[El Jimben]

Hello Geekstogo,

It's been many years since I've visited your site but I'm afraid I'm in need of your help again! I turned on my PC today to find that I've been infected with with the Syswow64 virus/trojan AVG detected it, tried to remove it but after a restart it picks it up again. I have been trying removing it manually by deleting selected files and registry keys but I can't find the ones in question so I'm you can help me as I found that you've sorted out this problem before (http://www.geekstogo...syswow64-virus/) but I didn't want to jump in at the deep end incase I messed something up!

Thanks

[Advertisements]

Hello El Jimben and welcome to GeeksToGo

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.

[WhiteHat]

Hello El Jimben and welcome to GeeksToGo

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.

[WhiteHat]

Hi El Jimben

# Step 1 #

Please, could you tell me which files AVG is identify as a Virus? You can find this information on the own quarantine of the AVG

# Step 2 #

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• In Extra Registry, select Use SafeList
• Under the Custom Scan box paste this in
  netsvcs
  msconfig
  drives
  %SYSTEMDRIVE%\*.*
  %systemdrive%\drivers\*.exe
  %systemroot%\system32\drivers\*.* /90
  %PROGRAMFILES%\*.*
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U /s
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 3 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[El Jimben]

Hi GLeobas,

The AVG Virus Vault shows the virus name as IDP.Generic.B75CC275 and the file paths if they help were:

C:\users\jim\appdata\local\yqmpkgov\hwecxgxm.exe

and

C:\users\jim\appdata\roaming\microsoft\windows\start menu\programs\startup\hwecxgxm.exe

I just ran another scan and some other warnings came up, some of them look like false results as they were in Punkbuster, AVG secure search, Spotify and a few other places but ones that did look a bit suspect were these 2:

"";"C:\Documents and Settings\Jim\AppData\Local\MossySkySA\bin\2.0.15.0\MossySkySACB.exe";"Adware Generic5.AEQ";"Moved to Virus Vault"

"";"C:\Documents and Settings\Jim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7caa671f-35edad89";"Trojan horse SHeur4.VRX";"Moved to Virus Vault"


I have tried running OTL several times but it just seems to hang at the 'manual file scan' stage. A dialogue box appears saying 'out of memory' but this is due to the virus I think as I have 5GB of RAM free! Is there another program that I can use instead?

Here is the log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 13:14:39
-----------------------------
13:14:39.495 OS Version: Windows x64 6.1.7601 Service Pack 1
13:14:39.495 Number of processors: 4 586 0x170A
13:14:39.495 ComputerName: PC UserName:
13:14:40.103 Initialize success
13:14:43.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:14:43.371 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
13:14:43.371 Disk 0 MBR read successfully
13:14:43.386 Disk 0 MBR scan
13:14:43.386 Disk 0 Windows 7 default MBR code
13:14:43.386 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 65116 MB offset 8
13:14:43.386 Disk 0 Partition - 00 0F Extended LBA 888753 MB offset 133358044
13:14:43.402 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 467985 MB offset 133358048
13:14:43.402 Disk 0 Partition - 00 05 Extended 420768 MB offset 1091791948
13:14:43.417 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 420768 MB offset 1091791952
13:14:43.433 Disk 0 scanning C:\windows\system32\drivers
13:14:49.205 Service scanning
13:15:00.687 Modules scanning
13:15:00.687 Disk 0 trace - called modules:
13:15:00.702 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:15:00.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b6d060]
13:15:00.718 3 CLASSPNP.SYS[fffff8800179d43f] -> nt!IofCallDriver -> [0xfffffa800782a520]
13:15:00.718 5 ACPI.sys[fffff88000f7b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074ce060]
13:15:00.718 Scan finished successfully
13:15:14.929 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
13:15:14.929 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

Thanks

[WhiteHat]

# Step 1 #

Go to Start > Control Panel > Programs > Java.

It will be open an Window with a few tabs.

In the General tab, click on the Settings button
On the next screen, select Delete Files e confirm.

# Step 2 #

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

[El Jimben]

I have followed the steps as above though just before Combofix was restarting my PC I had a pop-up from AVG thinking it was a threat (even though I turned it off?) so I just clicked allow and it seemed to complete the process ok. My computer does now seem more responsive, some of the quick launch icons have come back & the applications will now launch instead of me getting an error message like before. As far as I can tell though I still can't re-enable UAC.

