr71.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mwcommgr.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\mwcomutil.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\runtime\win32\PrintImage.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\java\jre\win32\jre1.4.2_04\javaws\JavaWebStart.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\java\jre\win32\jre1.4.2_04\javaws\javawspl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\perlcore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\PerlCRT.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\perlez.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\bin\PerlSE.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\attrs\attrs.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\B\B.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Data\Dumper\Dumper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Fcntl\Fcntl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\IO\IO.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Opcode\Opcode.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\POSIX\POSIX.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\SDBM_File\SDBM_File.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\lib\auto\Socket\Socket.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Compress\Zlib\Zlib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\DBD\mysql\mysql.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\DBI\DBI.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\MIME\Base64\Base64.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Storable\Storable.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Win32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\AdminMisc\AdminMisc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\API\API.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\ChangeNotify\ChangeNotify.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Clipboard\Clipboard.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Console\Console.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Event\Event.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\File\File.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\FileSecurity\FileSecurity.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Internet\Internet.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\IPC\IPC.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Mutex\Mutex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\NetAdmin\NetAdmin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\NetResource\NetResource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\ODBC\ODBC.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\OLE\OLE.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\PerfLib\PerfLib.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Pipe\Pipe.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Process\Process.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Registry\Registry.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Semaphore\Semaphore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Service\Service.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Setupsup\Setupsup.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Shortcut\Shortcut.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\Sound\Sound.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32\WinError\WinError.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32API\Net\Net.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\Win32API\Registry\Registry.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\auto\XML\Parser\Expat\Expat.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\sys\perl\win32\site\lib\XML\Parser\Expat\bin\xmlparse.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\winaudioplayer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\winaudiorecorder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\@avifile\private\avi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MatlabDataSink.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MatlabDataSource.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\MMCodecChooserMex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\VideoDeviceChooserMex.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\private\WinMMFileInfo.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\src\AudioPlayer\Release\winaudioplayer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\audiovideo\src\AudioRecorder\Release\winaudiorecorder.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\imagesci\private\rtifc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\imagesci\private\wtifc.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\iofun\memgetbyte.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\iofun\memmap.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\verctrl\verctrl.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\winfun\ddeadv.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\MathWorks\MATLAB Component Runtime\v71\toolbox\matlab\winfun\ddeunadv.dll a variant of Win32/Ramnit.AM virus deleted - quarantine

 

[Nereth]

Second half of ESET log

D:\Program Files (x86)\Pingzapper\Engine\libeay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Pingzapper\Engine\putty_pz.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Pingzapper\Libs\libcef.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Pingzapper\Libs\libeay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Pingzapper\Libs\ssleay32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\ApexFramework_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Clothing_Legacy_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Clothing_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Destructible_Legacy_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\APEX_Destructible_x86.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\binkw32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\cudart32_41_22.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\EasyHook32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\fbxsdk_20113_1.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\fbxsdk_20113_1d.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Microsoft.Xna.Framework.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\nvtt.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\NxCharacter.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXCooking.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXCore.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXDevice.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXExtensions.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\PhysXLoader.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\SteamWrapper.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\3dnow\libmemcpy3dn_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_attachment_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_ftp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_rar_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_smb_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_tcp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_udp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libcdda_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdtv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libidummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\librtp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libscreen_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libsdp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvcd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfixed32_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_file_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libkate_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libquicktime_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libstl_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libt140_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libx264_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libdummy_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libgestures_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\libntservice_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libau_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libgme_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libh264_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libimage_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\liblive555_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmod_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libps_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libpva_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libreal_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libts_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libty_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Recorded games\sZxJvjf a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
D:\Users\Ahmad\AppData\Local\assembly\dl3\XMTRMJK9.D5Z\8NQ0RJAO.OXJ\ad6ebae5\005ad78d_04cfca01\UnRar.Net.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\AppData\Local\assembly\dl3\XMTRMJK9.D5Z\8NQ0RJAO.OXJ\ad6ebae5\17f3fba9_1c8ccd01\UnRar.Net.DLL a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\AppData\LocalLow\Sun\Java\jre1.7.0_05\lzma.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Desktop\ISOs\Altium.Designer.v10.0.iSO-HS\Altium\7za.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Desktop\ISOs\Altium.Designer.v10.0.iSO-HS\Altium\Private License Server Setup\Setup\Setup.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelEventLog.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelReviewer.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Desktop\ISOs\SW2010_SP0.0\SolidSQUAD\eDrawings\EModelView.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Downloads\LTspiceIV.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Ahmad\Downloads\RogueKiller.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\odeditor.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\AccessibleMarshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\crashreporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\freebl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\IA2Marshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\javaxpcomglue.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\js3250.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\mozcrt19.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nspr4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nss3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssckbi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssdbm3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\nssutil3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plc4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plds4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\smime3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\softokn3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\sqlite3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\ssl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\updater.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpcom.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpcshell.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpidl.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpt_dump.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xpt_link.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xul.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xulrunner-stub.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\xulrunner.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform\services\platform\canopen\tools\configurator\xulrunner\plugins\npnul32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\odeditor.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\AccessibleMarshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\crashreporter.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\freebl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\IA2Marshal.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\javaxpcomglue.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\js3250.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\mozcrt19.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nspr4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nss3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssckbi.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssdbm3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\nssutil3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plc4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plds4.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\smime3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\softokn3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\sqlite3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\ssl3.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\updater.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpcom.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpcshell.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpidl.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpt_dump.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xpt_link.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xul.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xulrunner-stub.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\xulrunner.exe a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\Users\Public\Documents\Altium\AD 10\Library\Software Platform S09\services\platform\canopen\tools\configurator\xulrunner\plugins\npnul32.dll a variant of Win32/Ramnit.AM virus deleted - quarantined
D:\_OTL\MovedFiles\11052012_110944\d_Users\Ahmad\AppData\Local\qdfwmqxf\yjwjwqhv.exe a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined
D:\_OTL\MovedFiles\11052012_110944\d_Users\Ahmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yjwjwqhv.exe a variant of Win32/Ramnit.AP.Gen virus deleted - quarantined