Here is the Combofix log:

ComboFix 12-03-28.02 - Jim 28/03/2012 19:20:21.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8191.6051 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jim\AppData\Local\bxohhgpa.log
c:\users\Jim\AppData\Local\ebkskfmf.log
c:\users\Jim\AppData\Local\ixhtvfdl.log
c:\users\Jim\AppData\Local\jolhrfki.log
c:\users\Jim\AppData\Local\kobwpmny.log
c:\users\Jim\AppData\Local\MossySkySA
c:\users\Jim\AppData\Local\MossySkySA\bin\2.0.15.0\copyright.txt
c:\users\Jim\AppData\Local\MossySkySA\data\MossySkySA.dat
c:\users\Jim\AppData\Local\nhcobbtd.log
c:\users\Jim\AppData\Local\unfupuoy.log
c:\users\Jim\AppData\Local\wjyrcwsc.log
c:\users\Jim\AppData\Local\yqmpkgov\hwecxgxm.exe
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hwecxgxm.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-21 20:42 . 2012-03-28 18:27 -------- d-----w- c:\users\Jim\AppData\Local\yqmpkgov
2012-03-20 14:30 . 2012-03-20 14:40 -------- d-----w- c:\users\Jim\Unigine Heaven
2012-03-20 14:29 . 2012-03-20 14:29 -------- d-----w- c:\program files (x86)\Unigine
2012-03-14 11:34 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:34 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:34 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 14:49 . 2010-08-26 09:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe
2012-03-10 14:49 . 2010-08-26 09:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe
2012-03-10 14:49 . 2010-08-25 19:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys
2012-03-10 14:49 . 2010-08-25 19:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys
2012-03-08 15:49 . 2012-03-08 15:49 -------- d-----w- c:\programdata\ATI
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\programdata\AMD
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-05 16:38 . 2012-03-05 16:39 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:46 . 2010-10-27 20:39 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-20 17:46 . 2010-10-25 21:15 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-20 17:45 . 2010-10-25 21:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-16 12:47 . 2010-10-25 21:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-29 16:03 . 2011-06-08 10:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2011-11-18 21:56 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-11-18 21:41 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-08-04 00:54 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-11-18 21:30 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-08-04 00:37 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-11-18 21:08 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-11-18 21:08 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-11-18 20:59 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-11-18 20:53 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2011-11-18 20:53 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2011-11-18 20:53 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-11-18 20:52 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-11-18 20:51 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-11-18 20:51 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-15 16:25 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 16:25 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 16:25 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 16:25 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:55 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\Valve\Steam\steam.exe" [2011-08-02 1242448]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4355888]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 960656]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-26 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-21 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdcjx64;Nokia USB Port;c:\windows\system32\drivers\nmwcdcjx64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377336]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"combofix"="c:\combofix\CF13946.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-HweCxgxm - c:\users\Jim\AppData\Local\yqmpkgov\hwecxgxm.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Downloader - f:\ad's music\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-20301431-3455662001-1420382125-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,c0,c5,6a,57,f3,e0,0e,4c,67,c2,f5,cc,3f,97,1b,ec,92,54,e1,7e,
91,2f,b3,ba,de,87,0f,be,2a,c6,ec,6b,42,95,30,da,68,63,38,93,5c,62,75,94,dc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe
.
**************************************************************************
.
Completion time: 2012-03-28 19:34:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 18:34
.
Pre-Run: 10,327,363,584 bytes free
Post-Run: 9,929,113,600 bytes free
.
- - End Of File - - 9190ABB0C196FA18D1443DB3696C91D4

Thanks

[WhiteHat]

Hi,

How is your computer?

# Step 1 #

Close any open browsers.

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Go to Start > Run and write (Copy/Paste): Notepad.exe. Then click in Ok.
• copy/paste the text in the quotebox below to notepad
  
  

  Folder::
  c:\users\Jim\AppData\Local\yqmpkgov

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Refering to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

# Step 2 #

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• In Extra Registry, select Use SafeList
• Under the Custom Scan box paste this in
  netsvcs
  msconfig
  drives
  %SYSTEMDRIVE%\*.*
  %systemdrive%\drivers\*.exe
  %systemroot%\system32\drivers\*.* /90
  %PROGRAMFILES%\*.*
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U /s
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
  HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[El Jimben]

My computer seems better after I run the scans i.e. more responsive, programs load instead of getting errors etc but if I then reboot I seem to be back where I was before. Your suggestions must be doing something though as I've managed to run OTL this time, here are the logs that you asked for:

ComboFix 12-03-28.02 - Jim 29/03/2012 19:58:33.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8191.6293 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFscript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jim\AppData\Local\yqmpkgov
c:\users\Jim\AppData\Local\yqmpkgov\hwecxgxm.exe
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hwecxgxm.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 19:02 . 2012-03-29 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 14:30 . 2012-03-20 14:40 -------- d-----w- c:\users\Jim\Unigine Heaven
2012-03-20 14:29 . 2012-03-20 14:29 -------- d-----w- c:\program files (x86)\Unigine
2012-03-14 11:34 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:34 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:34 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 14:49 . 2010-08-26 09:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe
2012-03-10 14:49 . 2010-08-26 09:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe
2012-03-10 14:49 . 2010-08-25 19:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys
2012-03-10 14:49 . 2010-08-25 19:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys
2012-03-08 15:49 . 2012-03-08 15:49 -------- d-----w- c:\programdata\ATI
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\programdata\AMD
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-05 16:38 . 2012-03-05 16:39 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:46 . 2010-10-27 20:39 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-20 17:46 . 2010-10-25 21:15 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-20 17:45 . 2010-10-25 21:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-16 12:47 . 2010-10-25 21:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-29 16:03 . 2011-06-08 10:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2011-11-18 21:56 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-11-18 21:41 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-08-04 00:54 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-11-18 21:30 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-08-04 00:37 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-11-18 21:08 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-11-18 21:08 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-11-18 20:59 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-11-18 20:53 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2011-11-18 20:53 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2011-11-18 20:53 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-11-18 20:52 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-11-18 20:51 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-11-18 20:51 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-15 16:25 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 16:25 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_18.29.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-28 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-29 18:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-28 18:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 18:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 21:52 . 2012-03-29 19:06 98804 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 19:06 53526 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-21 21:18 . 2012-03-29 19:06 19526 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-20301431-3455662001-1420382125-1001_UserData.bin
- 2012-03-28 18:29 . 2012-03-28 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 19:04 . 2012-03-29 19:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 19:04 . 2012-03-29 19:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 18:29 . 2012-03-28 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-10-25 20:52 . 2012-03-28 18:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-25 20:52 . 2012-03-29 18:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-03-29 19:00 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 18:16 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 19:00 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 18:16 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-28 18:28 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-29 19:02 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-10 23:42 . 2012-03-29 19:02 1544432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-10 23:42 . 2012-03-28 18:28 1544432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-01 18:14 . 2012-03-29 19:02 1536941 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-20301431-3455662001-1420382125-1001-12288.dat
- 2011-06-01 18:14 . 2012-03-28 18:28 1536941 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-20301431-3455662001-1420382125-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:55 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\Valve\Steam\steam.exe" [2011-08-02 1242448]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"HweCxgxm"="c:\users\Jim\AppData\Local\yqmpkgov\hwecxgxm.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4355888]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 960656]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-26 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-21 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdcjx64;Nokia USB Port;c:\windows\system32\drivers\nmwcdcjx64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377336]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-20301431-3455662001-1420382125-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,c0,c5,6a,57,f3,e0,0e,4c,67,c2,f5,cc,3f,97,1b,ec,92,54,e1,7e,
91,2f,b3,ba,de,87,0f,be,2a,c6,ec,6b,42,95,30,da,68,63,38,93,5c,62,75,94,dc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2012-03-29 20:09:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 19:09
ComboFix2.txt 2012-03-28 18:34
.
Pre-Run: 10,010,165,248 bytes free
Post-Run: 9,922,256,896 bytes free
.
- - End Of File - - 178937E4C86ECAE6F1CE78C0B8289E9D