 

[Jay Pfoutz]

Win32/Ramnit is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
• What Should I Do If I've Become A Victim Of Identity Theft?
• Identity Theft Victims Guide - What to do

Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Help: I Got Hacked. Now What Do I Do? Part II
• Where to draw the line? When to recommend a format and reinstall?

Guides for format and reinstall:

http://www.helpmyos.com/tutorials-s...-your-operating-system-the-easy-way-t1307.htm

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

 

[Nereth]

Hi there,

So I guess I will take your advice and reformat - and this time make sure I actually have running antivirus software at all times.

However, I am a bit confused. The wording of your post indicates that I only need to reinstall the OS, rather than just reformat the entire hard drive. Is this actually the case? Would the virus not survive in the non-OS-related files? This will really be quite quick and painless if I can save my programs I think, but I'm not sure that is the case.

Assuming that I do have to do a full reformat and lose everything, there are various files, and some programs, which I would really hate to lose. How can I accurately test for the presence of the virus, and safely transfer them to the new install if they are clean?

Also I am worried that it might have gone onto my android device when I used it as USB storage a week or two ago (And the USB stick I used just two days ago D. Is there a way to check this and possibly clean these devices?

Thanks for your time,
Nereth

 

[Jay Pfoutz]

Sorry, you cannot save the programs. No files are salvageable sadly.

The only thing we can do is to continue to scan the system with three different scans that can disinfect it all, you'd have to test the files you'd like to keep and see if they still open. If not, they're damaged beyond repair.

I doubt it gone on to the Android device. Find a free antivirus for Android on the App Store, and scan to see for sure.

 

[Nereth]

Ok then, well if I can choose between having a bunch of infected files and having a bunch of broken files on my computer, I will definitely choose broken files, since that way it is both obvious what needs replacing, and not likely to ruin the new install if I mess up.

So definitely my choice is to "kill it with fire" so to speak, and see what survives afterwards

Lead on, and let us crush this virus!

=D

By the way, can you tell me what file types are generally at risk? I read somewhere that even .TXTs and .DOCs are potential risks, I need to be careful of corrupting those if that is the case, it would be worth my time to print or copy and paste some of them out first or something since there is some important work that could be lost otherwise.

Thanks for your help,
-Nereth

 

[Jay Pfoutz]

All file types.

Once the file is infected, it gets damaged, and may be impossible to access...

Here is the scan list:


Norman Malware Cleaner

Please download Norman Malware Cleaner and save to your desktop.
alternate download link

• Double-click on Norman_Malware_Cleaner.exe to start the program.
• Read the End User License Agreement and click the Accept button to open the scanning window.
• Click Start Scan to begin.
• In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
• After the scan has finished, a log file with the date (I.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
• Once it has installed, review and accept the agreement and press the Start button.
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
• Once you exit, the tool should uninstall automatically.

Panda ActiveScan

Please run Panda ActiveScan online scan.

• Choose Quick Scan then click the big green Scan now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Once the scan is completed, please hit the notepad icon next to the text Export to:
• Save it to a convenient location such as your Desktop
• Post the contents of the ActiveScan.txt in your next reply

 

[Nereth]

I'm going to have to sleep (Australia!) before I can go through with that, but I will just ask one more question before I do so I can be clear on what will be happening when I get to this tomorrow:

If a file is going to be inaccessible due to the virus, is it going to be inaccessible even before the AV processes above? Or is it the scanning/curing process that can break them? Judging by what ESETs scan did (deleted infected .DLLs etc and therefore broke some programs), I can understand that a lot of programs will break, but what about documents? Could an otherwise accessible document become broken or deleted after we go through with these fixes? If so I should go through and try to salvage them first before doing this as I don't know if they will come out corrupted, if not, I can just wait and see.

 

[Jay Pfoutz]

It will be inaccessible before and/or after the AV processes - Just depends.

Sometimes the virus breaks them, sometimes the removal tools break them - Just depends.

Programs will probably continue breaking. Programs are nontransferable anyway, unless they're portable versions (most aren't).

 

[Nereth]

Hi there,

Sorry to keep asking these questions - if that's the case, I read somewhere a while ago while researching this stuff that there was a way to make a USB flash disk safe for use with this virus, despite the fact that they are usually an infection vector for it. Something like cleaning the flash disk, and then putting some kind of file into it that would prevent the virus from transferring itself on. I'm not sure if I misunderstood this or not, but if this is possible, would you be able to help me do this?

Best regards,
Nereth