OTL Extras logfile created on: 29/03/2012 20:15:14 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.11% Memory free
16.00 Gb Paging File | 13.95 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63.59 Gb Total Space | 9.34 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive E: | 457.02 Gb Total Space | 90.57 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive F: | 410.91 Gb Total Space | 199.27 Gb Free Space | 48.49% Space Free | Partition Type: NTFS
Drive M: | 14.91 Gb Total Space | 12.14 Gb Free Space | 81.46% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1259D05F-D20C-4E07-845E-5728C0E164B2}_is1" = Neocron Evolution 2.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-235C
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"AudioCS" = Creative Audio Control Panel
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitTorrent" = BitTorrent
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DivX Setup" = DivX Setup
"Downloader" = Downloader
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"ESN Sonar" = ESN Sonar
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Football Manager 2011" = Football Manager 2011
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"HD Tune_is1" = HD Tune 2.55
"jZip" = jZip
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"SopCast" = SopCast 3.4.7
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Steam App 10680" = Aliens vs. Predator
"Steam App 107900" = War Inc. Battlezone
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31280" = Poker Night at the Inventory
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 47780" = Dead Space 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Unigine Heaven DX11 Benchmark 2.5_is1" = Unigine Heaven DX11 Benchmark 2.5 version 2.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-20301431-3455662001-1420382125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"iTunes Agent 1.3.4" = iTunes Agent 1.3.4
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL logfile created on: 29/03/2012 20:15:14 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jim\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.11% Memory free
16.00 Gb Paging File | 13.95 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63.59 Gb Total Space | 9.34 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive E: | 457.02 Gb Total Space | 90.57 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive F: | 410.91 Gb Total Space | 199.27 Gb Free Space | 48.49% Space Free | Partition Type: NTFS
Drive M: | 14.91 Gb Total Space | 12.14 Gb Free Space | 81.46% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 15:03:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2012/03/16 13:47:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/12 16:55:35 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 16:55:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/12/07 21:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2011/08/22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/11/06 17:46:30 | 000,960,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/11/06 17:45:54 | 000,377,336 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/06 17:43:10 | 004,355,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 16:55:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/18 14:30:53 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/18 14:29:36 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/18 14:29:31 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/18 14:29:30 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/17 10:55:23 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/22 10:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/08/22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/08/22 10:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/08/22 10:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/08/22 10:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/08/22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/08/22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/08/22 10:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/21 17:38:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/16 13:47:38 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/12 16:55:35 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/21 22:17:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/11/06 17:46:02 | 000,828,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/15 03:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 10:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/29 21:57:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/11/29 21:57:16 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/04 22:21:02 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/11/04 22:21:02 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/11/04 22:20:55 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/08/25 20:39:00 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\prwntdrv.sys -- (prwntdrv)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/05/11 13:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/02 10:58:50 | 000,008,704 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/05/02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/06/28 11:46:20 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/08/25 20:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\prwntdrv.sys -- (prwntdrv)
DRV - [2010/05/27 01:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 64 12 53 65 71 CB 01 [binary data]
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\..\SearchScopes,DefaultScope = {1056F211-962B-4F54-AADF-01305CEAA414}
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\..\SearchScopes\{1056F211-962B-4F54-AADF-01305CEAA414}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: F:\Ad's Music\npdd.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: F:\Ad's Music\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: F:\Ad's Music\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 17:58:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 16:55:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 15:32:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/29 20:04:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTxfiHlp] C:\windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [P17RunE] C:\windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-20301431-3455662001-1420382125-1001..\Run: [HweCxgxm] C:\Users\Jim\AppData\Local\yqmpkgov\hwecxgxm.exe File not found
O4 - HKU\S-1-5-21-20301431-3455662001-1420382125-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-20301431-3455662001-1420382125-1001..\Run: [Steam] E:\Program Files\Valve\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-20301431-3455662001-1420382125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgasto...om/HomeVend.cab (HomeVendGasCard Class)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws..._4.1.72.0_x.cab (SysInfo Class)
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronener...yBoxControl.cab (KeyBox Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204B5DF8-2459-41F8-BCF0-933FEF0ABC42}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C3EF194-DEF5-450A-B2CA-4A7BCD941A23}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60026828-608F-4228-97B0-B486070CC208}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD01554F-B0F8-4A9C-8537-C77408391A2B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 20:09:39 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/29 20:04:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/28 19:18:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/28 19:18:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/28 19:18:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/28 19:18:35 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/28 19:18:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 19:15:15 | 004,448,457 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/03/26 13:13:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
[2012/03/26 12:18:14 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/03/20 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\Unigine Heaven
[2012/03/20 15:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2012/03/20 15:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2012/03/14 12:34:56 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/14 12:34:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/14 12:34:55 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/14 12:32:29 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/14 12:32:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/14 12:32:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/14 12:32:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/14 12:32:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/14 12:32:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/12 16:34:25 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\New folder
[2012/03/10 15:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Recovery 5.0.1
[2012/03/08 16:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/08 16:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/08 16:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/03/08 16:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/08 16:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/05 17:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

========== Files - Modified Within 30 Days ==========

[2012/03/29 20:13:29 | 000,014,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 20:13:29 | 000,014,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 20:04:23 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/03/29 20:04:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/29 20:03:37 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 20:02:43 | 000,060,796 | ---- | M] () -- C:\windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/03/29 20:02:43 | 000,060,796 | ---- | M] () -- C:\windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/03/29 20:02:43 | 000,000,820 | ---- | M] () -- C:\windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/03/29 20:00:40 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/29 20:00:40 | 000,628,414 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/29 20:00:40 | 000,110,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/28 19:12:20 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/03/26 13:15:14 | 000,000,512 | ---- | M] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/03/26 12:41:17 | 092,733,431 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/03/26 12:15:01 | 000,012,790 | ---- | M] () -- C:\Users\Jim\Desktop\scan.csv
[2012/03/26 11:57:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jim\Desktop\aswMBR.exe
[2012/03/22 15:03:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/03/21 11:42:29 | 000,287,118 | ---- | M] () -- C:\Users\Jim\Desktop\Delivery.jpg
[2012/03/20 18:46:03 | 000,282,864 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/03/20 18:46:03 | 000,282,864 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/03/20 18:45:53 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/03/20 16:55:07 | 000,109,134 | ---- | M] () -- C:\Users\Jim\Desktop\775-1100.jpg
[2012/03/20 16:53:52 | 000,003,400 | ---- | M] () -- C:\Users\Jim\unigine_20120320_1553.html
[2012/03/20 16:37:34 | 000,003,400 | ---- | M] () -- C:\Users\Jim\unigine_20120320_1537.html
[2012/03/19 21:56:56 | 000,228,395 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/16 13:47:38 | 000,076,888 | ---- | M] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/03/14 17:23:29 | 000,414,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/08 16:44:12 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/08 15:38:38 | 000,545,074 | ---- | M] () -- C:\Users\Jim\Desktop\Q9650 proof.jpg
[2012/03/01 19:10:43 | 000,153,232 | ---- | M] () -- C:\Users\Jim\Desktop\Sick pot.jpg
[2012/02/29 17:03:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/28 19:18:37 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/28 19:18:37 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/28 19:18:37 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/28 19:18:37 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/28 19:18:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/26 13:15:14 | 000,000,512 | ---- | C] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/03/26 12:15:01 | 000,012,790 | ---- | C] () -- C:\Users\Jim\Desktop\scan.csv
[2012/03/21 11:42:28 | 000,287,118 | ---- | C] () -- C:\Users\Jim\Desktop\Delivery.jpg
[2012/03/20 16:55:07 | 000,109,134 | ---- | C] () -- C:\Users\Jim\Desktop\775-1100.jpg
[2012/03/20 16:53:52 | 000,003,400 | ---- | C] () -- C:\Users\Jim\unigine_20120320_1553.html
[2012/03/20 16:37:34 | 000,003,400 | ---- | C] () -- C:\Users\Jim\unigine_20120320_1537.html
[2012/03/10 15:49:32 | 000,098,696 | ---- | C] () -- C:\windows\SysWow64\setupprwdrv03.exe
[2012/03/10 15:49:32 | 000,096,648 | ---- | C] () -- C:\windows\SysNative\setupprwdrvx64.exe
[2012/03/10 15:49:32 | 000,016,776 | ---- | C] () -- C:\windows\SysNative\prwntdrv.sys
[2012/03/10 15:49:32 | 000,013,704 | ---- | C] () -- C:\windows\SysWow64\prwntdrv.sys
[2012/03/08 16:44:12 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/08 15:37:36 | 000,545,074 | ---- | C] () -- C:\Users\Jim\Desktop\Q9650 proof.jpg
[2012/03/01 19:10:43 | 000,153,232 | ---- | C] () -- C:\Users\Jim\Desktop\Sick pot.jpg
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011/11/14 21:15:45 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2011/11/14 21:15:45 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2011/11/14 21:15:44 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2011/11/14 21:15:44 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll
[2011/09/30 11:24:52 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/06/30 21:48:31 | 000,682,280 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/02/24 14:22:01 | 000,000,242 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/02/24 14:22:01 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/02/24 14:21:39 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/02/24 14:21:39 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011/02/24 14:21:13 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/02/14 22:29:20 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\AsIO.dll
[2011/02/14 22:29:20 | 000,014,392 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011/02/13 22:57:31 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011/02/13 22:45:04 | 000,000,079 | ---- | C] () -- C:\Users\Jim\AppData\Local\CrystalDiskMark30.ini
[2011/01/10 18:06:51 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2010/12/16 20:07:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/14 20:45:10 | 000,000,000 | ---- | C] () -- C:\windows\Bench32.INI
[2010/10/26 17:52:45 | 000,000,760 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\setup_ldm.iss
[2010/10/25 22:15:03 | 000,282,864 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/10/25 22:15:02 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2010/10/25 22:15:02 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010/10/25 18:38:49 | 000,007,598 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/10/21 22:16:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/10/21 22:15:25 | 000,166,912 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL
[2010/10/21 22:15:25 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL
[2010/07/07 22:23:10 | 000,017,868 | ---- | C] () -- C:\windows\SysWow64\instwdm.ini
[2010/07/07 22:23:06 | 000,000,054 | ---- | C] () -- C:\windows\SysWow64\ctzapxx.ini
[2010/07/07 21:36:44 | 000,014,336 | ---- | C] ( ) -- C:\windows\SysWow64\a3d.dll
[2010/07/07 21:33:04 | 000,002,560 | ---- | C] () -- C:\windows\SysWow64\CTXFIRES.DLL
[2010/07/07 21:21:00 | 000,384,647 | ---- | C] () -- C:\windows\SysWow64\ctdnlstr.dat
[2010/07/07 21:21:00 | 000,051,787 | ---- | C] () -- C:\windows\SysWow64\ctdlang.dat
[2010/07/07 21:10:30 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\enlocstr.exe
[2010/07/07 21:10:22 | 000,012,800 | ---- | C] ( ) -- C:\windows\SysWow64\killapps.exe

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 64.00GB
Starting Offset: 4096
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 868.00GB
Starting Offset: 68279318528
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/03/29 20:09:38 | 000,030,579 | ---- | M] () -- C:\ComboFix.txt
[2012/03/29 20:03:37 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 20:03:37 | 4293,976,063 | -HS- | M] () -- C:\pagefile.sys
[2012/01/14 17:59:36 | 000,078,800 | ---- | M] () -- C:\shared.log

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/31 11:56:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/31 11:56:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/31 11:56:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/31 11:56:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/31 11:56:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/31 11:56:04 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/31 11:56:04 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/31 11:56:04 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/31 11:56:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/31 11:56:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[WhiteHat]

# Step 1 #

Close any open browsers.

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Go to Start > Run and write (Copy/Paste): Notepad.exe. Then click in Ok.
• copy/paste the text in the quotebox below to notepad
  
  

  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HweCxgxm"=-
  
  Folder::
  c:\users\Jim\AppData\Local\yqmpkgov\

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Refering to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

# Step 2 #

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be
  prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[El Jimben]

GLeobas,

Here is the newest ComboFix log:

ComboFix 12-03-28.02 - Jim 31/03/2012 17:18:51.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8191.6458 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 16:22 . 2012-03-31 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 14:30 . 2012-03-20 14:40 -------- d-----w- c:\users\Jim\Unigine Heaven
2012-03-20 14:29 . 2012-03-20 14:29 -------- d-----w- c:\program files (x86)\Unigine
2012-03-14 11:34 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:34 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:34 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:32 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:32 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:32 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 14:49 . 2010-08-26 09:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe
2012-03-10 14:49 . 2010-08-26 09:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe
2012-03-10 14:49 . 2010-08-25 19:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys
2012-03-10 14:49 . 2010-08-25 19:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys
2012-03-08 15:49 . 2012-03-08 15:49 -------- d-----w- c:\programdata\ATI
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\programdata\AMD
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 15:44 . 2012-03-08 15:44 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-05 16:38 . 2012-03-05 16:39 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:46 . 2010-10-27 20:39 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-20 17:46 . 2010-10-25 21:15 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-20 17:45 . 2010-10-25 21:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-16 12:47 . 2010-10-25 21:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-29 16:03 . 2011-06-08 10:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2011-11-18 21:56 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-11-18 21:41 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-08-04 00:54 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-11-18 21:30 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-08-04 00:37 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-11-18 21:08 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-11-18 21:08 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-11-18 20:59 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-11-18 20:53 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2011-11-18 20:53 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2011-11-18 20:53 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-11-18 20:52 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-11-18 20:51 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-11-18 20:51 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-15 16:25 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 16:25 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_18.29.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-28 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-31 16:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-28 18:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 16:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 18:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 16:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 21:52 . 2012-03-31 16:26 99034 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 16:26 53590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-21 21:18 . 2012-03-31 16:26 19550 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-20301431-3455662001-1420382125-1001_UserData.bin
- 2012-03-28 18:29 . 2012-03-28 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 16:24 . 2012-03-31 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 16:24 . 2012-03-31 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 18:29 . 2012-03-28 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-10-25 20:52 . 2012-03-28 18:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-25 20:52 . 2012-03-31 16:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-03-31 16:17 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 18:16 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 16:17 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 18:16 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-28 18:28 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-31 16:22 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-10 23:42 . 2012-03-31 16:22 1544432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-10 23:42 . 2012-03-28 18:28 1544432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-01 18:14 . 2012-03-31 16:22 1536941 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-20301431-3455662001-1420382125-1001-12288.dat
- 2011-06-01 18:14 . 2012-03-28 18:28 1536941 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-20301431-3455662001-1420382125-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:55 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 188416 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\Valve\Steam\steam.exe" [2011-08-02 1242448]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4355888]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 960656]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-26 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-21 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdcjx64;Nokia USB Port;c:\windows\system32\drivers\nmwcdcjx64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377336]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-20301431-3455662001-1420382125-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,c0,c5,6a,57,f3,e0,0e,4c,67,c2,f5,cc,3f,97,1b,ec,92,54,e1,7e,
91,2f,b3,ba,de,87,0f,be,2a,c6,ec,6b,42,95,30,da,68,63,38,93,5c,62,75,94,dc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2012-03-31 17:29:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 16:29
ComboFix2.txt 2012-03-29 19:09
ComboFix3.txt 2012-03-28 18:34
.
Pre-Run: 10,312,433,664 bytes free
Post-Run: 10,085,019,648 bytes free
.
- - End Of File - - F690895CBE577B8FFB105260AB3B6F09


Regarding MBAM, I installed it and was running a scan on Saturday but I had to abort it was I was going out. Now when I try to use the program it doesn't even load, I've reinstalled it but that doesn't help things. I tried the mbam-rules.exe way also but seemingly my PC doesn't like downloads at the moment as they all get to 99% completed with 1 second remaining and then they freeze

Edited by El Jimben, 02 April 2012 - 09:28 AM.

[WhiteHat]

...

Edited by GLeobas, 02 April 2012 - 04:51 PM.

[El Jimben]

What happened with your last post?

Ok so I tried running MBAM in safe mode where it found and removed 9 suspect entries but it said that it couldn't save the log for some reason. I can now run the program in Windows normally so here is the most recent log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: PC [administrator]

03/04/2012 18:30:22
mbam-log-2012-04-03 (18-30-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 559808
Time elapsed: 52 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I have also managed to enable User Access Control so I think we are getting somewhere. However I am still having issues launching certain programs, for instance if I try running Origin in order to play Battlefield 3 I get the following error message 'The application was unable to start correctly (0cx0000022). Click OK to close the application.

[WhiteHat]

Hi,

Sorry for delay,

What happened with your last post?

Sorry about that, I made a little confuse with the topics.

Please, try to reinstall the Battlefield.

Disable your antivirus software

• Acess the Eset Online Scanner website using Internet Explorer navigator.
  http://www.eset.com/...escan/index.php
• Do the scan according the image:
  
  
• At the end, check the box "Delete Quarantined files" and click in [FINISH]
• It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
  PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
• Post that log.

[El Jimben]

Here is the log:

C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SBGWLF0P\winterun-heavy-rain[1].htm JS/Agent.NEZ trojan cleaned by deleting - quarantined
C:\Users\Jim\AppData\Local\Temp\yccwaiasgkvsqpdc.exe a variant of Win32/Kryptik.ADDQ trojan cleaned by deleting - quarantined
E:\Program Files\Valve\Steam\dbg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\Unwise32.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\fltkdll.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\glew32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\glut32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\keyhook.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\libogg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\libtheora.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\libvorbis.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\libvorbisfile.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\Newton.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\SDL.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\amnesia the dark descent\zlibwapi.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\pbag.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\pbags.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\pbcl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\pbcls.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\pbsv.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\dll\wa001382.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\dll\wc002158.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\dll\wc002237.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\battlefield bad company 2\pb\dll\ws001773.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbag.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbags.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbcl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbclold.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbcls.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\pbsv.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\dll\wa001409.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\dll\wc002176.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\dll\wc002199.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\call of duty world at war\pb\dll\wc002201.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis warhead\runme.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis warhead\installers\VC80_Redist\vcredist_x64.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis warhead\installers\VC80_Redist\vcredist_x86.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\runme.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\atimgpud.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\CrysisWarsDedicatedServer.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\fmodex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\fmod_event.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\fmod_event_net.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\ijl15.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\Bin32\IntelLaptopGaming.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\installers\VC80_Redist\vcredist_x86.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\PB\pbag.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\PB\pbcl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\crysis wars\PB\pbsv.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\fear2\gamedatabase.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\fear2\game\gameclient.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\fear2\game\gameserver.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto iv\GTAIV\paul.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto iv\GTAIV\Activation\paul.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto iv episodes from liberty city\EFLC\paul.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto iv episodes from liberty city\EFLC\Activation\paul.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto iv episodes from liberty city\Installers\vcredist_x86.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto san andreas\eax.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto san andreas\ogg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto san andreas\vorbis.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grand theft auto san andreas\vorbisFile.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grid\binkw32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\grid\openal\oalinst.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\bin\Mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\bin\NovintHFX_0.5.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\bin\rdmwin32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\bin\vaudio_speex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\bugreporter.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\rdmwin32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\shaderapidx10.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\left 4 dead 2\bin\vaudio_speex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\portal2.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\adminserver.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\bsppack.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\bugreporter_filequeue.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\bugreporter_public.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\datacache.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\engine.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\filesystemopendialog.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\filesystem_stdio.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\inputsystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\launcher.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\localize.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\materialsystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\mdllib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\rdmwin32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\scenefilecache.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\serverbrowser.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\serverplugin_empty.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\shaderapidx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\shaderapiempty.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\soundemittersystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\soundsystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\stdshader_dbg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\stdshader_dx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\studiorender.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\texturecompile_dll.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\tier0.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\unitlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\valve_avi.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vaudio_miles.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vaudio_speex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vgui2.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vguimatsurface.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vphysics.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vscript.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vstdlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\bin\vtex_dll.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\portal 2\portal2\bin\matchmaking.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\BugTrap.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\dbghelp.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\eax.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\msvcp80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\msvcr80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\ode.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\stlport.5.0.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\wrap_oal.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrCDB.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrCore.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrD3D9-Null.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrGame.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrGameSpy.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrLUA.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrNetServer.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrParticles.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrSound.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\xrXMLParser.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\dedicated\msvcp80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\dedicated\msvcr80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\star wars the force unleashed\mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\CrashSender.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\fmodex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\fmod_event.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\fmod_event_net.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\PhysXCooking.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\PhysXCore.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\PhysXDevice.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\common\warincbattlezone\PhysXLoader.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\counter-strike source\bin\libsasl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\counter-strike source\bin\sixense_utils.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\counter-strike source\bin\TrackerNET.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\counter-strike source\bin\TrackerUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\hl2.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\AdminServer.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\bsppack.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\bugreporter_public.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\datacache.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\datamodel.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\dmserializers.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\engine.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\FileSystem_Steam.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\friendsui.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\GameUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\MaterialSystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\Mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\parsifal.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\ServerBrowser.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\shaderapidx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\shaderapiempty.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\SoundEmitterSystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\stdshader_dbg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\stdshader_dx6.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\stdshader_dx7.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\stdshader_dx8.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\stdshader_dx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\steam_api.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\StudioRender.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\tier0.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\tier0_s.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\TrackerNET.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\TrackerUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\unicode.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\unitlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\valve_avi.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vaudio_miles.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vgui2.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vguimatsurface.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vphysics.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vstdlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vstdlib_s.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2\bin\vtex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 deathmatch\bin\libsasl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 deathmatch\bin\TrackerNET.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 deathmatch\bin\TrackerUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\hl2.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\AdminServer.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\bsppack.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\bugreporter_public.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\datacache.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\datamodel.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\dmserializers.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\engine.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\FileSystem_Steam.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\friendsui.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\GameUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\MaterialSystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\Mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\parsifal.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\ServerBrowser.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\shaderapidx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\shaderapiempty.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\SoundEmitterSystem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\stdshader_dbg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\stdshader_dx6.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\stdshader_dx7.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\stdshader_dx8.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\stdshader_dx9.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\steam_api.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\StudioRender.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\tier0.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\tier0_s.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\TrackerNET.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\TrackerUI.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\unicode.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\unitlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\valve_avi.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vaudio_miles.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vgui2.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vguimatsurface.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vphysics.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vstdlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vstdlib_s.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\bin\vtex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\lostcoast\bin\client.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\half-life 2 lostcoast\lostcoast\bin\server.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\datamodel.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\dmserializers.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\friendsui.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\Mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\rdmwin32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\vaudio_speex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\portal\bin\vtex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\dbg.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\DemoPlayer.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\hlds.exe Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\Mss32.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\steam_api.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\steam_api_c.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\tier0.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\vgui.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\voice_miles.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\voice_speex.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\vstdlib.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\gldrv\3dfxgl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\platform\servers\serverbrowser.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files\Valve\Steam\SteamApps\trailblaz3r\team fortress classic\valve\cl_dlls\particleman.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\8N2esC3 a variant of Win32/Kryptik.ADDQ trojan cleaned by deleting - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Engine.BuildInfo_Win32_Retail_dll.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\msvcp80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\msvcr80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\phonon4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtCore4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtGui4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtNetwork4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtWebKit4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtXml4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\QtXmlPatterns4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\codecs\qcncodecs4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\codecs\qjpcodecs4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\codecs\qjpcodecsd4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\codecs\qkrcodecs4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\imageformats\msvcr80.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\imageformats\qgif4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\imageformats\qico4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\Core\imageformats\qjpeg4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\pb\pbag.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\pb\pbcl.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\pb\dll\wa001386.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Battlefield 3\pb\dll\wc002279.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Crysis 2\bin32\EACore\Mem.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Crysis 2\bin32\EACore\QtCore4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Crysis 2\bin32\EACore\QtGui4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Crysis 2\bin32\EACore\QtNetwork4.dll Win32/Ramnit.R virus cleaned - quarantined
E:\Program Files (x86)\Origin\Crysis 2\bin32\EACore\QtXml4.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\Byteshield.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\dd.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\Downloader.exe Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\IntelLaptopGamingVista.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\IntelLaptopGamingXP.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\npdd.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\saAudit2005MT.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\xerces-c_3_0.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\drm\Byteshield.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\drm\msvcp71.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\drm\msvcp80.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\drm\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\drm\msvcr80.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\awt.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\axbridge.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\deploy.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\instrument.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\jli.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\jpicom.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\jpiexp.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\jpinscp.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\jpioji.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\npoji610.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\regutils.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\wsdetect.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\client\jvm.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\bin\new_plugin\msvcr71.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\lib\deploy\lzma.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\jre\lib\deploy\jqs\ie\jqs_plugin.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\Microsoft.VC90.CRT\msvcm90.dll Win32/Ramnit.R virus cleaned - quarantined
F:\Ad's Music\Football Manager\Uninstall_Football Manager 2011\resource\iawin32.dll Win32/Ramnit.R virus cleaned - quarantined
Operating memory a variant of Win32/Ramnit.L virus

[WhiteHat]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.


Select all drivers connected in your computer:



Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip