Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Needing help with virus removal


  • This topic is locked This topic is locked
18 replies to this topic

#1 MentalMiggy

MentalMiggy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 29 December 2014 - 10:20 AM

In the past, I have always had good success with removing viruses and spyware that plagued my pc.  However, around 2 months ago, I  became infected with a virus that I am unable to remove.  It is constantly opening processes on my pc (Usually internet explorer processes) and whilst I am able to temporarily fix the issue with a virus scan and removal and clearance of temp files, it is usually just a matter of an hour or so before it returns with a vengeance.
Therefore I am turning to your community for help with the issue.  I would be very grateful if someone would be able to help me deal with this matter.
A pc restore is out of the question for me as I have too many recent files that I now depend on.
Thankyou in advance for your time.

I enclose a Hijack this log -
*Note*   - Upon starting hijack this I received an error that there was a problem with file access and that fixes may need to be made manually via notepad, or something to that effect.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:59:01, on 29/12/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB6FA.exe
C:\Users\lenovo\Desktop\KSP 0.90 mods\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Ehtion] C:\Windows\SysWOW64\regsvr32.exe C:\Users\lenovo\AppData\Local\YgPack\EPNHTE5A.DLL
O4 - HKCU\..\Run: [Odics] regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\CNBP_270.DLL
O4 - HKCU\..\Run: [Odics Update] regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\chrome.dll
O4 - HKCU\..\Run: [Vyohola] "C:\Users\lenovo\AppData\Roaming\Xiibohiq\ewelli.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: bthudtask.lnk = lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe
O4 - Startup: CertEnrollCtrl.lnk = lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\CertEnrollCtrl.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) -
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11730 bytes
 


Edited by MentalMiggy, 29 December 2014 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 29 December 2014 - 07:59 PM

Hello MentalMiggy,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 30 December 2014 - 04:59 AM

Hello Fireman4t and thanks for helping me. 
The information you requested is below.  I have not yet clicked the fix button in the FRST scan yet, but include all reports.

Adwcleaner report

# AdwCleaner v4.106 - Report created 30/12/2014 at 09:37:17
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : lenovo - USER
# Running from : C:\Users\lenovo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\FreeFixer
Folder Deleted : C:\Users\lenovo\AppData\Local\FreeFixer
Folder Deleted : C:\Users\lenovo\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\lenovo\AppData\Roaming\RHEng
Folder Deleted : C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Headlight
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[wno0ky5l.default\prefs.js] - Line Deleted : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]
[wno0ky5l.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6733 octets] - [30/12/2014 09:36:47]
AdwCleaner[S0].txt - [6669 octets] - [30/12/2014 09:37:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6729 octets] ##########






FARBAR RECOVERY SCAN TOOL REPORT

FIRST.TXT


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by lenovo (administrator) on USER on 30-12-2014 09:44:25
Running from C:\Users\lenovo\Desktop
Loaded Profile: lenovo (Available profiles: lenovo)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Users\lenovo\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-06-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-04-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-04-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-16] (BitTorrent Inc.)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-29] (Electronic Arts)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Ehtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\lenovo\AppData\Local\YgPack\EPNHTE5A.DLL
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Odics] => regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\CNBP_270.DLL <===== ATTENTION
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Odics Update] => regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\chrome.dll
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Vyohola] => "C:\Users\lenovo\AppData\Roaming\Xiibohiq\ewelli.exe"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Policies\Explorer: [Run] "C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\MountPoints2: G - "G:\Setup.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk
ShortcutTarget: bthudtask.lnk -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe ()
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertEnrollCtrl.lnk
ShortcutTarget: CertEnrollCtrl.lnk -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\CertEnrollCtrl.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wno0ky5l.default
FF Homepage: https://www.google.co.uk/?gfe_rd=cr&ei=h4yHVKbMKuWq8weI-4CYCg&gws_rd=ssl
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1445865960-1511351029-1830294975-1002: ubisoft.com/uplaypc -> C:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll (Ubisoft)
FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wno0ky5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-27] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-25] (Disc Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 vhidmini; C:\Windows\System32\drivers\vjoy.sys [45168 2014-04-21] (Shaul Eizikovich)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [45168 2014-04-21] (Shaul Eizikovich)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
S3 MFE_RR; \??\C:\Users\lenovo\AppData\Local\Temp\mfe_rr.sys [X]
S3 vm331avs; \SystemRoot\System32\Drivers\vm331avs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 09:44 - 2014-12-30 09:45 - 00020378 _____ () C:\Users\lenovo\Desktop\FRST.txt
2014-12-30 09:43 - 2014-12-30 09:44 - 00000000 ____D () C:\FRST
2014-12-30 09:40 - 2014-12-30 09:43 - 00006930 _____ () C:\Users\lenovo\Desktop\bleepingcomputer.txt
2014-12-30 09:35 - 2014-12-30 09:37 - 00000000 ____D () C:\AdwCleaner
2014-12-30 09:33 - 2014-12-30 09:33 - 02123264 _____ (Farbar) C:\Users\lenovo\Desktop\FRST64.exe
2014-12-30 09:32 - 2014-12-30 09:32 - 02173952 _____ () C:\Users\lenovo\Desktop\AdwCleaner.exe
2014-12-29 15:58 - 2014-12-29 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\lenovo\Desktop\HijackThis.exe
2014-12-28 15:31 - 2014-12-28 15:31 - 00000908 _____ () C:\Users\Public\Desktop\UPDATED - REX Texture Direct Manual.lnk
2014-12-28 00:51 - 2014-12-28 01:45 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Xiibohiq
2014-12-27 23:39 - 2014-12-27 23:39 - 00000000 ____D () C:\Users\lenovo\Desktop\ksp mods needing update
2014-12-27 20:02 - 2014-12-27 20:06 - 00000276 _____ () C:\Users\lenovo\Desktop\avgrep.txt
2014-12-27 01:34 - 2014-12-27 01:34 - 00000044 _____ () C:\Users\lenovo\Desktop\fseco.ini
2014-12-26 00:08 - 2014-12-26 13:30 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Roeged
2014-12-25 23:08 - 2014-12-25 23:08 - 00001921 _____ () C:\Users\lenovo\Desktop\The Vanishing of Ethan Carter.lnk
2014-12-25 23:08 - 2014-12-25 23:08 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\The Vanishing of Ethan Carter
2014-12-25 16:15 - 2014-11-17 20:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-25 16:15 - 2014-11-17 20:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-25 16:15 - 2014-11-14 06:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-25 16:15 - 2014-11-14 06:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-25 16:15 - 2014-11-14 06:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-25 16:15 - 2014-11-14 06:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-25 16:15 - 2014-11-14 06:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-25 16:15 - 2014-11-14 04:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-25 14:55 - 2014-12-25 14:55 - 00000966 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-12-25 14:53 - 2014-12-25 14:53 - 00005174 _____ () C:\WINDOWS\DPINST.LOG
2014-12-25 14:53 - 2014-12-25 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-12-25 14:52 - 2014-12-25 14:53 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-12-25 14:52 - 2014-12-25 14:52 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-12-23 20:47 - 2010-03-08 10:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2014-12-23 15:05 - 2014-12-23 16:19 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Alexfuba
2014-12-21 15:19 - 2014-12-21 15:53 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Opzeze
2014-12-21 15:01 - 2014-12-27 22:55 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Mevono
2014-12-20 13:59 - 2014-12-30 09:33 - 00000000 ____D () C:\Users\lenovo\Desktop\KSP 0.90 mods
2014-12-17 03:40 - 2014-12-17 03:40 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\11bitstudios
2014-12-17 03:11 - 2014-12-17 03:11 - 00001705 _____ () C:\Users\lenovo\Desktop\This War of Mine.lnk
2014-12-17 03:11 - 2014-12-17 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
2014-12-16 17:18 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-16 17:18 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-16 17:18 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-14 18:01 - 2014-12-14 18:01 - 00000806 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-12-14 18:01 - 2014-12-14 18:01 - 00000798 _____ () C:\Users\lenovo\Desktop\Toribash.lnk
2014-12-13 19:34 - 2014-12-13 19:34 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)
2014-12-13 16:20 - 2014-12-13 16:20 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.14.2.2s (18 DLC)(2014)
2014-12-12 17:13 - 2014-12-12 17:13 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\SpinTires
2014-12-12 17:12 - 2014-12-12 17:12 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spintires v27-10-14
2014-12-12 00:02 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 00:02 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 15:33 - 2014-11-26 21:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-10 15:33 - 2014-11-26 21:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 15:28 - 2014-12-10 15:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 10:55 - 2014-12-10 10:56 - 00000000 ____D () C:\Users\lenovo\AppData\Local\NPE
2014-12-10 10:55 - 2014-12-10 10:56 - 00000000 ____D () C:\ProgramData\Norton
2014-12-10 09:56 - 2014-12-10 15:26 - 00000000 ____D () C:\d4fe597563fbbe5aedbb1e7017
2014-12-10 08:31 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 08:31 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 08:31 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 08:31 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 00:24 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 00:24 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 00:24 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 00:24 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 00:23 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 00:23 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 00:23 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 00:23 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 00:23 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 00:23 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 00:23 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 00:23 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 00:23 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 00:23 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 00:23 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 00:23 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 00:23 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 00:23 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 00:23 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 00:23 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 00:23 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 00:23 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 00:23 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 00:23 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 00:23 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 00:23 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 00:23 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 00:23 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 00:23 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 00:23 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 00:23 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 00:23 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 00:23 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 00:23 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 00:23 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 00:23 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 00:23 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 00:23 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 00:23 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 00:23 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 00:23 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 00:23 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 00:23 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 23:51 - 2014-12-24 01:46 - 00000000 ____D () C:\Users\lenovo\AppData\Local\AVG Web TuneUp
2014-12-09 23:51 - 2014-12-09 23:50 - 00052000 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-12-09 23:50 - 2014-12-09 23:51 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-09 23:50 - 2014-12-09 23:50 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-12-09 23:50 - 2014-12-09 23:50 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-09 23:37 - 2014-12-10 15:31 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Oniwexse
2014-12-07 20:34 - 2014-12-08 12:34 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Ydivix
2014-12-07 05:44 - 2014-12-07 05:44 - 00000000 ____D () C:\Users\lenovo\AppData\Local\SKIDROW
2014-12-06 23:29 - 2014-12-07 01:26 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Ofdaqe
2014-12-06 15:55 - 2014-12-06 15:55 - 00001744 _____ () C:\Users\Public\Desktop\Frozen Synapse Prime.lnk
2014-12-06 15:55 - 2014-12-06 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Eleven
2014-12-06 12:13 - 2014-12-06 12:13 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 12:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-06 12:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-06 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-05 20:21 - 2014-12-06 13:54 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Cuarybt
2014-12-04 20:25 - 2014-12-04 20:25 - 00000683 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Men of War Assault Squad 2.lnk
2014-12-04 20:25 - 2014-12-04 20:25 - 00000671 _____ () C:\Users\Public\Desktop\Men of War Assault Squad 2.lnk
2014-12-03 18:00 - 2014-12-27 22:54 - 00000000 ____D () C:\Users\lenovo\Desktop\eurotruck mods
2014-12-02 21:43 - 2014-12-02 21:43 - 00000643 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Company of Heroes 2.lnk
2014-12-02 21:43 - 2014-12-02 21:43 - 00000631 _____ () C:\Users\Public\Desktop\Company of Heroes 2.lnk
2014-12-01 20:02 - 2014-12-27 22:53 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Goazixt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 09:44 - 2014-03-24 20:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445865960-1511351029-1830294975-1002
2014-12-30 09:43 - 2014-09-05 21:13 - 01691269 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-30 09:39 - 2014-09-28 02:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 09:39 - 2014-09-05 20:58 - 00082680 _____ () C:\WINDOWS\PFRO.log
2014-12-30 09:39 - 2014-08-22 22:40 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-12-30 09:39 - 2014-06-14 15:03 - 00119296 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2014-12-30 09:39 - 2014-04-01 22:33 - 00000000 __RDO () C:\Users\lenovo\SkyDrive
2014-12-30 09:39 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 09:38 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-30 09:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-30 08:11 - 2014-05-16 16:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-30 04:15 - 2014-05-14 09:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2D00F0B-0531-42B6-B0FA-868CB0FB60FC}
2014-12-28 15:23 - 2014-09-25 11:04 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\GetRightToGo
2014-12-28 04:25 - 2014-09-05 17:12 - 00000000 ____D () C:\Users\lenovo\Documents\Flight Simulator X Files
2014-12-28 03:42 - 2013-11-14 07:17 - 00000000 ____D () C:\WINDOWS\SKB
2014-12-28 03:35 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\YgPack
2014-12-28 03:17 - 2014-11-14 06:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 02:58 - 2014-03-25 19:11 - 00000000 ____D () C:\Users\lenovo\AppData\Local\CrashDumps
2014-12-28 02:28 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Odics
2014-12-28 02:03 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-28 00:26 - 2014-03-25 18:41 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Nitro PDF
2014-12-27 22:58 - 2014-11-29 15:38 - 00000000 ____D () C:\Users\lenovo\Documents\Euro Truck Simulator 2
2014-12-27 22:28 - 2014-01-20 10:44 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Adobe
2014-12-27 22:25 - 2013-11-14 07:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 14:37 - 2014-10-25 14:56 - 00000000 ____D () C:\Users\lenovo\Desktop\ksp
2014-12-27 07:49 - 2014-06-27 18:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-27 02:05 - 2014-10-02 15:41 - 00012647 _____ () C:\Users\lenovo\Desktop\fsx.CFG
2014-12-25 23:53 - 2014-03-25 18:02 - 00000000 ____D () C:\Users\lenovo\Documents\My Games
2014-12-25 23:19 - 2014-11-13 19:43 - 00000341 _____ () C:\Users\lenovo\Desktop\Voice activated commands purchase.txt
2014-12-25 23:19 - 2014-09-08 14:32 - 00000000 ____D () C:\Users\lenovo\Desktop\FSX FRESH CFG (Highmemfix only)
2014-12-25 23:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-25 23:10 - 2014-03-24 15:27 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\uTorrent
2014-12-25 23:08 - 2014-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-12-25 22:58 - 2014-03-25 08:06 - 00000000 ____D () C:\Games
2014-12-25 20:07 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-25 16:16 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-25 16:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-25 14:54 - 2014-11-05 14:30 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Avg2015
2014-12-25 14:53 - 2013-09-14 20:23 - 00000000 ____D () C:\Program Files\DIFX
2014-12-25 14:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 16:19 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-12-21 16:30 - 2014-11-20 22:25 - 00000000 ____D () C:\2-click run
2014-12-21 16:24 - 2013-09-14 20:20 - 00000000 ____D () C:\Program Files (x86)\FreeRide Games
2014-12-21 15:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2014-12-20 22:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-18 16:36 - 2014-11-24 08:45 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\FrameworkUpdate
2014-12-18 15:53 - 2014-11-15 10:42 - 00000000 _____ () C:\ProgramData\@system.temp
2014-12-17 03:38 - 2014-09-05 16:55 - 00303360 _____ () C:\WINDOWS\DirectX.log
2014-12-16 17:18 - 2014-09-08 09:25 - 00002750 _____ () C:\WINDOWS\setupact.log
2014-12-13 22:10 - 2014-08-14 20:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 22:10 - 2014-08-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 19:35 - 2014-11-20 22:25 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-12-13 18:14 - 2014-08-14 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 00:12 - 2014-09-28 02:07 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-12 22:55 - 2014-11-28 19:07 - 00000000 ____D () C:\Users\lenovo\Desktop\new minecraft stuff
2014-12-12 22:16 - 2014-03-25 00:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-12 01:41 - 2014-08-20 16:17 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Adobe
2014-12-12 01:40 - 2014-03-25 00:01 - 00003644 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:15 - 2014-04-26 23:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-10 15:35 - 2014-11-15 10:42 - 00000416 ____H () C:\ProgramData\@system3.att
2014-12-10 15:28 - 2014-07-12 03:37 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-09 23:54 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-12-09 23:51 - 2014-07-29 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 23:15 - 2014-03-24 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-07 01:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Vss
2014-12-06 12:13 - 2014-11-14 06:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 12:13 - 2014-11-14 06:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 04:59 - 2014-08-10 21:01 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Wings of Prey
2014-11-30 14:49 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Help

Some content of TEMP:
====================
C:\Users\lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\lenovo\AppData\Local\Temp\TrackIR.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 05:24

==================== End Of Log ============================






ADDITIONAL.TXT


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by lenovo at 2014-12-30 09:46:10
Running from C:\Users\lenovo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Total War - Rome II" (HKLM-x32\...\{D038303C-02D7-4F1F-949E-8ABC0159A640}_is1) (Version: 1.11.0.10383 - )
µTorrent (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.15 - aerosoft)
Aerosoft's - Simcheck Airbus A300B4-200 (HKLM-x32\...\{40C5DFE3-3B86-4151-A225-C7B28ACEFEB7}) (Version: 2.01 - Aerosoft)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.5.1 - AivlaSoft GmbH)
Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version:  - )
Arma 3 Complete (HKLM-x32\...\QXJtYTM=_is1) (Version: 1 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
B200 King Air HD SERIES FSX/P3D (HKLM-x32\...\B200 King Air HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Banished v1.0.4 (HKLM\...\Banished v1.0.41.0.4) (Version: 1.0.4 - Friends in War)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
C337H SKYMASTER HD SERIES FSX (HKLM-x32\...\C337H SKYMASTER HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Carenado A36 Bonanza FSX (HKLM-x32\...\Carenado A36 Bonanza FSX) (Version: 1.00.00.00 - Carenado)
Carenado Baron 58 FSX (HKLM-x32\...\Carenado Baron 58 FSX) (Version: 1.00.00.00 - Carenado)
Carenado C U206G Stationair 6 II Full FSX (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Carenado C U206G Stationair 6 II Full FSX) (Version:  - )
Carenado C172N FSX (HKLM-x32\...\Carenado C172N FSX) (Version: 1.00.00.00 - Carenado)
Carenado C208B Grand Caravan (HKLM-x32\...\Carenado C208B Grand Caravan) (Version: 1.00.00.00 - Carenado)
Carenado C208B Super Cargomaster Expansion Pack HD (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Carenado C208B Super Cargomaster Expansion Pack HD) (Version:  - )
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado Commander 114 FSX (HKLM-x32\...\Carenado Commander 114 FSX) (Version: 1.00.00.00 - Carenado)
Carenado F33A Bonanza (HKLM-x32\...\Carenado F33A Bonanza) (Version: 1.00.00.00 - Carenado)
Carenado SR22T HD SERIES FSX/P3D (HKLM-x32\...\Carenado SR22T HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Carenado V35B Bonanza for FSX (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Carenado V35B Bonanza for FSX) (Version:  - )
Carenado's C SKYLANE II RG R182 (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Carenado's C SKYLANE II RG R182) (Version:  - )
Carenado's SKYLANE C182Q FSX (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Carenado's SKYLANE C182Q FSX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CE208EX HD SERIES FSX/P3D (HKLM-x32\...\CE208EX HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Company of Heroes 2 (HKLM-x32\...\Q29tcGFueW9mSGVyb2VzMg==_is1) (Version: 1 - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DCS A-10C (HKLM\...\DCS A-10C_is1) (Version: 1.1.0.6 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EMB500 Phenom 100 FSX/P3D (HKLM-x32\...\EMB500 Phenom 100 FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
EndItAll 2.0 (HKLM-x32\...\EndItAll_is1) (Version: 2.0 - Ziff Davis Media, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Euro Truck Simulator 2 v1.14.2.2s (18 DLC)(2014) (HKLM-x32\...\Euro Truck Simulator 2 v1.14.2.2s (18 DLC)(2014)1.14.2.2s) (Version: 1.14.2.2s - Friends in War)
Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta) (HKLM-x32\...\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)1.15.0.3s) (Version: 1.15.0.3s - Friends in War)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
FreeTrack v2.2.0.279 (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\FreeTrack v2.2.0.279) (Version:  - )
Frozen Synapse Prime (HKLM-x32\...\Frozen Synapse Prime_is1) (Version:  - )
FS Economy client for FSX (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\2dc89d59ad2a4151) (Version: 1.1.0.15 - www.fseconomy.net)
FsMovMapServer2 version 2.02 (HKLM-x32\...\{943B93E8-C6CC-427D-9098-92A3B62A8328}_is1) (Version: 2.02 - Rahsim)
Geeks3D FurMark 1.14.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
InstallShield Cabinet and Log File Viewer (HKLM-x32\...\InstallShield Cabinet and Log File Viewer_is1) (Version: 21.0.0.289 - Flexera Software)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Just Flight - Air Hauler (HKLM-x32\...\{EF11FC33-6C4D-4AF3-8ECB-5D1917E0AEC1}) (Version: 1.00.0000 - Just Flight Ltd)
JustFlight DC-3 Legends of Flight (HKLM-x32\...\JustFlight DC-3 Legends of Flight) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.21.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Max Payne 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Men of War: Assault Squad 2 (HKLM-x32\...\TWVub2ZXYXJBc3NhdWx0U3F1YWQy_is1) (Version: 1 - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X SDK (HKLM-x32\...\InstallShield_{33571E15-3EB4-4190-BA74-C6CA97288461}) (Version: 1.00.0000 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{4847BBB9-EADD-4C92-90BF-4223B0892FF6}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft1.7.4 (HKLM-x32\...\Minecraft1.7.4) (Version:  - )
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version:  - )
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.2 - Black Tree Gaming)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpusFSX for FSX and Prepar3D Flight Simulators (HKLM-x32\...\{7253F140-4A4B-4043-8986-1ABF2A60C96F}) (Version: 3.50.0 - Opus Software Limited)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PC12 FSX/P3D (HKLM-x32\...\PC12 FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.6.9 - PowerUp Software)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.00.5376 - PMDG Simulations, LLC.)
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Prepar3D v2 Professional Plus (HKLM-x32\...\{4335A9AB-9907-4B55-86C8-3D6D655B11FF}) (Version: 2.3.11345.0 - Lockheed Martin)
Prepar3D v2 Professional Plus Bundle (x32 Version: 2.3.11345.0 - Lockheed Martin) Hidden
Prototype™ (HKLM-x32\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
Prototype™ (x32 Version: 1.0 - Activision) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
REX 4 - Texture Direct - SP 1 - Hotfix 1 (HKLM-x32\...\{37032EB5-976B-49E4-BC50-262866A89BD3}) (Version: 4.1.2014.0128 - REX Game Studios, LLC.)
REX 4 - Texture Direct - SP 1 (HKLM-x32\...\{7610620C-AB71-4082-BE6D-B179779548A8}) (Version: 4.1.2014.0122 - REX Game Studios, LLC.)
REX 4 - Texture Direct - SP 2 (HKLM-x32\...\{E7A178A4-7F04-4BDE-90AD-C97AED984854}) (Version: 4.2.2014.0520 - REX Game Studios, LLC.)
REX 4 - Texture Direct - SP 3 (HKLM-x32\...\{DB0D6CE6-4F66-45DA-9F8F-9086AFB4A91A}) (Version: 4.3.2014.0812 - REX Game Studios, LLC.)
REX 4 - Texture Direct - Texture Update 1 (HKLM-x32\...\{B4DDC9F8-FB6C-4EBF-9CF7-68DD8B75D5F5}) (Version: 4.3.2014.0814 - REX Game Studios, LLC.)
REX 4 - Texture Direct - Texture Update 2 (HKLM-x32\...\{63C010AD-9B2A-4909-A31D-69AFF03F94D2}) (Version: 4.3.2014.1210 - REX Game Studios, LLC.)
REX 4 - Texture Direct (HKLM-x32\...\{CACCC25C-70B5-4FD1-AF01-10D11B87DED8}) (Version: 4.0.2013.1215 - REX Game Studios, LLC.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sim Physics X (HKLM-x32\...\{0F436EF6-0B7F-D0FC-7C06-F379753DD0FA}) (Version: 2.0.0.0 - FSPS)
SL-6640-SBK BLACK WIDOW Flightstick (HKLM-x32\...\SL-6640-SBK BLACK WIDOW Flightstick) (Version:  - )
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Spintires v27-10-14 (HKLM-x32\...\Spintires v27-10-1427-10-14) (Version: 27-10-14 - Friends in War)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SteveFX DX10 Scenery Fixer (HKLM-x32\...\DX10SceneryFixer) (Version:  - )
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
System Requirements Lab Detection (HKLM-x32\...\{724BB4F8-23AC-4B15-B396-C402F7CE0377}) (Version: 2.0.0.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
This War of Mine ver. 1.1.3 (HKLM-x32\...\{31324144-51SX-12KI-92J0-91DD6F2186AC}_is1) (Version: 1.1.3 - 11 bit studios)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UK2000 Manchester Xtreme %simname% Uninstall (HKLM-x32\...\UK2000 Manchester Xtreme %simname%) (Version:  - )
Ultimate Terrain X - Europe (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - USA (HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Ultimate Terrain X - USA) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vJoy Device Driver 0.2.0.3 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.3 - Shaul Eizikovich)
VJoy Virtual Joystick Driver 1.2 (HKLM-x32\...\VJoy Virtual Joystick Driver_is1) (Version:  - Headsoft)
Voice Activated Commands (HKLM-x32\...\{205EB53F-624D-41B0-8212-BAFB261201A9}) (Version: 3.2.0 - DiverseWare)
VoxATC X (HKLM-x32\...\{81AD3D64-7A51-4E0F-BAC2-D0E5DE4ABC3C}) (Version: 6.46 - Internal Workings)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Wings of Prey (HKLM-x32\...\Wings of Prey_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
X3 Albion Prelude version 3.0 (HKLM-x32\...\X3 Albion Prelude_is1) (Version: 3.0 - Deep Silver)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-12-2014 03:36:23 Installed DirectX
25-12-2014 16:15:35 Windows Update
28-12-2014 15:23:58 Installed REX 4 - Texture Direct - Texture Update 2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0121FCF9-5041-489F-BAEC-8A22A318A205} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-michaelmcculla@hotmail.co.uk => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {361A959D-6E6E-48D4-8B98-35BC86606D29} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-11-08] (CyberLink)
Task: {57166AA6-9888-413D-96D7-89BF7A167235} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {5969FB95-DCDE-4871-B025-FDAF4C9F65D5} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-09-10] (IObit)
Task: {8322675E-8E31-4AE0-97C6-56F024D0DF3D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {99B7B6E4-EBFE-4FE8-ABC9-7A34E5896AA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {9CD8201C-A315-408E-BD0C-167901BA417F} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {E8C7C6F6-EA9E-44C5-9795-B7F8A4088BDD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {ECC0B82C-A495-421C-8955-84103BA87A1F} - System32\Tasks\{A15B53E0-136B-4775-BF7B-0AAB74805EC5} => pcalua.exe -a H:\setup.exe -d H:\
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-11-28 17:43 - 2014-11-13 00:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-28 02:06 - 2014-11-12 21:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-23 10:31 - 2014-10-31 22:59 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-10-31 17:35 - 2014-10-31 17:35 - 03507200 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-31 17:35 - 2014-10-31 17:35 - 02688512 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-11-25 09:07 - 2014-11-25 09:08 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-01-25 07:09 - 2013-01-25 07:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 07:05 - 2013-01-25 07:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 07:12 - 2013-01-25 07:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-27 18:48 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-27 18:48 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-27 18:48 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-27 18:48 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-27 18:48 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-14 23:39 - 2014-06-04 14:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2013-09-14 19:54 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-09 09:55 - 2014-12-09 09:55 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-28 17:43 - 2014-11-13 00:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:74603393
AlternateDataStreams: C:\Users\lenovo\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "Energy Management"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Monitor"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "AodbeARMHelper.exe"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "shrpubw.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "PasswordOnWakeSettingFlyout.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "notepad.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "verifier.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "systeminfo.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "eventvwr.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\StartupFolder: => "schtasks.lnk"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "YgPack"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "Ehtion"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "Odics"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "Ycupheozartid"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "Odics Update"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "eventvwr"
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\StartupApproved\Run: => "Vyohola"

========================= Accounts: ==========================

Administrator (S-1-5-21-1445865960-1511351029-1830294975-500 - Administrator - Disabled)
Guest (S-1-5-21-1445865960-1511351029-1830294975-501 - Limited - Disabled)
lenovo (S-1-5-21-1445865960-1511351029-1830294975-1002 - Administrator - Enabled) => C:\Users\lenovo

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 03:13:45 PM) (Source: MsiInstaller) (EventID: 1023) (User: USER)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\lenovo\AppData\Local\Temp\MSIa7b6d.LOG.

Error: (12/28/2014 04:03:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c4c

Start Time: 01d02252793fbd50

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6d1442bd-8e46-11e4-bfae-2089849f336f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/28/2014 03:55:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d5c

Start Time: 01d0225172294804

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6699fedd-8e45-11e4-bfae-2089849f336f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/28/2014 02:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSeconomy.exe, version: 0.99.0.1, time stamp: 0x535c38d9
Faulting module name: FSeconomy.exe, version: 0.99.0.1, time stamp: 0x535c38d9
Exception code: 0xc0000409
Fault offset: 0x000043f0
Faulting process id: 0x1230
Faulting application start time: 0xFSeconomy.exe0
Faulting application path: FSeconomy.exe1
Faulting module path: FSeconomy.exe2
Report Id: FSeconomy.exe3
Faulting package full name: FSeconomy.exe4
Faulting package-relative application ID: FSeconomy.exe5

Error: (12/28/2014 01:52:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1144

Start Time: 01d0224027f52500

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1f2a1a5b-8e34-11e4-bfad-2089849f336f

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/27/2014 10:37:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e00

Start Time: 01d02224ea0a8cfc

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: dd96fc4d-8e18-11e4-bfad-a4db300e1682

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/27/2014 10:30:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.15.0.2, time stamp: 0x5481d685
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x5450559e
Exception code: 0xc0000022
Fault offset: 0x00000000000ec5a0
Faulting process id: 0xad8
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5

Error: (12/27/2014 10:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.15.0.2, time stamp: 0x5481d685
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x5450559e
Exception code: 0xc0000022
Fault offset: 0x00000000000ec5a0
Faulting process id: 0xa64
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5

Error: (12/27/2014 10:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.15.0.2, time stamp: 0x5481d685
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x5450559e
Exception code: 0xc0000022
Fault offset: 0x00000000000ec5a0
Faulting process id: 0x10c8
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5

Error: (12/27/2014 10:23:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 126c

Start Time: 01d0222302410c74

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: f5c56f6e-8e16-11e4-bfad-a4db300e1682

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (12/30/2014 09:39:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2014 09:37:50 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2014 09:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/28/2014 03:13:45 PM) (Source: MsiInstaller) (EventID: 1023) (User: USER)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625C:\Users\lenovo\AppData\Local\Temp\MSIa7b6d.LOG(NULL)(NULL)

Error: (12/28/2014 04:03:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689c4c01d02252793fbd504294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6d1442bd-8e46-11e4-bfae-2089849f336fmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/28/2014 03:55:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689d5c01d02251722948044294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6699fedd-8e45-11e4-bfae-2089849f336fmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/28/2014 02:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FSeconomy.exe0.99.0.1535c38d9FSeconomy.exe0.99.0.1535c38d9c0000409000043f0123001d022367837fd31C:\Users\lenovo\Desktop\FSeconomy.exeC:\Users\lenovo\Desktop\FSeconomy.exe366836e8-8e3c-11e4-bfad-2089849f336f

Error: (12/28/2014 01:52:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689114401d0224027f525004294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1f2a1a5b-8e34-11e4-bfad-2089849f336fmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/27/2014 10:37:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689e0001d02224ea0a8cfc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exedd96fc4d-8e18-11e4-bfad-a4db300e1682microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/27/2014 10:30:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.15.0.25481d685ntdll.dll6.3.9600.174155450559ec000002200000000000ec5a0ad801d02224b7f3fbbeC:\Games\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)\bin\win_x64\eurotrucks2.exeC:\WINDOWS\SYSTEM32\ntdll.dllf6ec20c7-8e17-11e4-bfad-a4db300e1682

Error: (12/27/2014 10:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.15.0.25481d685ntdll.dll6.3.9600.174155450559ec000002200000000000ec5a0a6401d0222485908e0eC:\Games\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)\bin\win_x64\eurotrucks2.exeC:\WINDOWS\SYSTEM32\ntdll.dllc445cf39-8e17-11e4-bfad-a4db300e1682

Error: (12/27/2014 10:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.15.0.25481d685ntdll.dll6.3.9600.174155450559ec000002200000000000ec5a010c801d02223f2aee142C:\Games\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)\bin\win_x64\eurotrucks2.exeC:\WINDOWS\SYSTEM32\ntdll.dll328859a2-8e17-11e4-bfad-a4db300e1682

Error: (12/27/2014 10:23:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689126c01d0222302410c744294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef5c56f6e-8e16-11e4-bfad-a4db300e1682microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2014-09-05 02:26:28.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\Hamdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-03 12:15:48.118
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\Hamdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-13 16:55:39.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-13 14:41:59.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-13 13:04:34.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-13 12:51:58.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-12 14:06:34.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-12 13:48:27.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-12 13:46:57.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-12 13:46:08.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3951.52 MB
Available physical RAM: 2147.39 MB
Total Pagefile: 7023.52 MB
Available Pagefile: 5160.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.8 GB) (Free:44.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:17.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A78B1783)

Partition: GPT Partition Type.

==================== End Of Log ============================



Awaiting further instruction.

 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 30 December 2014 - 03:31 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.55KB   3 downloads

 

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 30 December 2014 - 04:43 PM

Thankyou. I have carried out your instructions.


FIXLOG.TEXT is as follows

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by lenovo at 2014-12-30 21:13:38 Run:1
Running from C:\Users\lenovo\Desktop
Loaded Profile: lenovo (Available profiles: lenovo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-16] (BitTorrent Inc.)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Ehtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\lenovo\AppData\Local\YgPack\EPNHTE5A.DLL
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Odics] => regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\CNBP_270.DLL <===== ATTENTION
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Odics Update] => regsvr32.exe C:\Users\lenovo\AppData\Local\Odics\chrome.dll
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [Vyohola] => "C:\Users\lenovo\AppData\Roaming\Xiibohiq\ewelli.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
S3 MFE_RR; \??\C:\Users\lenovo\AppData\Local\Temp\mfe_rr.sys [X]
S3 vm331avs; \SystemRoot\System32\Drivers\vm331avs.sys [X]
2014-12-23 15:05 - 2014-12-23 16:19 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Alexfuba
2014-12-21 15:19 - 2014-12-21 15:53 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Opzeze
2014-12-21 15:01 - 2014-12-27 22:55 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Mevono
2014-12-09 23:37 - 2014-12-10 15:31 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Oniwexse
2014-12-07 20:34 - 2014-12-08 12:34 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Ydivix
2014-12-07 05:44 - 2014-12-07 05:44 - 00000000 ____D () C:\Users\lenovo\AppData\Local\SKIDROW
2014-12-06 23:29 - 2014-12-07 01:26 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Ofdaqe
2014-12-01 20:02 - 2014-12-27 22:53 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Goazixt
C:\Users\lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\lenovo\AppData\Local\Temp\sqlite3.dll
C:\Users\lenovo\AppData\Local\Temp\TrackIR.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:74603393
AlternateDataStreams: C:\Users\lenovo\SkyDrive:ms-properties
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Ehtion => value deleted successfully.
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Odics => value deleted successfully.
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Odics Update => value deleted successfully.
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Vyohola => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => Key deleted successfully.
MFE_RR => Service deleted successfully.
vm331avs => Service deleted successfully.
C:\Users\lenovo\AppData\Roaming\Alexfuba => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Opzeze => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Mevono => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Oniwexse => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Ydivix => Moved successfully.
C:\Users\lenovo\AppData\Local\SKIDROW => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Ofdaqe => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Goazixt => Moved successfully.
C:\Users\lenovo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\lenovo\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\lenovo\AppData\Local\Temp\TrackIR.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\WINDOWS\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\WINDOWS\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\WINDOWS\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\ProgramData\Temp => ":74603393" ADS removed successfully.
"C:\Users\lenovo\SkyDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 21:13:39 ====


I already had MBAM and had just completed a scan before I carried out your instructions so the new result was that no malware was found.  However the previous scan only 10 minutes before found some entries referring to z.bot.
I will post the previous scan result just below the most recent one for your viewing.


The recent result with no malware found is as follows

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/12/2014
Scan Time: 21:16:56
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.30.08
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lenovo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387630
Time Elapsed: 11 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


THE PREVIOUS SCAN WHERE MALWARE WAS FOUND JUST A SHORT TIME BEFORE THIS IS AS FOLLOWS


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/12/2014
Scan Time: 19:41:47
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.30.08
Rootkit Database: v2014.12.29.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lenovo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388450
Time Elapsed: 25 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 3
Spyware.Zbot.ED, HKU\S-1-5-21-1445865960-1511351029-1830294975-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}, "C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}.exe", Quarantined, [e8182d3c196368cea1f1747c13f1d828]
Spyware.Zbot.ED, HKU\S-1-5-21-1445865960-1511351029-1830294975-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}, "C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}.exe", Quarantined, [e8182d3c196368cea1f1747c13f1d828]
Trojan.Agent, HKU\S-1-5-21-1445865960-1511351029-1830294975-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe", Quarantined, [36ca462390ece6505f61fa73fe0526da]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Spyware.Zbot.ED, C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}\{B59AD6E5-D397-6AEE-4BE8-3AEFDE7ED6BF}.EXE, Delete-on-Reboot, [e8182d3c196368cea1f1747c13f1d828],
Trojan.Agent.ED, C:\Users\lenovo\AppData\Roaming\BtvStack.dll, Quarantined, [5da31e4b29531224c378847cb34fe719],
Trojan.Agent.ED, C:\Users\lenovo\AppData\Local\Temp\68D1.tmp, Quarantined, [da260465abd1a0962318e9177e84946c],

Physical Sectors: 0
(No malicious items detected)


(end)


Waiting for further instruction




 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 30 December 2014 - 05:45 PM

Please run FRST as you did the first time you ran it and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 30 December 2014 - 06:35 PM

Done.  FRST.txt as follows:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by lenovo (administrator) on USER on 30-12-2014 23:31:36
Running from C:\Users\lenovo\Desktop
Loaded Profile: lenovo (Available profiles: lenovo)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-06-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-04-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-04-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-29] (Electronic Arts)
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\MountPoints2: G - "G:\Setup.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk
ShortcutTarget: bthudtask.lnk -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe ()
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CertEnrollCtrl.lnk
ShortcutTarget: CertEnrollCtrl.lnk -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\CertEnrollCtrl.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wno0ky5l.default
FF Homepage: https://www.google.co.uk/?gfe_rd=cr&ei=h4yHVKbMKuWq8weI-4CYCg&gws_rd=ssl
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1445865960-1511351029-1830294975-1002: ubisoft.com/uplaypc -> C:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll (Ubisoft)
FF Extension: Adblock Plus - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\wno0ky5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-27] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-25] (Disc Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 vhidmini; C:\Windows\System32\drivers\vjoy.sys [45168 2014-04-21] (Shaul Eizikovich)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [45168 2014-04-21] (Shaul Eizikovich)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 23:31 - 2014-12-30 23:31 - 00018483 _____ () C:\Users\lenovo\Desktop\FRST.txt
2014-12-30 21:15 - 2014-12-30 21:16 - 00006317 _____ () C:\Users\lenovo\Desktop\POST IN FORUM.txt
2014-12-30 19:49 - 2014-12-30 19:49 - 00000000 ____D () C:\Users\lenovo\Desktop\New folder
2014-12-30 16:46 - 2014-12-30 18:39 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Local Store
2014-12-30 16:14 - 2014-12-30 20:11 - 00000000 ____D () C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}
2014-12-30 09:46 - 2014-12-30 09:46 - 00047690 _____ () C:\Users\lenovo\Desktop\Addition.txt
2014-12-30 09:43 - 2014-12-30 23:31 - 00000000 ____D () C:\FRST
2014-12-30 09:40 - 2014-12-30 10:52 - 00097557 _____ () C:\Users\lenovo\Desktop\bleepingcomputer.txt
2014-12-30 09:35 - 2014-12-30 09:37 - 00000000 ____D () C:\AdwCleaner
2014-12-30 09:33 - 2014-12-30 09:33 - 02123264 _____ (Farbar) C:\Users\lenovo\Desktop\FRST64.exe
2014-12-30 09:32 - 2014-12-30 09:32 - 02173952 _____ () C:\Users\lenovo\Desktop\AdwCleaner.exe
2014-12-29 15:58 - 2014-12-29 15:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\lenovo\Desktop\HijackThis.exe
2014-12-28 15:31 - 2014-12-28 15:31 - 00000908 _____ () C:\Users\Public\Desktop\UPDATED - REX Texture Direct Manual.lnk
2014-12-28 00:51 - 2014-12-28 01:45 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Xiibohiq
2014-12-27 23:39 - 2014-12-30 10:52 - 00000000 ____D () C:\Users\lenovo\Desktop\ksp mods needing update
2014-12-27 20:02 - 2014-12-27 20:06 - 00000276 _____ () C:\Users\lenovo\Desktop\avgrep.txt
2014-12-27 01:34 - 2014-12-27 01:34 - 00000044 _____ () C:\Users\lenovo\Desktop\fseco.ini
2014-12-26 00:08 - 2014-12-26 13:30 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Roeged
2014-12-25 23:08 - 2014-12-25 23:08 - 00001921 _____ () C:\Users\lenovo\Desktop\The Vanishing of Ethan Carter.lnk
2014-12-25 23:08 - 2014-12-25 23:08 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\The Vanishing of Ethan Carter
2014-12-25 16:15 - 2014-11-17 20:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-25 16:15 - 2014-11-17 20:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-25 16:15 - 2014-11-14 06:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-25 16:15 - 2014-11-14 06:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-25 16:15 - 2014-11-14 06:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-25 16:15 - 2014-11-14 06:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-25 16:15 - 2014-11-14 06:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-25 16:15 - 2014-11-14 04:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-25 14:55 - 2014-12-25 14:55 - 00000966 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-12-25 14:53 - 2014-12-25 14:53 - 00005174 _____ () C:\WINDOWS\DPINST.LOG
2014-12-25 14:53 - 2014-12-25 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-12-25 14:52 - 2014-12-25 14:53 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-12-25 14:52 - 2014-12-25 14:52 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-12-23 20:47 - 2010-03-08 10:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2014-12-20 13:59 - 2014-12-30 21:12 - 00000000 ____D () C:\Users\lenovo\Desktop\KSP 0.90 mods
2014-12-17 03:40 - 2014-12-17 03:40 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\11bitstudios
2014-12-17 03:11 - 2014-12-17 03:11 - 00001705 _____ () C:\Users\lenovo\Desktop\This War of Mine.lnk
2014-12-17 03:11 - 2014-12-17 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
2014-12-16 17:18 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-16 17:18 - 2014-11-22 10:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-16 17:18 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-14 18:01 - 2014-12-14 18:01 - 00000806 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-12-14 18:01 - 2014-12-14 18:01 - 00000798 _____ () C:\Users\lenovo\Desktop\Toribash.lnk
2014-12-13 19:34 - 2014-12-13 19:34 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.15.0.3s (19 DLC)(Public Beta)
2014-12-13 16:20 - 2014-12-13 16:20 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.14.2.2s (18 DLC)(2014)
2014-12-12 17:13 - 2014-12-12 17:13 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\SpinTires
2014-12-12 17:12 - 2014-12-12 17:12 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spintires v27-10-14
2014-12-12 00:02 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 00:02 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 15:33 - 2014-11-26 21:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-10 15:33 - 2014-11-26 21:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 15:28 - 2014-12-10 15:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 10:55 - 2014-12-10 10:56 - 00000000 ____D () C:\Users\lenovo\AppData\Local\NPE
2014-12-10 10:55 - 2014-12-10 10:56 - 00000000 ____D () C:\ProgramData\Norton
2014-12-10 09:56 - 2014-12-10 15:26 - 00000000 ____D () C:\d4fe597563fbbe5aedbb1e7017
2014-12-10 08:31 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 08:31 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 08:31 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 08:31 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 00:24 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 00:24 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 00:24 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 00:24 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 00:24 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 00:23 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 00:23 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 00:23 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 00:23 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 00:23 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 00:23 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 00:23 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 00:23 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 00:23 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 00:23 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 00:23 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 00:23 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 00:23 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 00:23 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 00:23 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 00:23 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 00:23 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 00:23 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 00:23 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 00:23 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 00:23 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 00:23 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 00:23 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 00:23 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 00:23 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 00:23 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 00:23 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 00:23 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 00:23 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 00:23 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 00:23 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 00:23 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 00:23 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 00:23 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 00:23 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 00:23 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 00:23 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 00:23 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 00:23 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 23:51 - 2014-12-24 01:46 - 00000000 ____D () C:\Users\lenovo\AppData\Local\AVG Web TuneUp
2014-12-09 23:51 - 2014-12-09 23:50 - 00052000 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-12-09 23:50 - 2014-12-09 23:51 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-09 23:50 - 2014-12-09 23:50 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-12-09 23:50 - 2014-12-09 23:50 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-06 15:55 - 2014-12-06 15:55 - 00001744 _____ () C:\Users\Public\Desktop\Frozen Synapse Prime.lnk
2014-12-06 15:55 - 2014-12-06 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Eleven
2014-12-06 12:13 - 2014-12-06 12:13 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 12:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-06 12:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-06 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-05 20:21 - 2014-12-06 13:54 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Cuarybt
2014-12-04 20:25 - 2014-12-04 20:25 - 00000683 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Men of War Assault Squad 2.lnk
2014-12-04 20:25 - 2014-12-04 20:25 - 00000671 _____ () C:\Users\Public\Desktop\Men of War Assault Squad 2.lnk
2014-12-03 18:00 - 2014-12-27 22:54 - 00000000 ____D () C:\Users\lenovo\Desktop\eurotruck mods
2014-12-02 21:43 - 2014-12-02 21:43 - 00000643 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Company of Heroes 2.lnk
2014-12-02 21:43 - 2014-12-02 21:43 - 00000631 _____ () C:\Users\Public\Desktop\Company of Heroes 2.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 23:03 - 2014-05-14 09:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2D00F0B-0531-42B6-B0FA-868CB0FB60FC}
2014-12-30 23:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-30 21:16 - 2014-11-14 06:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 20:26 - 2014-09-05 21:13 - 01722194 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-30 20:13 - 2014-04-01 22:33 - 00000000 __RDO () C:\Users\lenovo\SkyDrive
2014-12-30 20:12 - 2014-08-22 22:40 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-12-30 20:11 - 2014-09-28 02:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 20:11 - 2014-09-05 20:58 - 00083616 _____ () C:\WINDOWS\PFRO.log
2014-12-30 20:11 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-12-30 20:11 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 18:56 - 2014-03-25 19:11 - 00000000 ____D () C:\Users\lenovo\AppData\Local\CrashDumps
2014-12-30 13:55 - 2014-05-16 16:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-30 10:04 - 2014-03-24 20:15 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1445865960-1511351029-1830294975-1002
2014-12-30 09:39 - 2014-06-14 15:03 - 00119296 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2014-12-30 09:38 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-28 15:23 - 2014-09-25 11:04 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\GetRightToGo
2014-12-28 04:25 - 2014-09-05 17:12 - 00000000 ____D () C:\Users\lenovo\Documents\Flight Simulator X Files
2014-12-28 03:42 - 2013-11-14 07:17 - 00000000 ____D () C:\WINDOWS\SKB
2014-12-28 03:35 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\YgPack
2014-12-28 02:28 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Odics
2014-12-28 02:03 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-28 00:26 - 2014-03-25 18:41 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Nitro PDF
2014-12-27 22:58 - 2014-11-29 15:38 - 00000000 ____D () C:\Users\lenovo\Documents\Euro Truck Simulator 2
2014-12-27 22:28 - 2014-01-20 10:44 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Adobe
2014-12-27 22:25 - 2013-11-14 07:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 14:37 - 2014-10-25 14:56 - 00000000 ____D () C:\Users\lenovo\Desktop\ksp
2014-12-27 07:49 - 2014-06-27 18:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-27 02:05 - 2014-10-02 15:41 - 00012647 _____ () C:\Users\lenovo\Desktop\fsx.CFG
2014-12-25 23:53 - 2014-03-25 18:02 - 00000000 ____D () C:\Users\lenovo\Documents\My Games
2014-12-25 23:19 - 2014-11-13 19:43 - 00000341 _____ () C:\Users\lenovo\Desktop\Voice activated commands purchase.txt
2014-12-25 23:19 - 2014-09-08 14:32 - 00000000 ____D () C:\Users\lenovo\Desktop\FSX FRESH CFG (Highmemfix only)
2014-12-25 23:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-25 23:10 - 2014-03-24 15:27 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\uTorrent
2014-12-25 23:08 - 2014-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-12-25 22:58 - 2014-03-25 08:06 - 00000000 ____D () C:\Games
2014-12-25 20:07 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-25 16:16 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-25 16:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-25 14:54 - 2014-11-05 14:30 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Avg2015
2014-12-25 14:53 - 2013-09-14 20:23 - 00000000 ____D () C:\Program Files\DIFX
2014-12-25 14:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 16:19 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-12-21 16:30 - 2014-11-20 22:25 - 00000000 ____D () C:\2-click run
2014-12-21 16:24 - 2013-09-14 20:20 - 00000000 ____D () C:\Program Files (x86)\FreeRide Games
2014-12-21 15:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2014-12-20 22:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-12-18 16:36 - 2014-11-24 08:45 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\FrameworkUpdate
2014-12-18 15:53 - 2014-11-15 10:42 - 00000000 _____ () C:\ProgramData\@system.temp
2014-12-17 03:38 - 2014-09-05 16:55 - 00303360 _____ () C:\WINDOWS\DirectX.log
2014-12-16 17:18 - 2014-09-08 09:25 - 00002750 _____ () C:\WINDOWS\setupact.log
2014-12-13 22:10 - 2014-08-14 20:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 22:10 - 2014-08-14 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 19:35 - 2014-11-20 22:25 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-12-13 18:14 - 2014-08-14 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 00:12 - 2014-09-28 02:07 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-09-28 02:07 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-12 22:55 - 2014-11-28 19:07 - 00000000 ____D () C:\Users\lenovo\Desktop\new minecraft stuff
2014-12-12 22:16 - 2014-03-25 00:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-12 01:41 - 2014-08-20 16:17 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Adobe
2014-12-12 01:40 - 2014-03-25 00:01 - 00003644 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:15 - 2014-04-26 23:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-10 15:35 - 2014-11-15 10:42 - 00000416 ____H () C:\ProgramData\@system3.att
2014-12-10 15:28 - 2014-07-12 03:37 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 15:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-09 23:54 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-12-09 23:51 - 2014-07-29 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 23:15 - 2014-03-24 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-07 01:26 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Vss
2014-12-06 12:13 - 2014-11-14 06:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 12:13 - 2014-11-14 06:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 04:59 - 2014-08-10 21:01 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Wings of Prey
2014-11-30 14:49 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 21:29

==================== End Of Log ============================



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 30 December 2014 - 08:32 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.82KB   2 downloads

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 31 December 2014 - 09:24 AM

I have a problem posting my reply.  I have the results of all logs etc saved to a text document ready to post here, but within the scan results there is a lot of entries that contain a B in brackets. It seems like the forum is reading these as smileys and so will not let me post the report as it says there are too many emoticons in my post.


Problem sorted. I disabled emoticons. Please see next post .


Edited by MentalMiggy, 31 December 2014 - 09:27 AM.


#10 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 31 December 2014 - 09:26 AM

Please find below the contents of the fixlog.txt file


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by lenovo at 2014-12-31 07:52:03 Run:2
Running from C:\Users\lenovo\Desktop
Loaded Profile: lenovo (Available profiles: lenovo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk
ShortcutTarget: bthudtask.lnk -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe ()
2014-12-30 16:14 - 2014-12-30 20:11 - 00000000 ____D () C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf}
2014-12-26 00:08 - 2014-12-26 13:30 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Roeged
2014-12-05 20:21 - 2014-12-06 13:54 - 00000000 ____D () C:\Users\lenovo\AppData\Roaming\Cuarybt
2014-12-28 03:42 - 2013-11-14 07:17 - 00000000 ____D () C:\WINDOWS\SKB
2014-12-28 03:35 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\YgPack
2014-12-28 02:28 - 2014-10-31 19:07 - 00000000 ____D () C:\Users\lenovo\AppData\Local\Odics
emptytemp:

*****************

HKU\S-1-5-21-1445865960-1511351029-1830294975-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothS => value deleted successfully.
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe => Moved successfully.
C:\Users\lenovo\AppData\Local\{b59ad6e5-d397-6aee-4be8-3aefde7ed6bf} => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Roeged => Moved successfully.
C:\Users\lenovo\AppData\Roaming\Cuarybt => Moved successfully.
C:\WINDOWS\SKB => Moved successfully.
C:\Users\lenovo\AppData\Local\YgPack => Moved successfully.
C:\Users\lenovo\AppData\Local\Odics => Moved successfully.
EmptyTemp: => Removed 397.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:54:47 ====


After this I installed and ran a full scan of Emsisoft Emergency kit

568 Items were detected.  I clicked on quarantine all files. it needed a restart to finish the process.  After restart I fetched the log which is as follows

 

 

SCAN LOG

Emsisoft Emergency Kit - Version 9.0
Last update: 31/12/2014 08:16:55
User account: USER\lenovo

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    31/12/2014 08:18:35
C:\Users\lenovo\AppData\Roaming\getrighttogo     detected: Application.AppInstall (A)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\CNBLR4.DLL     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\CNBP_270.DLL     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\jpiexp.dll     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\ASMtopt216I.dll     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\bldlipsbr.dll     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\CNBJOP5F.DLL     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\CNBLR4.DLL     detected: Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\EP0ICB1.DLL     detected: Gen:Variant.Symmi.46872 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\Virtaudio.dll     detected: Gen:Variant.Kazy.519690 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\xbgnypdb.dll     detected: Gen:Variant.Symmi.46872 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe.xBAD     detected: Trojan.Generic.12316611 (B)
C:\Games\Men of War Assault Squad 2\mowas_2.exe     detected: Trojan.Generic.12343999 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\1037d4f96f0d4f9b67eedf2ef6662dfa     detected: Gen:Trojan.Heur.@x0@Xwzdc3fi (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\14e39552e9b0653e823432b53ac10d77     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\2c428c156d2c9fa073179ff98bee388a     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\61a00353e367f95f0ff94c4d4162626a     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\695604abf243327f76114f2ac83ac3bf     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\b65e7a3723993e33696cb5c96e872dea     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0078f3b7e0e73b8a7a180c60a76e26d9\TwonkyMedia Server.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\01369bc30acebd0afdaf99b68a6fc9c6\Guitar Rig.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0160f25e0cf564eb38663a0a76a9d941\Adobe Photoshop.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0222218a851fe0d546ad534e218c1e0f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\028c595b3be25697b2c42fede86b8a54\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\02d52a5b8f0336a1fb09ea6bc80f79c3\eBoostr.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\03589c5c4b9ae83b376b5ea433e650a6\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\03f1d98b307459a19c53c39e4ce8e1da\Kaspersky Internet Security.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0469a235d951f72cbdb6a1366d9b6cd4\ZIP Password Recovery Magic.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0679f380925410fd31ce236a8771829e\Power MP3 Cutter Joiner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0942defa74b6f39ad7d80bca9be0af72\DomusCad.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a33a07ebbd57ff8d25d69f5f37a7c6d\Cypheros TS-Doctor.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a4cc81f4ea34e772ee9259f772d0557\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a7755a9973eb9dc9c01fd7e38418998\BPM-Studio Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0aa541e4f3deffc9a3fba93b2b209f5f\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0c52fe9676db8a71381460d3b6171d95\Sothink Movie DVD Maker.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0e239e8e6e1b0196eeab70fa7e33e78b\File Scavenger.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fcace0275263471bdce11f5cfdfa809\Artlantis Studio.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fd74b87fb30755069af63e3c0febabe\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fde8e6983bbc7f2cb610e0aebf87a0f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\11384f18df142eafcee58d064a356462\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1196bc5bed482435d35f3d8115ff31de\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\11d21e0930311c36771754765a8dc451\Hot CPU Tester Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\120023f0ce595775750915072232627e\Photo Stamp Remover Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1278956352ff079a7be3072c8c4d3077\DAVID-Laserscanner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1336ebf8cb8032a7a4d2965a63d87279\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\136e155be20683c444c942b2c821dc05\iExplorer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\145536bb443eb81cc2b85c1ec4c8db10\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14bb9af42ad105fd7883b5f6e24432e9\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14d4ea41aefc991ee2390e6c972bbe63\WorldUnlock Codes Calculator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14f8a7c9ff6b7b436385d72aeae02f1f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\153367c83728dfb613eb2e39f61cf3d9\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\153445bd93efabd0bf06ff6078ea433c\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15435bd981dc354022b1faaa96c7394d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15449da89fb4f7b4f57b71960ee4673f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\155af9dc8db1bf83310ba684f9e22754\Nero 8.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15779fd1c6b9bc0d4d7d95f3281225a4\Word Password Recovery Master.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15929e2f88e7f5242c728ccf28bdc7ff\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\165f537fca89029a06d0e5aafebd91df\Nero 9 Free.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\16eac11a6fc6df73e55225105bc6045f\PPT To Video Scout.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1719c43ff3153dbadedc9de950c1d9ab\AV Voice Changer Software.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\171d9c28b1a5e8a23d53d79280d2ad28\MP3 Karaoke.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\171e9223068ed3fb4ccf4a8bec2b474d\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\175c5a7e5fc7356fabd3b1b33417a42f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\185bc7683a1e6bad3729308517d39dee\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18665cad2b98c12e2ea41363974d72e2\DriverAgent.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18e1cd83034c18bc475346c7d1120010\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1a2bed964a62f58b2894d465aa2ec2c6\Catalog Creator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1b6f9bce936635ef0d465f23151372f6\Connection Meter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c08f21ed97dc0a434d8158c73677324\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c2d0fb0f666aed965a87a91d9dee2d3\Circuit Wizard Professional Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c4a76e4fc5db1d05ffa5d5cd03f96d3\NCH Tone Generator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1cae5e22f0f7d8499e0acfd30578f1f7\Tweet Adder.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ce4711eed04c93bdd7ed7a680ab291b\Sendblaster Free Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ce4a366448c061d2e10ab251f280d8b\G DATA InternetSecurity 2014.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1d60be992340b1aeb466f49aa086e152\Web Pictures Downloader.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1db427cc5f25fedcf3d58f46e97c5773\MobiMB Mobile Media Browser.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1dc5ea1ba29ff2b7e22158566d65962d\Google Earth.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1e19be790ab7e17b185c98c633c1f8cc\Intelliscore Ensemble MP3 to MIDI Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ed848ef51fe6115485222bc770760e0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1f3378130858cbf31317c4af610f2601\ASAP Utilities.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1f6e1fa7ed133ca250c3e2681b2ae787\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\207b82ef6b733b685933e15ba0b62c82\PC Doc Pro (formerly PC Doctor Pro).exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\20a6c3e5ea325d9820ade27f358f9f7b\Magic Bullet Looks.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\221acc24042ca1210daa1a9add486906\Pianoteq.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2286550edcbee944cab93ce3c665ceff\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\22b74ef5cc470ea8cd2d3bf19794f171\HDD Recovery Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\22fa5a7a5604a773fcccd17d8ccd4c51\Replay Music.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\24be19f69bf157aa7f6290b83926a8ac\Adobe Acrobat Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\25d1f274f1da4004c0481d37dce0fcc9\ICU2.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2622776de895dbd04a0baff4c32ce4aa\Rar Password Recovery Key.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\267232990aacdbfc4cb633abed4c3020\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\26fd53fe97fab33cb047b8d7c552223d\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2730f6267608f1f3802b755ace278e56\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\274caf0764ea036116866086744ad3c3\Windows Thin PC.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\283e8ea54dbd90f3a8c36e6b50b03a6b\FontLab Studio.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\28af07645d5877f44804475b16f1321a\Advanced IM Password Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\290e08788ede27ed654a26ece7d672fd\Portable FastStone Capture.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\293aabba5c5832d68e0ff40a331f1ea1\WebZIP.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a32e69fdc521d19b61273945aeef7ed\Picture Collage Maker Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a3d99267335445d82d314863bdf79a0\Stellar Phoenix Windows Data Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a941b4540175f2832d1d3c1a9854f8b\SetFSB.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2b44870d387875f531d81baa3d5e9707\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2bd31fa49a6b7fb9687273f04ae89f72\Bandwidth Controller Standard.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2bd4c28725f8344a45dbd43db2f12379\Spectrum Analyzer pro Live.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2c27d3f9ee3f1ac0bbd13f09605d8c83\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2c496010f20452070d6b1db6626673f5\DiskPatch.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2d8d79eb559da53279068cf92330f75b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2dba1c2392297ec9a0be428179193eda\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2df2a1b15b9512293928598c5845bf3b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e01ce25e1db3d1b4c304861bb39cfb7\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e95f6482ddfca16981b9e02da637d0c\Norton Internet Security.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e96bfbd529ae91b915bcca04bb59863\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2eb6f0cdaccad7b5bc3c0b8eee9ebec4\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f47b36da17ce60612324265a50f6017\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f7385deb258cb5237e359f972598e29\Paragon HFS+.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f8c75cf0f37c080e168fb0779476aad\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2feb303ec9676494b3cbc8464b0aaa75\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\303f547e4d3583f6a66e3123cf1d7d93\Photo Slideshow Maker Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\304ec5a802b5584d54972cc82ecf8403\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\326601d189060fe4af73b04833a07cd1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\32c7c4617c2f124442f4d9e634ce0b39\SmartDraw.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\330162ce91f637fcd6c43fd5ae48b04c\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\33c9680c37b2068c1c2150df9770e610\Driver Updater Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\33ce042b390eb7f4d335b93012d05c74\Microsoft SQL Server.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\34351923f39a53c6960fb0c94751bf89\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\35643cbf4a29429c5619c90d4e56007a\Applian FLV Player.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\356da380d4e98865a3fe75d11f736a76\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3586ad2a5380c39305cb2bfe40b8f871\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3659bb0412b6010358880e6f5bb279f4\Prezi Desktop.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3670f168e3091798985fea61bd32b8b9\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\38cf5f219c7f1d78ed214d039a685aff\PDF Password Cracker Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3a54d2812af97e14fadb36841df40e1c\Macro Wizard Keyboard Mouse Recorder.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3a7f10933d9887d945c0591195583d35\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3ab2a89c16077865bb03c2f45749cd32\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3b3bd645e6c5a9eb7eef38a778626455\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3d2813e35744ce033639bd0287958d25\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3d7bf308cde4f38be0b3352b335d6169\MKV to AVI Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e425c22d9817056e9a7d6a6ec0c31e9\SAM Broadcaster PRO.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e4cab2324a96b21ec4a957e4b6a278d\CyberLink PowerProducer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e74d6adb24ae2a0ab7894e9780140cc\Dxtory.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4080beb1e66e40310239ad4336f9477b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4086fd5c008a4b7e73d0bdb916008e98\pdf2cad.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\41679be61ce9582cabd5ff4bf582082f\PDFIn PDF to DWG Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\42abcb194f80f4954c54d12f84e32439\BulletProof FTP Server.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\42f3f08df11089697704410799e57ddd\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\436b0220f750334051bfb306dc4cdbd9\Express Files.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\439f159faa76a5b124d61127850d4326\BootIt Bare Metal.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43b1ea53558172eca7e4237577d51994\Alcohol 120%.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43c88261e74fdfae7c237adf09f74a13\HD Tune Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43d583599074d462f3581b0a94f20e6c\Absolute Bosendorfer Piano VSTi.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\45c3a6f6bdb0531de792538fe38ee79b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\46935c9bf6884f15d84d2a4c7ce01e70\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\480060889daa7816e52625c15828b3e4\Cabri II Plus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\48ba2770e82493e414727eec70b9a43a\Excel Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\493a0f018bee9a9a82a2271aab344cdc\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\495fe2a4c4e9a2d3a66e6413075378a5\Scancat-Lite Plus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\49fce1f5ff8d7e23b9528c47fd4cb468\Ultrawave Guitar Multi Fx.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a0637bbfb784d4e96eb36cc0dcd86d2\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a401155971c5096478871d7508769b4\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a539c02f2b553240554eca7c61e29d2\ShadowProtect Desktop Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4d2de6f9eab75b6cbfc72917d48eeed1\Powerpoint-PPT to AVI-GIF Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4df035bb875f7fa0eaffef62ff372306\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4e384fe9828f5501a5cb63a9891cae6e\Reimage.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4e5c21b5436901d8bc0d84ed7f44dc36\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4ecab57ecb8db82ab1c44d1f9cc01cac\eXeScope.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4fb47afa680b2e956192a3ddb27d8a61\UltraEdit.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4fef65925b86b28075bf38befab3ac04\Software Remove Master.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5064543d7dd89fda6c03452b15bd6042\Security Monitor Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\50791b3cff8e50253a6d72fff4d8186a\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\50b5898ebe8c8a097e14bd89368a136f\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5125ddb51be1176bd33055c3d333d747\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\512bca199a1b57733baed2a50b3bea14\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5151ba30864070c052b3186f51d82708\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5185cc40d4441e5a1ae575e069ebc1a5\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\51c151ec56ac73bf84cb90fbba296647\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\520175f9d578a04e1eb598c530e58736\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5241a4719d627b23095e0de78498ba06\SureThing CD Labeler Deluxe.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\52bc8a0cad4335ecb6e514b88ce9b954\DVD CD Burner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\52dff1f52018c0de54e923964e0496bf\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5316d433b648c9f6934fa426d488f6e4\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\54106aa0a6cac65acc646ff2ac3890d3\Cabri 3D.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5522eb87020c0cdef925f213ca9b2b26\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\55a41d0dcdb2a1a6c3b8d0331a862613\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\55c72c3ddbcf5f48a0ef378fb4dbf456\Hamachi.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57571a2d683626775404f2776e27c0b1\FormatFactory.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57cf0558887e5d36bdc04bfe322ad15b\ZoneAlarm Pro Antivirus + Firewall.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57f25c95ab3bc96f320347fa8801b27b\Adobe SVG Viewer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5894f1253d4d1f6feaafef81a11ae507\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\58bb08d1926bfd685a03feb6604d01c2\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\58ecec502ab6baba40af8e088e2eff19\RealPlayer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\58f3537daa74b712d59ead842b875bad\Adobe Flash Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5960162c555f7323e52e17e5deb00ad6\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\59c8069af9601fbe724f834646cf185c\Xpadder.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\59cea58fcb6f64202f77675fa2e380f6\AML Registry Cleaner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\59f571d9e18e5430135736e49f56f976\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5a72532194922004cc6ce60e0dd3074f\AAMS Auto Audio Mastering System.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5a727afb32a9f8d131f1bfdf34c7dcde\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5ab09c048040c67ea23f3313e75729b6\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5aff2e5151272ddef41ef7fcfb39fe6c\ImTOO AVI to DVD Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5b5c65e23d55727f2a357c6c7f144fe8\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5c2aa172909a9ae5df6fb74aac3a131e\GrafEq.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5ceb0b953beb9a859ed9c56585a6fa35\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5cf1a1155f994b27fe3711979c5a3200\MestRe-C Lite.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5d09980c94758bc982c182354a08aa9d\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5d625d6a420eb5fe32ec31a0de52a1ba\CoreAVC.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e048ab56f598358e6c76b05302a5ebe\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e55e67480377e6913a4e81cafabc374\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e6f3814edacf0cfce32d52da5f3d8a6\CopyTrans Contacts.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\602b6da8d70ca56b7773c096e8ecca50\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\615d7ec7c647e9c6373ac1ccd2286b3d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\61762d505c4633bedfa5db743aaac537\Camera Control Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\61a9ceb5e7436e3edf6721df0706e809\Advanced Driver Updater.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\63045aa2f81fc8d279f5f6a367008509\Trojan Remover.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\636403999cd221b62414c950fe9f7b64\Radmin Remote Control.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\636fdb0a27404f2e0f4a98b4bf3979a9\OfficeFIX.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\63e69a07c30856b8f55190320aeb50c2\JPEG Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\640d18236249e95e66dee8414f338ee8\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6470b9434fc4a85422a120b71bee2ff0\Diskeeper Home Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6494dda7a6b62fbc73902ffb0bcf923e\KONTAKT 4.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\650aa9a7178976e111d76522b5ebfe21\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\658d83d196ed6732eb37cb3968a287b1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\65e2b9235f761936c6701ccd990fc55f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\672a6c6149d7790be0fc8dc69ef18dbc\Capture One.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\675a9bc7994974146f2ddd0fa7786960\PlayClaw.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\676237a88e9c56eea9d1fe06b1e69344\EZ Photo Calendar Creator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6788279a2f8d8d3c0e454bd397b61706\Oracle Data Access Components.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\67a66dfeffccf12b62801a51a8655e84\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6808012b37b7fc1a3e1f634172a0a4f9\Panda Internet Security.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6828fdffc6eb6ec6d4c4a8f0167efaed\Opal-Convert VCF to CSV to VCF (vCard).exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\693a45b28fb0b143e9d27262bdcf0cdf\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69859abf671c11839af83482057e8bcd\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69bc54704cd94ba918f21a9f48180c0f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69c06133e982b535868f1db8226387ec\Virtual Fashion Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69c55d23636083efc6c837de09936910\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6a1bc3d3141677ae139002c11d5f71ac\Microsoft Office.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6a9d9889d0056674faa99c466284f74a\Acronis True Image.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6ad3c3ca877874d808b8eaab921b8601\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b1ec46c9710696d097e233d48b07262\SRS HD Audio Lab (formerly SRS Audio Sandbox).exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b377d54b59dcce446d3fa3be71687f3\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b3ef7767c23fc4f9d67392f317a86e3\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b5a13ef79b168111b87f7b5a72f38a7\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b654890c858a492472c79412999ba8e\Photo Finish Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6c4ae2744ba2ff531092ede7537f9c0e\Trend Micro Titanium Internet Security.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6d0b27408d9e74e70ea978f31cf9acee\Stellar Phoenix Outlook PST Repair.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6d2a2499d4a9c131d7fea9856613f251\Aqua Data Studio.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6dc570c32271499434defaa72ceeecb1\DameWare Remote Support.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6eee281fa6e65ff88e8b7dfd6e078349\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6f0afe7c9542b2a814cec8651e5c60a3\DVD-lab PRO.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6fa8d5d30afa55e1a97f86e3a988bb36\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\713472a28be5c065f271c7731e1a7feb\ProxyCap.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\714dcf50c108be8e18b08b030c91f0b0\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\74d09466b1199082621e22a9b466f329\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\74ebd74f010e2305741959fe756f32cc\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\76b2e415e3ca919cbc23a4faec9599d9\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7898b76136b6dc39ffaee5fd484945d8\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\78c8e60be29d9984cafaea1ea89ac627\WinAmp Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\78ddf642a7ea3efe1d1ef03af2490824\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79368873bde492f808fd99fe42adbf4a\PDF Creator Plus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79427eadf7220fe6805bc0e54db620ed\Real Pic Simulator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79ab69945dd2243bba4d88cb4016992f\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79bb152274c5860884450f3ce32dddd5\EDWinXP.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7a99123fe11a6bd7b2e4bb5217c3e9ea\Unlocker.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7aad452b4e54fe228cbf1a46286963de\Advanced PDF Password Recovery Standard.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7ad05ecc559f2807f88007ad916cd380\3D World Map.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b52d0cc746fbeb63b1113921202a5cf\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b5470d8c9ffcf484ff3fbf33b537da9\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b9a9444ad4c7e899e090453193dabec\Jasc Animation Shop.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c0b2cd851d89352d47cea111bcdd696\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c93cd51997882fe109957f634ce9e33\Universal Viewer Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c9ace973b05ad386915e6b8b0185d8f\Game Fire.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7cae38858b6ecc44477795b685725a0d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7eb43733369e20d69e8047732bfde9b1\Wondershare PDF to Word Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f0692a109026a1442d7bacfbb68882a\Word Password Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f2da21eb05b46678b6992c86c7ad872\cFosSpeed.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f630854403537f4e8048191fe7d7975\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f691c124411bcf42c47521a5cb099d3\Kaspersky Anti-Virus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f86c315911cea98341b64f29b41f1bb\Total 3D Home And Landscape Design Suite.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7fbfc0aab7b73d7221de2cd06e75da61\EX0-100 - ITIL Foundation Certificate in IT Service Management Practice Exam Questions.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\802d52553bc292cc257a82492ba90c4f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\80ca542db4f40368c27c8b00b4ee9a61\DriverPack Solution Lite.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\80fa832d458edb7b6bde1321d38d7652\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8121bb898c1381151afeef5775156929\KMPlayer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\816fdb189028bbe405b02dbe584eef08\Windows Password Reset Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\81e0c0b231b69d6969481c382cae95b6\Lavasoft Registry Tuner 2011.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8287e7bcfbc6ebc9dedaa57d9f5bc4c3\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\82be74803be319097bd1cac7a66b26b8\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\82d30a88c2a1dbf5c0c01f9caa950613\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8343da516817d696ea396879c9e9003e\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83828c3a37062c904e44eaecd815eab5\ManageEngine NetFlow Analyzer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83c73d2117b4958acfdbc0596bcbf631\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83d7b41866e2dba4d36fcef86f5a1bb6\PDF Compress.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83e519510458b5aeba0e64b40aaa8932\FaceFilter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83fc227026d3952465bd858339a3dc09\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\849aa8fd386356b68812bfe622a2256b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\84ca4167179047caa58366630d037aaf\SolarWinds CatTools.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\859c5c505ba61be6cf9cf33a85cea672\Excel Password Recovery Master.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\869da1b1c7bb71f42c2afe9d012fa7db\Unlock Samsung @ Home.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\86aca679f6aad21cf878b692208773e5\DirectX Happy Uninstall.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\86fc620ab7678418be3864b5cec2b098\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8701a0390ec1665d107bdbf9671d726d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\870a7209e4e23e6c68e1f40103d8d92c\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8745021ae54ed2c6981c4848e9ace8cc\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88afe55b92becec1ad295c3f91b88051\Inspyder Web2Disk.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88c84dc30a6f6cd5747d80c1e0443402\Partition Bad Disk.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88df06b3e81a5dd27d7a6763f6261fa4\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88e795d1f1cfaa529dcf50c321065dba\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89b568f02d38c2a1f6dc0f2a01bb0d26\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89d167f01250e5503e25d3e10c41f36a\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89e8fcfa841e6ef3799f6545d640c898\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8af3fbc30d75d979c332fb16299e6da7\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8b08b396ecd9cdc4b9ef51640b77729d\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8bdcf08e19622696be8d8db2ec8332d0\Excel Password.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8c35a1ff9c17e58156664c0dfc3bdbeb\ComiPo!.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8c3d89105890699039c81fa353bc987c\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8d177e4e5678716aef26789cad30a865\Net Nanny.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8db3f439d76ddce19b4d676a105e7a63\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8e2f00fbd62e6f9068a1a408ca7934db\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8e77d24a73953c10e9749cc162a744ad\Crystal FLOW for C.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8fee91b38297b668d2965776a2753857\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\90c78baf45ed9d2ae20c1d2090fad8eb\Symantec Endpoint Protection.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\90c85d5435e69abe043a4c040fcef973\VerbAce-Pro Arabic-English.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9198c6d4454e20bd72c7ffda1a399bfe\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9345a8cca3fbf2956dbd34fb1ca11015\Adobe Presenter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9370fdc925387d4bbadc54ac75ffc615\Nero 7 Premium.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\945ab7ef28494f37cfe9ddc0df9176e3\Intelliremote.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\945f9467102f150a456fed6ccf2e228f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\964d27bade339b74a9a527e52a449d84\AV Video Karaoke Maker.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9816db8e865f4ad939e680c0ee96d97d\A-PDF Merger.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\98a917134bf0abbbbd9c8e9eddb28d57\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\996ec65f62eabfa0fcb8e3555f6aa601\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9989dbf2440eddfbb8954ae1f628441c\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\99cf3ba4c4cc43e3cc19cb397b51b1ec\Advanced Pdf to Word Converter Free.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9a3dfeeb8a7d0b60c3502a288a7f3ce1\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9aa4cc838b4eb08438d36dbdd7a93dc2\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9ab21167dbef315c833026bb4a1a8b25\OmniPeek.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b3c8aeab2536695e01d2200f1523143\GFI WebMonitor for ISA Server.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b53ee15b5806db273a2793868e67866\Artlantis Render.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b6f724b60339cac0dcd3b553fbd5d4e\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9cad99d73ede1920a7c0dfd11f85f2fe\AAA Logo.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9d4521c0aff6ae6b6f05d62840d035e9\Driver Genius Professional.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9db8b762e4acf2628c554b7ccd0a0afa\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9e04b97638631165387db6fb441a74ee\Easy Flyer Creator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f079b4c8853c4ca15e96793281e0570\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f3677ef3d3d23ec6894fff1e96c49f7\Multilizer PDF Translator.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f5ffc3dcba175b976034c2d292f3d68\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fb6bf6e93af1bd0798f75a8fa19d6cb\010 Editor.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fd5a536cba46c4e16ff56ccc3f8749f\Bingo! DVD Ripper II.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fde1e31e662ab5187013247d8b705da\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a063a655abad995e65eab342610eb016\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a13a4a355565fca2b9be06b0a372c750\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a1eb7cdc488f71cc015c3245ae1ef777\CleanMyPC Registry Cleaner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a3ad54614abffcf892aa2b6579191f21\Themida.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a49947f57b60659424b1c7b6070e604d\Ampeg SVX.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4acc54bd93eda5b8923b30a2eab40f5\TweakMASTER Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4ca0d353881fb39a348f274c5c55f6e\jetAudio.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4dc67137d51ae244e0658aa4a0323cf\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a53525d2ddda704b1e6e01286730af0c\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a55254e39e337ca440ecae31473bbf58\Microsoft Exchange Server.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a57ec6a0963672f42ea6c1c16f0ac852\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a5b5014df94ef20668878a9fda5da6c3\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a6a876a551dee6361ac6b6740319cf3d\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a91b7fce61d5f06eaabe7ec450a30c6a\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a944508bd9def1f3640bb35613977612\Excel Password Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9a9949f0d4a028322cb9e3dc622cdc2\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9b4b0d5164321cb08a899a2d9b849e1\CHM Editor.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa516ef3220ec8aab31c20c54523fb58\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa71a2bf08d86d3b493036261047c541\AVG Antivirus Free.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aaa4c0771033047e96cf5fcbcccad49b\Data Doctor Recovery - SIM Card.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aaefbe3008d4e6a2074faa511280b8ff\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ab5cdab2b07c7f37413a70fddb096c7c\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\abd10191fde59e3f275a0e11811345f7\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\abdfbb69ed2b8f7bae626c91f2bcec29\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ac352afcc608b2eb13cde40fc0f17812\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ac5ecdea0f141a385cb80b29af186642\UltraMixer Professional Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\accec315dfb781155cd87ceabfb5a181\DFX Audio Enhancer for DivX Player.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ada7bb80586738961bfe873977b8ecbd\Ozone RAM Optimizer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ae13a27ca4640bc66626d468f45c060d\ImTOO iPod Software Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ae2d8e3b5ad90b9f8f7367ccd0eab0f3\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\af2d4f39540b42474e36e322d465d1b4\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\af9dcf7836c58d150219bba95f7334df\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\afc1a94e7ef44a5f10cf9ea1fb982f27\AudioCatalyst.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\afefb24cf7d44b9a1f26c46cd8d278c2\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1112dbc4ab06cd706ff51a55ba5ddc1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b12aa6a9d9f78b194c8f8607c183a63a\F-Secure Antivirus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b179340e21d751efb028acdc822417d3\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1a815ccab345cdfcb717d7397fd394b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1da78fe9f7fa7c06a149b9963d2037b\Power CD+G Burner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b213abc7501484a9d2a778d585a99ce9\Accent OFFICE Password Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3b30bd50c0bacc5d164db0d57c03cb6\Adobe After Effects.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3bbe7257f863234e31b3bc5d9c51f71\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3f79b1db13455a3c13aa2235b0217ed\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3fdad181ba98befd120b159f70523b1\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b420f224dab1e069e75e2e67c8cf9d48\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b4c197c913f9f3645d35f5561cc7fba0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b4dd17a8e3bc7eb3f1bb2adcecc44358\GpsGate.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b57c77ecaf69f8395c90a6bb4915d90b\Total Commander POWER PACK.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b710c16489d1540436189d57f7facbc3\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b77fd271fcca19a7345e33221644974b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b81f56dd6bc7a9862bdfca5954507f17\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b881c0ed84408a08f1b630ecbe430b42\ReaConverter Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b9ba3d5a27ad723cbac8e891ebc4fea3\Shadow Security Scanner.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ba63b318097845601a4aaa38587c3d7c\DAEMON Tools Lite.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bae12af2d65ecc2739d6fcc17cb0148f\PlayOn.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\baef391f673e047f2ce39bcf50094121\BIOS Agent Plus.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bb95b7e1dc48d885ed774f6c976e59c1\Dg Foto Art Gold.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bc41279a2faca9234014f4e9a619c194\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bc506bae5da1369b12249ee3dc30f318\WinRAR.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bcefdf1f0674906f8f46b3cc9f792369\Backup4all Portable.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\be2554943d320d5f65eb56888d391bc8\Product Key Finder.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c0c3b69047687e69763355ca60a6c5f0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c0e4fe5050e178ce5b75b2387d3e1a5e\MAGIX Slideshow Maker.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c11a2b0e4f10f7241a17fdc51b50dbf4\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c1db2fda3fd8844a02dc96914674990b\Free MP3   WMA   OGG Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c359666aace9ece4a7f3245c894ddfae\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c48d33e89ee1e8e3f2beac45bb63cb29\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c5518ab98ae31d254987c44b951e3aa1\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c552dcc81ee1b1258cd21dcad10eeb4f\Norton 360.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c61c3fb0bc680594e9a059de7838350b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c6728b7bc5474e575a3eb60fae35fad9\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c88c040454faf9280fc5318a36cb7a8b\HyperSnap.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c8fa37a473375fee18aed0261dd9a388\Streets and Trips.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cb064977108dca0d4010eb611d579eb5\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cb7c90d587c9d4295855a5ca72a53ce2\Folder Icon Changer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ccb261b0be8780fe6faa6ca7169f6815\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd1efc332a1f98da5d411b4f043b9d0b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd3f8abf49e179e9c903746d7e77f342\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd8f70976e0a2c59b3822dc259835978\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cdd93e7556fd0d56bc83c6934ec9853a\Advanced ZIP Password Recovery.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ce8ae4ea16109f32dc9c3b5a2204ff96\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cec6c85a7bf9770323e16af12d5f97c7\Microsoft Access 2010.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cf761e2110d06be3d90401c43a0f1b48\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d001e8f6cc267614461d209406eb0061\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d078ab71f2e813ec2a31748d6949a4db\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d1574795eecac442986a62f3f599293d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d2ad123bf71e8952dd4140e9acbf18cc\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d39bbae4acf362b4bf4569e2d0e22937\PDF Unlocker.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d433373ba64368c47fdc8965936b1c15\IBM Lotus Notes.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d447908840bf527518af74efb430f333\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d6560c95aa468f99f7b74f160abda2c4\Windows XP Service Pack 3.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d672c7bfd78fbb179d86cafe49836650\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d72dd576e8b279d9026c5155b5bc849a\Readon TV Movie Radio Player.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d98630f02676adea5dd7ede9be7d48c1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\da28ba426c2e2971e6371dcf67819a45\RT Seven Lite.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\da88313466ec72362205bf58c8db8724\GetDataBack For FAT.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dafae4211539b26933ce811aa2c39bcd\MiniTool Partition Wizard Server Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db006918a9dd995dabd26cec1958907d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db2acca9defbebffd1e3c27c3e1c9895\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db2d809247bd82235b909f1b896a4240\1Click DVD Ripper.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db3e984ea5fd32e3b96f8e11dc8fc728\VMware Workstation.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dc0159ca1496213532fe2e1a4d280335\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dcc1a19168db8c623a5105599cdc0efa\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dd8643d86089ba60cd0cce1afcf3b21a\PDF To Image Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de3b762cae0a173b9b5879dd467e87ad\Resolume Avenue.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de9d9e5d8aaf4d562ba8050177df6f3a\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dee312c62457fe61887e9c02ae26a02f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df1027db7f71a7f809e53d3f66e7f953\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df393b12077a2dfd939b634e14420f76\A-FF Repair Station.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df7adb7a3ba423912d80c4a8c50002a4\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e1dabe08a2f28d250d0caef6488b4472\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e2065ba5beac62ea5339f9258dd8db9e\TrustPort Antivirus USB Edition.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e329aadffb093f88647031080a7c3190\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e51d88ba47ee0390a14fb6aee71f2a79\Partition Magic.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e551267818dbfd84c0072d1880bca5a3\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e66d510539bf89e91574f5be718accf4\Womens Advanced Calendar (formerly Advanced Woman Calendar).exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e69422ee89283acc63b4bcab5e60935f\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e6d6952a666f977ad46199fbdf21591e\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e7cab7129510b045fa319443d079a1d1\Driver Detective.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e7e7750883aa210ed4ba3292d8d7b363\SPAMfighter Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e83208166418a62288296ef74d6afb83\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e87232558e406b3f4fa55d303760b4e4\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e959c0f7a27fe041ef6dfe10784751c6\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e994fd39697acf0fae065238a1e92274\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e9ab9c731ebfc23ad581400fcd2e2d9f\PdfGrabber.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e9edbd281d0928e8d347db91b4d89592\DVDFab Video Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ea3de4407d6a3229ec37e3e04447f1db\eCopy Desktop.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\eb3290590755e4037a19d0243e72857b\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ebc276c812bfc783a390a168d748a484\Action Script Viewer.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ece0047c01cb19e1ad0b4209ecdb89a6\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ed172e4c29152d314be41b4c1022cf86\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ed1e549321726c2b2fb1b4c6278543a0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ef17d12b18188580801067fada4ea15b\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\efb98e99eedf98634aa58e0d9270816e\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\efc8a1a197675822ef3b8e65ac9df8c2\Silver Efex Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f0446072300ac100cc192f078ca80da4\Wondershare Streaming Audio Recorder.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f0595379ee6c59530ea833f7df452a22\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f1f39349ef174c5aa6118d7247266c26\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f24fc98205a630c3a9afff786b6e0584\1st Clone DVD.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f27b3bb2518d72c68d1fdc30edf0b4dd\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f2a1cbf2a2362efa2ef657332b901ab0\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f469c7f634d9b711aae46bc812d4f98f\Changer XP.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f49ac0ae1f9ab235cbf27c547229860a\SharePod.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f5e27f7b359432ec2a89beca9f53872f\MS Word To Excel Converter Software.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f67053f260071632df0c442f28dc3436\W32DASM.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f7821fded8f7198f85bd361b7685e8bb\MorphVOX Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f89f38df9e5a78e1947d77711cffe266\Trapcode 3D Stroke.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f8dbf687e3ffa7686625b299fbd73dd6\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f95984828746c96ec6d7bd2660eaa37a\IDA (formerly IDA PRO).exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\faa89fdd2f7e031eaf52a3a663d8f740\Logo Design Studio.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fae7aeadc5811fe3b90095c0e7130df1\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\faf227bf8508f7643d5eee8cfe2aeeae\Slide Effect.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fb0fff014dae76adbde07dd78235047a\AutoCAD Map 3D.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fbb485db60e14fe3dd079bbaa10b3d3d\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fc46e798ec612a57813e59c9963cf1cc\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd22510f9a37343b2f4c99d368f99925\RegClean Pro.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd4028e5d8d5ea279214abc26e9a4f21\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fda5fe3989b4c808826e35305bc5a733\Color7 Video Converter.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fde0d3dcfb45452953efb68f5815a90f\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fe6763742eee7966fdaccb868fe3db7f\Windows XP Embedded with SP2.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ff4eeddf568e864ba7850ca644b89515\OneManBand.exe     detected: Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll     detected: Trojan.Generic.12204908 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3D27.exe     detected: Trojan.GenericKD.2058516 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8205.exe     detected: Gen:Variant.Kazy.526110 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9093.exe     detected: Gen:Variant.Kazy.524542 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA328.exe     detected: Gen:Variant.Kazy.494764 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB789.exe     detected: Trojan.GenericKD.2053653 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC47.exe     detected: Gen:Variant.Kazy.526802 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDE64.exe     detected: Gen:Variant.Kazy.491318 (B)
C:\Users\lenovo\Desktop\FSX FILES\Steves DX10 Scenery fixer\SteveFX - DX10 Scenery Fixer - KeyGen.exe     detected: Trojan.Generic.11882845 (B)
C:\Users\lenovo\Desktop\FSX FILES\Steves DX10 Scenery fixer\SteveFX DX10 Scenery Fixer V2.3.rar -> SteveFX - DX10 Scenery Fixer - KeyGen.exe     detected: Trojan.Generic.11882845 (B)
C:\Users\lenovo\Desktop\KSP 0.90 mods\REX4_SETUP.exe     detected: Trojan.Generic.12373106 (B)
C:\Users\lenovo\Downloads\DCS.ENG\dcs_keygen.rar -> keygen.exe     detected: Gen:Trojan.Heur.FU.tu0@ayA9jLii (B)
C:\Users\lenovo\Downloads\SteveFX DX10 Scenery Fixer V2.3.rar -> SteveFX - DX10 Scenery Fixer - KeyGen.exe     detected: Trojan.Generic.11882845 (B)

Scanned    760868
Found    568

Scan end:    31/12/2014 13:28:45
Scan time:    5:10:10

C:\Users\lenovo\Downloads\SteveFX DX10 Scenery Fixer V2.3.rar    Quarantined Trojan.Generic.11882845 (B)
C:\Users\lenovo\Downloads\DCS.ENG\dcs_keygen.rar    Quarantined Gen:Trojan.Heur.FU.tu0@ayA9jLii (B)
C:\Users\lenovo\Desktop\KSP 0.90 mods\REX4_SETUP.exe    Quarantined Trojan.Generic.12373106 (B)
C:\Users\lenovo\Desktop\FSX FILES\Steves DX10 Scenery fixer\SteveFX DX10 Scenery Fixer V2.3.rar    Quarantined Trojan.Generic.11882845 (B)
C:\Users\lenovo\Desktop\FSX FILES\Steves DX10 Scenery fixer\SteveFX - DX10 Scenery Fixer - KeyGen.exe    Quarantined Trojan.Generic.11882845 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDE64.exe    Quarantined Gen:Variant.Kazy.491318 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC47.exe    Quarantined Gen:Variant.Kazy.526802 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB789.exe    Quarantined Trojan.GenericKD.2053653 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA328.exe    Quarantined Gen:Variant.Kazy.494764 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9093.exe    Quarantined Gen:Variant.Kazy.524542 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8205.exe    Quarantined Gen:Variant.Kazy.526110 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3D27.exe    Quarantined Trojan.GenericKD.2058516 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ff4eeddf568e864ba7850ca644b89515\OneManBand.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fe6763742eee7966fdaccb868fe3db7f\Windows XP Embedded with SP2.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fde0d3dcfb45452953efb68f5815a90f\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fda5fe3989b4c808826e35305bc5a733\Color7 Video Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd4028e5d8d5ea279214abc26e9a4f21\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd22510f9a37343b2f4c99d368f99925\RegClean Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fc46e798ec612a57813e59c9963cf1cc\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fbb485db60e14fe3dd079bbaa10b3d3d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fb0fff014dae76adbde07dd78235047a\AutoCAD Map 3D.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\faf227bf8508f7643d5eee8cfe2aeeae\Slide Effect.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fae7aeadc5811fe3b90095c0e7130df1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\faa89fdd2f7e031eaf52a3a663d8f740\Logo Design Studio.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f95984828746c96ec6d7bd2660eaa37a\IDA (formerly IDA PRO).exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f8dbf687e3ffa7686625b299fbd73dd6\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f89f38df9e5a78e1947d77711cffe266\Trapcode 3D Stroke.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f7821fded8f7198f85bd361b7685e8bb\MorphVOX Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f67053f260071632df0c442f28dc3436\W32DASM.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f5e27f7b359432ec2a89beca9f53872f\MS Word To Excel Converter Software.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f49ac0ae1f9ab235cbf27c547229860a\SharePod.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f469c7f634d9b711aae46bc812d4f98f\Changer XP.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f2a1cbf2a2362efa2ef657332b901ab0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f27b3bb2518d72c68d1fdc30edf0b4dd\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f24fc98205a630c3a9afff786b6e0584\1st Clone DVD.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f1f39349ef174c5aa6118d7247266c26\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f0595379ee6c59530ea833f7df452a22\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f0446072300ac100cc192f078ca80da4\Wondershare Streaming Audio Recorder.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\efc8a1a197675822ef3b8e65ac9df8c2\Silver Efex Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\efb98e99eedf98634aa58e0d9270816e\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ef17d12b18188580801067fada4ea15b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ed1e549321726c2b2fb1b4c6278543a0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ed172e4c29152d314be41b4c1022cf86\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ece0047c01cb19e1ad0b4209ecdb89a6\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ebc276c812bfc783a390a168d748a484\Action Script Viewer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\eb3290590755e4037a19d0243e72857b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ea3de4407d6a3229ec37e3e04447f1db\eCopy Desktop.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e9edbd281d0928e8d347db91b4d89592\DVDFab Video Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e9ab9c731ebfc23ad581400fcd2e2d9f\PdfGrabber.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e994fd39697acf0fae065238a1e92274\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e959c0f7a27fe041ef6dfe10784751c6\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e87232558e406b3f4fa55d303760b4e4\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e83208166418a62288296ef74d6afb83\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e7e7750883aa210ed4ba3292d8d7b363\SPAMfighter Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e7cab7129510b045fa319443d079a1d1\Driver Detective.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e6d6952a666f977ad46199fbdf21591e\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e69422ee89283acc63b4bcab5e60935f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e66d510539bf89e91574f5be718accf4\Womens Advanced Calendar (formerly Advanced Woman Calendar).exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e551267818dbfd84c0072d1880bca5a3\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e51d88ba47ee0390a14fb6aee71f2a79\Partition Magic.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e329aadffb093f88647031080a7c3190\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e2065ba5beac62ea5339f9258dd8db9e\TrustPort Antivirus USB Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e1dabe08a2f28d250d0caef6488b4472\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df7adb7a3ba423912d80c4a8c50002a4\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df393b12077a2dfd939b634e14420f76\A-FF Repair Station.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df1027db7f71a7f809e53d3f66e7f953\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dee312c62457fe61887e9c02ae26a02f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de9d9e5d8aaf4d562ba8050177df6f3a\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\de3b762cae0a173b9b5879dd467e87ad\Resolume Avenue.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dd8643d86089ba60cd0cce1afcf3b21a\PDF To Image Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dcc1a19168db8c623a5105599cdc0efa\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dc0159ca1496213532fe2e1a4d280335\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db3e984ea5fd32e3b96f8e11dc8fc728\VMware Workstation.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db2d809247bd82235b909f1b896a4240\1Click DVD Ripper.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db2acca9defbebffd1e3c27c3e1c9895\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db006918a9dd995dabd26cec1958907d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\dafae4211539b26933ce811aa2c39bcd\MiniTool Partition Wizard Server Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\da88313466ec72362205bf58c8db8724\GetDataBack For FAT.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\da28ba426c2e2971e6371dcf67819a45\RT Seven Lite.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d98630f02676adea5dd7ede9be7d48c1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d72dd576e8b279d9026c5155b5bc849a\Readon TV Movie Radio Player.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d672c7bfd78fbb179d86cafe49836650\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d6560c95aa468f99f7b74f160abda2c4\Windows XP Service Pack 3.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d447908840bf527518af74efb430f333\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d433373ba64368c47fdc8965936b1c15\IBM Lotus Notes.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d39bbae4acf362b4bf4569e2d0e22937\PDF Unlocker.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d2ad123bf71e8952dd4140e9acbf18cc\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d1574795eecac442986a62f3f599293d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d078ab71f2e813ec2a31748d6949a4db\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d001e8f6cc267614461d209406eb0061\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cf761e2110d06be3d90401c43a0f1b48\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cec6c85a7bf9770323e16af12d5f97c7\Microsoft Access 2010.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ce8ae4ea16109f32dc9c3b5a2204ff96\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cdd93e7556fd0d56bc83c6934ec9853a\Advanced ZIP Password Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd8f70976e0a2c59b3822dc259835978\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd3f8abf49e179e9c903746d7e77f342\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cd1efc332a1f98da5d411b4f043b9d0b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ccb261b0be8780fe6faa6ca7169f6815\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cb7c90d587c9d4295855a5ca72a53ce2\Folder Icon Changer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\cb064977108dca0d4010eb611d579eb5\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c8fa37a473375fee18aed0261dd9a388\Streets and Trips.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c88c040454faf9280fc5318a36cb7a8b\HyperSnap.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c6728b7bc5474e575a3eb60fae35fad9\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c61c3fb0bc680594e9a059de7838350b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c552dcc81ee1b1258cd21dcad10eeb4f\Norton 360.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c5518ab98ae31d254987c44b951e3aa1\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c48d33e89ee1e8e3f2beac45bb63cb29\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c359666aace9ece4a7f3245c894ddfae\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c1db2fda3fd8844a02dc96914674990b\Free MP3   WMA   OGG Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c11a2b0e4f10f7241a17fdc51b50dbf4\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c0e4fe5050e178ce5b75b2387d3e1a5e\MAGIX Slideshow Maker.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c0c3b69047687e69763355ca60a6c5f0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\be2554943d320d5f65eb56888d391bc8\Product Key Finder.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bcefdf1f0674906f8f46b3cc9f792369\Backup4all Portable.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bc506bae5da1369b12249ee3dc30f318\WinRAR.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bc41279a2faca9234014f4e9a619c194\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bb95b7e1dc48d885ed774f6c976e59c1\Dg Foto Art Gold.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\baef391f673e047f2ce39bcf50094121\BIOS Agent Plus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\bae12af2d65ecc2739d6fcc17cb0148f\PlayOn.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ba63b318097845601a4aaa38587c3d7c\DAEMON Tools Lite.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b9ba3d5a27ad723cbac8e891ebc4fea3\Shadow Security Scanner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b881c0ed84408a08f1b630ecbe430b42\ReaConverter Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b81f56dd6bc7a9862bdfca5954507f17\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b77fd271fcca19a7345e33221644974b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b710c16489d1540436189d57f7facbc3\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b57c77ecaf69f8395c90a6bb4915d90b\Total Commander POWER PACK.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b4dd17a8e3bc7eb3f1bb2adcecc44358\GpsGate.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b4c197c913f9f3645d35f5561cc7fba0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b420f224dab1e069e75e2e67c8cf9d48\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3fdad181ba98befd120b159f70523b1\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3f79b1db13455a3c13aa2235b0217ed\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3bbe7257f863234e31b3bc5d9c51f71\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b3b30bd50c0bacc5d164db0d57c03cb6\Adobe After Effects.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b213abc7501484a9d2a778d585a99ce9\Accent OFFICE Password Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1da78fe9f7fa7c06a149b9963d2037b\Power CD+G Burner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1a815ccab345cdfcb717d7397fd394b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b179340e21d751efb028acdc822417d3\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b12aa6a9d9f78b194c8f8607c183a63a\F-Secure Antivirus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b1112dbc4ab06cd706ff51a55ba5ddc1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\afefb24cf7d44b9a1f26c46cd8d278c2\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\afc1a94e7ef44a5f10cf9ea1fb982f27\AudioCatalyst.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\af9dcf7836c58d150219bba95f7334df\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\af2d4f39540b42474e36e322d465d1b4\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ae2d8e3b5ad90b9f8f7367ccd0eab0f3\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ae13a27ca4640bc66626d468f45c060d\ImTOO iPod Software Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ada7bb80586738961bfe873977b8ecbd\Ozone RAM Optimizer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\accec315dfb781155cd87ceabfb5a181\DFX Audio Enhancer for DivX Player.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ac5ecdea0f141a385cb80b29af186642\UltraMixer Professional Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ac352afcc608b2eb13cde40fc0f17812\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\abdfbb69ed2b8f7bae626c91f2bcec29\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\abd10191fde59e3f275a0e11811345f7\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ab5cdab2b07c7f37413a70fddb096c7c\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aaefbe3008d4e6a2074faa511280b8ff\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aaa4c0771033047e96cf5fcbcccad49b\Data Doctor Recovery - SIM Card.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa71a2bf08d86d3b493036261047c541\AVG Antivirus Free.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\aa516ef3220ec8aab31c20c54523fb58\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9b4b0d5164321cb08a899a2d9b849e1\CHM Editor.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9a9949f0d4a028322cb9e3dc622cdc2\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a944508bd9def1f3640bb35613977612\Excel Password Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a91b7fce61d5f06eaabe7ec450a30c6a\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a6a876a551dee6361ac6b6740319cf3d\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a5b5014df94ef20668878a9fda5da6c3\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a57ec6a0963672f42ea6c1c16f0ac852\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a55254e39e337ca440ecae31473bbf58\Microsoft Exchange Server.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a53525d2ddda704b1e6e01286730af0c\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4dc67137d51ae244e0658aa4a0323cf\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4ca0d353881fb39a348f274c5c55f6e\jetAudio.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a4acc54bd93eda5b8923b30a2eab40f5\TweakMASTER Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a49947f57b60659424b1c7b6070e604d\Ampeg SVX.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a3ad54614abffcf892aa2b6579191f21\Themida.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a1eb7cdc488f71cc015c3245ae1ef777\CleanMyPC Registry Cleaner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a13a4a355565fca2b9be06b0a372c750\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a063a655abad995e65eab342610eb016\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fde1e31e662ab5187013247d8b705da\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fd5a536cba46c4e16ff56ccc3f8749f\Bingo! DVD Ripper II.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9fb6bf6e93af1bd0798f75a8fa19d6cb\010 Editor.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f5ffc3dcba175b976034c2d292f3d68\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f3677ef3d3d23ec6894fff1e96c49f7\Multilizer PDF Translator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9f079b4c8853c4ca15e96793281e0570\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9e04b97638631165387db6fb441a74ee\Easy Flyer Creator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9db8b762e4acf2628c554b7ccd0a0afa\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9d4521c0aff6ae6b6f05d62840d035e9\Driver Genius Professional.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9cad99d73ede1920a7c0dfd11f85f2fe\AAA Logo.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b6f724b60339cac0dcd3b553fbd5d4e\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b53ee15b5806db273a2793868e67866\Artlantis Render.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9b3c8aeab2536695e01d2200f1523143\GFI WebMonitor for ISA Server.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9ab21167dbef315c833026bb4a1a8b25\OmniPeek.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9aa4cc838b4eb08438d36dbdd7a93dc2\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9a3dfeeb8a7d0b60c3502a288a7f3ce1\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\99cf3ba4c4cc43e3cc19cb397b51b1ec\Advanced Pdf to Word Converter Free.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9989dbf2440eddfbb8954ae1f628441c\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\996ec65f62eabfa0fcb8e3555f6aa601\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\98a917134bf0abbbbd9c8e9eddb28d57\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9816db8e865f4ad939e680c0ee96d97d\A-PDF Merger.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\964d27bade339b74a9a527e52a449d84\AV Video Karaoke Maker.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\945f9467102f150a456fed6ccf2e228f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\945ab7ef28494f37cfe9ddc0df9176e3\Intelliremote.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9370fdc925387d4bbadc54ac75ffc615\Nero 7 Premium.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9345a8cca3fbf2956dbd34fb1ca11015\Adobe Presenter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\9198c6d4454e20bd72c7ffda1a399bfe\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\90c85d5435e69abe043a4c040fcef973\VerbAce-Pro Arabic-English.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\90c78baf45ed9d2ae20c1d2090fad8eb\Symantec Endpoint Protection.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8fee91b38297b668d2965776a2753857\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8e77d24a73953c10e9749cc162a744ad\Crystal FLOW for C.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8e2f00fbd62e6f9068a1a408ca7934db\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8db3f439d76ddce19b4d676a105e7a63\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8d177e4e5678716aef26789cad30a865\Net Nanny.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8c3d89105890699039c81fa353bc987c\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8c35a1ff9c17e58156664c0dfc3bdbeb\ComiPo!.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8bdcf08e19622696be8d8db2ec8332d0\Excel Password.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8b08b396ecd9cdc4b9ef51640b77729d\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8af3fbc30d75d979c332fb16299e6da7\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89e8fcfa841e6ef3799f6545d640c898\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89d167f01250e5503e25d3e10c41f36a\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\89b568f02d38c2a1f6dc0f2a01bb0d26\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88e795d1f1cfaa529dcf50c321065dba\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88df06b3e81a5dd27d7a6763f6261fa4\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88c84dc30a6f6cd5747d80c1e0443402\Partition Bad Disk.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\88afe55b92becec1ad295c3f91b88051\Inspyder Web2Disk.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8745021ae54ed2c6981c4848e9ace8cc\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\870a7209e4e23e6c68e1f40103d8d92c\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8701a0390ec1665d107bdbf9671d726d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\86fc620ab7678418be3864b5cec2b098\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\86aca679f6aad21cf878b692208773e5\DirectX Happy Uninstall.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\869da1b1c7bb71f42c2afe9d012fa7db\Unlock Samsung @ Home.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\859c5c505ba61be6cf9cf33a85cea672\Excel Password Recovery Master.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\84ca4167179047caa58366630d037aaf\SolarWinds CatTools.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\849aa8fd386356b68812bfe622a2256b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83fc227026d3952465bd858339a3dc09\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83e519510458b5aeba0e64b40aaa8932\FaceFilter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83d7b41866e2dba4d36fcef86f5a1bb6\PDF Compress.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83c73d2117b4958acfdbc0596bcbf631\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\83828c3a37062c904e44eaecd815eab5\ManageEngine NetFlow Analyzer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8343da516817d696ea396879c9e9003e\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\82d30a88c2a1dbf5c0c01f9caa950613\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\82be74803be319097bd1cac7a66b26b8\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8287e7bcfbc6ebc9dedaa57d9f5bc4c3\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\81e0c0b231b69d6969481c382cae95b6\Lavasoft Registry Tuner 2011.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\816fdb189028bbe405b02dbe584eef08\Windows Password Reset Professional.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\8121bb898c1381151afeef5775156929\KMPlayer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\80fa832d458edb7b6bde1321d38d7652\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\80ca542db4f40368c27c8b00b4ee9a61\DriverPack Solution Lite.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\802d52553bc292cc257a82492ba90c4f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7fbfc0aab7b73d7221de2cd06e75da61\EX0-100 - ITIL Foundation Certificate in IT Service Management Practice Exam Questions.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f86c315911cea98341b64f29b41f1bb\Total 3D Home And Landscape Design Suite.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f691c124411bcf42c47521a5cb099d3\Kaspersky Anti-Virus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f630854403537f4e8048191fe7d7975\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f2da21eb05b46678b6992c86c7ad872\cFosSpeed.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7f0692a109026a1442d7bacfbb68882a\Word Password Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7eb43733369e20d69e8047732bfde9b1\Wondershare PDF to Word Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7cae38858b6ecc44477795b685725a0d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c9ace973b05ad386915e6b8b0185d8f\Game Fire.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c93cd51997882fe109957f634ce9e33\Universal Viewer Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c0b2cd851d89352d47cea111bcdd696\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b9a9444ad4c7e899e090453193dabec\Jasc Animation Shop.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b5470d8c9ffcf484ff3fbf33b537da9\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7b52d0cc746fbeb63b1113921202a5cf\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7ad05ecc559f2807f88007ad916cd380\3D World Map.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7aad452b4e54fe228cbf1a46286963de\Advanced PDF Password Recovery Standard.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7a99123fe11a6bd7b2e4bb5217c3e9ea\Unlocker.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79bb152274c5860884450f3ce32dddd5\EDWinXP.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79ab69945dd2243bba4d88cb4016992f\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79427eadf7220fe6805bc0e54db620ed\Real Pic Simulator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\79368873bde492f808fd99fe42adbf4a\PDF Creator Plus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\78ddf642a7ea3efe1d1ef03af2490824\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\78c8e60be29d9984cafaea1ea89ac627\WinAmp Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7898b76136b6dc39ffaee5fd484945d8\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\76b2e415e3ca919cbc23a4faec9599d9\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\74ebd74f010e2305741959fe756f32cc\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\74d09466b1199082621e22a9b466f329\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\714dcf50c108be8e18b08b030c91f0b0\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\713472a28be5c065f271c7731e1a7feb\ProxyCap.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6fa8d5d30afa55e1a97f86e3a988bb36\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6f0afe7c9542b2a814cec8651e5c60a3\DVD-lab PRO.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6eee281fa6e65ff88e8b7dfd6e078349\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6dc570c32271499434defaa72ceeecb1\DameWare Remote Support.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6d2a2499d4a9c131d7fea9856613f251\Aqua Data Studio.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6d0b27408d9e74e70ea978f31cf9acee\Stellar Phoenix Outlook PST Repair.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6c4ae2744ba2ff531092ede7537f9c0e\Trend Micro Titanium Internet Security.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b654890c858a492472c79412999ba8e\Photo Finish Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b5a13ef79b168111b87f7b5a72f38a7\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b3ef7767c23fc4f9d67392f317a86e3\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b377d54b59dcce446d3fa3be71687f3\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6b1ec46c9710696d097e233d48b07262\SRS HD Audio Lab (formerly SRS Audio Sandbox).exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6ad3c3ca877874d808b8eaab921b8601\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6a9d9889d0056674faa99c466284f74a\Acronis True Image.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6a1bc3d3141677ae139002c11d5f71ac\Microsoft Office.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69c55d23636083efc6c837de09936910\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69c06133e982b535868f1db8226387ec\Virtual Fashion Professional.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69bc54704cd94ba918f21a9f48180c0f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\69859abf671c11839af83482057e8bcd\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\693a45b28fb0b143e9d27262bdcf0cdf\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6828fdffc6eb6ec6d4c4a8f0167efaed\Opal-Convert VCF to CSV to VCF (vCard).exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6808012b37b7fc1a3e1f634172a0a4f9\Panda Internet Security.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\67a66dfeffccf12b62801a51a8655e84\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6788279a2f8d8d3c0e454bd397b61706\Oracle Data Access Components.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\676237a88e9c56eea9d1fe06b1e69344\EZ Photo Calendar Creator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\675a9bc7994974146f2ddd0fa7786960\PlayClaw.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\672a6c6149d7790be0fc8dc69ef18dbc\Capture One.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\65e2b9235f761936c6701ccd990fc55f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\658d83d196ed6732eb37cb3968a287b1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\650aa9a7178976e111d76522b5ebfe21\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6494dda7a6b62fbc73902ffb0bcf923e\KONTAKT 4.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6470b9434fc4a85422a120b71bee2ff0\Diskeeper Home Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\640d18236249e95e66dee8414f338ee8\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\63e69a07c30856b8f55190320aeb50c2\JPEG Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\636fdb0a27404f2e0f4a98b4bf3979a9\OfficeFIX.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\636403999cd221b62414c950fe9f7b64\Radmin Remote Control.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\63045aa2f81fc8d279f5f6a367008509\Trojan Remover.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\61a9ceb5e7436e3edf6721df0706e809\Advanced Driver Updater.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\61762d505c4633bedfa5db743aaac537\Camera Control Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\615d7ec7c647e9c6373ac1ccd2286b3d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\602b6da8d70ca56b7773c096e8ecca50\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e6f3814edacf0cfce32d52da5f3d8a6\CopyTrans Contacts.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e55e67480377e6913a4e81cafabc374\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5e048ab56f598358e6c76b05302a5ebe\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5d625d6a420eb5fe32ec31a0de52a1ba\CoreAVC.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5d09980c94758bc982c182354a08aa9d\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5cf1a1155f994b27fe3711979c5a3200\MestRe-C Lite.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5ceb0b953beb9a859ed9c56585a6fa35\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5c2aa172909a9ae5df6fb74aac3a131e\GrafEq.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5b5c65e23d55727f2a357c6c7f144fe8\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5ab09c048040c67ea23f3313e75729b6\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5a727afb32a9f8d131f1bfdf34c7dcde\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\59f571d9e18e5430135736e49f56f976\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5960162c555f7323e52e17e5deb00ad6\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\58ecec502ab6baba40af8e088e2eff19\RealPlayer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\58bb08d1926bfd685a03feb6604d01c2\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5894f1253d4d1f6feaafef81a11ae507\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57f25c95ab3bc96f320347fa8801b27b\Adobe SVG Viewer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57cf0558887e5d36bdc04bfe322ad15b\ZoneAlarm Pro Antivirus + Firewall.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\57571a2d683626775404f2776e27c0b1\FormatFactory.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\55c72c3ddbcf5f48a0ef378fb4dbf456\Hamachi.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\55a41d0dcdb2a1a6c3b8d0331a862613\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5522eb87020c0cdef925f213ca9b2b26\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\54106aa0a6cac65acc646ff2ac3890d3\Cabri 3D.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5316d433b648c9f6934fa426d488f6e4\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\52dff1f52018c0de54e923964e0496bf\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\52bc8a0cad4335ecb6e514b88ce9b954\DVD CD Burner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5241a4719d627b23095e0de78498ba06\SureThing CD Labeler Deluxe.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\520175f9d578a04e1eb598c530e58736\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\51c151ec56ac73bf84cb90fbba296647\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5185cc40d4441e5a1ae575e069ebc1a5\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5151ba30864070c052b3186f51d82708\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\512bca199a1b57733baed2a50b3bea14\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5125ddb51be1176bd33055c3d333d747\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\50b5898ebe8c8a097e14bd89368a136f\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\50791b3cff8e50253a6d72fff4d8186a\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\5064543d7dd89fda6c03452b15bd6042\Security Monitor Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4fef65925b86b28075bf38befab3ac04\Software Remove Master.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4fb47afa680b2e956192a3ddb27d8a61\UltraEdit.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4ecab57ecb8db82ab1c44d1f9cc01cac\eXeScope.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4e5c21b5436901d8bc0d84ed7f44dc36\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4e384fe9828f5501a5cb63a9891cae6e\Reimage.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4df035bb875f7fa0eaffef62ff372306\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4d2de6f9eab75b6cbfc72917d48eeed1\Powerpoint-PPT to AVI-GIF Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a539c02f2b553240554eca7c61e29d2\ShadowProtect Desktop Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a401155971c5096478871d7508769b4\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4a0637bbfb784d4e96eb36cc0dcd86d2\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\49fce1f5ff8d7e23b9528c47fd4cb468\Ultrawave Guitar Multi Fx.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\495fe2a4c4e9a2d3a66e6413075378a5\Scancat-Lite Plus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\493a0f018bee9a9a82a2271aab344cdc\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\48ba2770e82493e414727eec70b9a43a\Excel Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\480060889daa7816e52625c15828b3e4\Cabri II Plus.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\46935c9bf6884f15d84d2a4c7ce01e70\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\45c3a6f6bdb0531de792538fe38ee79b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43d583599074d462f3581b0a94f20e6c\Absolute Bosendorfer Piano VSTi.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43c88261e74fdfae7c237adf09f74a13\HD Tune Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\43b1ea53558172eca7e4237577d51994\Alcohol 120%.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\439f159faa76a5b124d61127850d4326\BootIt Bare Metal.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\436b0220f750334051bfb306dc4cdbd9\Express Files.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\42f3f08df11089697704410799e57ddd\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\42abcb194f80f4954c54d12f84e32439\BulletProof FTP Server.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\41679be61ce9582cabd5ff4bf582082f\PDFIn PDF to DWG Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4086fd5c008a4b7e73d0bdb916008e98\pdf2cad.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\4080beb1e66e40310239ad4336f9477b\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e74d6adb24ae2a0ab7894e9780140cc\Dxtory.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e4cab2324a96b21ec4a957e4b6a278d\CyberLink PowerProducer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e425c22d9817056e9a7d6a6ec0c31e9\SAM Broadcaster PRO.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3d7bf308cde4f38be0b3352b335d6169\MKV to AVI Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3d2813e35744ce033639bd0287958d25\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3b3bd645e6c5a9eb7eef38a778626455\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3ab2a89c16077865bb03c2f45749cd32\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3a7f10933d9887d945c0591195583d35\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3a54d2812af97e14fadb36841df40e1c\Macro Wizard Keyboard Mouse Recorder.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\38cf5f219c7f1d78ed214d039a685aff\PDF Password Cracker Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3670f168e3091798985fea61bd32b8b9\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3659bb0412b6010358880e6f5bb279f4\Prezi Desktop.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\3586ad2a5380c39305cb2bfe40b8f871\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\356da380d4e98865a3fe75d11f736a76\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\35643cbf4a29429c5619c90d4e56007a\Applian FLV Player.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\34351923f39a53c6960fb0c94751bf89\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\33ce042b390eb7f4d335b93012d05c74\Microsoft SQL Server.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\33c9680c37b2068c1c2150df9770e610\Driver Updater Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\330162ce91f637fcd6c43fd5ae48b04c\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\32c7c4617c2f124442f4d9e634ce0b39\SmartDraw.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\326601d189060fe4af73b04833a07cd1\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\304ec5a802b5584d54972cc82ecf8403\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\303f547e4d3583f6a66e3123cf1d7d93\Photo Slideshow Maker Professional.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2feb303ec9676494b3cbc8464b0aaa75\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f8c75cf0f37c080e168fb0779476aad\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f7385deb258cb5237e359f972598e29\Paragon HFS+.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f47b36da17ce60612324265a50f6017\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2eb6f0cdaccad7b5bc3c0b8eee9ebec4\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e96bfbd529ae91b915bcca04bb59863\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e95f6482ddfca16981b9e02da637d0c\Norton Internet Security.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2e01ce25e1db3d1b4c304861bb39cfb7\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2df2a1b15b9512293928598c5845bf3b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2dba1c2392297ec9a0be428179193eda\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2d8d79eb559da53279068cf92330f75b\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2c496010f20452070d6b1db6626673f5\DiskPatch.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2c27d3f9ee3f1ac0bbd13f09605d8c83\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2bd4c28725f8344a45dbd43db2f12379\Spectrum Analyzer pro Live.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2bd31fa49a6b7fb9687273f04ae89f72\Bandwidth Controller Standard.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2b44870d387875f531d81baa3d5e9707\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a941b4540175f2832d1d3c1a9854f8b\SetFSB.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a3d99267335445d82d314863bdf79a0\Stellar Phoenix Windows Data Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2a32e69fdc521d19b61273945aeef7ed\Picture Collage Maker Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\293aabba5c5832d68e0ff40a331f1ea1\WebZIP.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\290e08788ede27ed654a26ece7d672fd\Portable FastStone Capture.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\28af07645d5877f44804475b16f1321a\Advanced IM Password Recovery.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\283e8ea54dbd90f3a8c36e6b50b03a6b\FontLab Studio.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\274caf0764ea036116866086744ad3c3\Windows Thin PC.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2730f6267608f1f3802b755ace278e56\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\26fd53fe97fab33cb047b8d7c552223d\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\267232990aacdbfc4cb633abed4c3020\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2622776de895dbd04a0baff4c32ce4aa\Rar Password Recovery Key.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\25d1f274f1da4004c0481d37dce0fcc9\ICU2.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\24be19f69bf157aa7f6290b83926a8ac\Adobe Acrobat Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\22fa5a7a5604a773fcccd17d8ccd4c51\Replay Music.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\22b74ef5cc470ea8cd2d3bf19794f171\HDD Recovery Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\2286550edcbee944cab93ce3c665ceff\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\221acc24042ca1210daa1a9add486906\Pianoteq.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\20a6c3e5ea325d9820ade27f358f9f7b\Magic Bullet Looks.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\207b82ef6b733b685933e15ba0b62c82\PC Doc Pro (formerly PC Doctor Pro).exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1f6e1fa7ed133ca250c3e2681b2ae787\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1f3378130858cbf31317c4af610f2601\ASAP Utilities.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ed848ef51fe6115485222bc770760e0\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1e19be790ab7e17b185c98c633c1f8cc\Intelliscore Ensemble MP3 to MIDI Converter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1dc5ea1ba29ff2b7e22158566d65962d\Google Earth.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1db427cc5f25fedcf3d58f46e97c5773\MobiMB Mobile Media Browser.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1d60be992340b1aeb466f49aa086e152\Web Pictures Downloader.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ce4a366448c061d2e10ab251f280d8b\G DATA InternetSecurity 2014.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1ce4711eed04c93bdd7ed7a680ab291b\Sendblaster Free Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1cae5e22f0f7d8499e0acfd30578f1f7\Tweet Adder.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c4a76e4fc5db1d05ffa5d5cd03f96d3\NCH Tone Generator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c2d0fb0f666aed965a87a91d9dee2d3\Circuit Wizard Professional Edition.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1c08f21ed97dc0a434d8158c73677324\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1b6f9bce936635ef0d465f23151372f6\Connection Meter.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1a2bed964a62f58b2894d465aa2ec2c6\Catalog Creator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18e1cd83034c18bc475346c7d1120010\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18665cad2b98c12e2ea41363974d72e2\DriverAgent.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\185bc7683a1e6bad3729308517d39dee\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\175c5a7e5fc7356fabd3b1b33417a42f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\171e9223068ed3fb4ccf4a8bec2b474d\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\171d9c28b1a5e8a23d53d79280d2ad28\MP3 Karaoke.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1719c43ff3153dbadedc9de950c1d9ab\AV Voice Changer Software.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\16eac11a6fc6df73e55225105bc6045f\PPT To Video Scout.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\165f537fca89029a06d0e5aafebd91df\Nero 9 Free.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15929e2f88e7f5242c728ccf28bdc7ff\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15779fd1c6b9bc0d4d7d95f3281225a4\Word Password Recovery Master.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\155af9dc8db1bf83310ba684f9e22754\Nero 8.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15449da89fb4f7b4f57b71960ee4673f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\15435bd981dc354022b1faaa96c7394d\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\153445bd93efabd0bf06ff6078ea433c\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\153367c83728dfb613eb2e39f61cf3d9\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14f8a7c9ff6b7b436385d72aeae02f1f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14d4ea41aefc991ee2390e6c972bbe63\WorldUnlock Codes Calculator.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\14bb9af42ad105fd7883b5f6e24432e9\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\145536bb443eb81cc2b85c1ec4c8db10\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\136e155be20683c444c942b2c821dc05\iExplorer.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1336ebf8cb8032a7a4d2965a63d87279\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1278956352ff079a7be3072c8c4d3077\DAVID-Laserscanner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\120023f0ce595775750915072232627e\Photo Stamp Remover Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\11d21e0930311c36771754765a8dc451\Hot CPU Tester Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\1196bc5bed482435d35f3d8115ff31de\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\11384f18df142eafcee58d064a356462\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fde8e6983bbc7f2cb610e0aebf87a0f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fd74b87fb30755069af63e3c0febabe\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0fcace0275263471bdce11f5cfdfa809\Artlantis Studio.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0e239e8e6e1b0196eeab70fa7e33e78b\File Scavenger.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0c52fe9676db8a71381460d3b6171d95\Sothink Movie DVD Maker.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0aa541e4f3deffc9a3fba93b2b209f5f\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a7755a9973eb9dc9c01fd7e38418998\BPM-Studio Pro.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a4cc81f4ea34e772ee9259f772d0557\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0a33a07ebbd57ff8d25d69f5f37a7c6d\Cypheros TS-Doctor.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0942defa74b6f39ad7d80bca9be0af72\DomusCad.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0679f380925410fd31ce236a8771829e\Power MP3 Cutter Joiner.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0469a235d951f72cbdb6a1366d9b6cd4\ZIP Password Recovery Magic.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\03f1d98b307459a19c53c39e4ce8e1da\Kaspersky Internet Security.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\03589c5c4b9ae83b376b5ea433e650a6\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\02d52a5b8f0336a1fb09ea6bc80f79c3\eBoostr.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\028c595b3be25697b2c42fede86b8a54\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0222218a851fe0d546ad534e218c1e0f\WMP x264 Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0160f25e0cf564eb38663a0a76a9d941\Adobe Photoshop.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\01369bc30acebd0afdaf99b68a6fc9c6\Guitar Rig.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0078f3b7e0e73b8a7a180c60a76e26d9\TwonkyMedia Server.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\Total Codec Pack.exe    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\b65e7a3723993e33696cb5c96e872dea    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\695604abf243327f76114f2ac83ac3bf    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\61a00353e367f95f0ff94c4d4162626a    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\2c428c156d2c9fa073179ff98bee388a    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\14e39552e9b0653e823432b53ac10d77    Quarantined Gen:Variant.Symmi.18126 (B)
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\1037d4f96f0d4f9b67eedf2ef6662dfa    Quarantined Gen:Trojan.Heur.@x0@Xwzdc3fi (B)
C:\Games\Men of War Assault Squad 2\mowas_2.exe    Quarantined Trojan.Generic.12343999 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe.xBAD    Quarantined Trojan.Generic.12316611 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\xbgnypdb.dll    Quarantined Gen:Variant.Symmi.46872 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\Virtaudio.dll    Quarantined Gen:Variant.Kazy.519690 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\EP0ICB1.DLL    Quarantined Gen:Variant.Symmi.46872 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\CNBLR4.DLL    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\CNBJOP5F.DLL    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\bldlipsbr.dll    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\YgPack\ASMtopt216I.dll    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\jpiexp.dll    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\CNBP_270.DLL    Quarantined Gen:Variant.Symmi.46796 (B)
C:\FRST\Quarantine\C\Users\lenovo\AppData\Local\Odics\CNBLR4.DLL    Quarantined Gen:Variant.Symmi.46796 (B)
C:\Users\lenovo\AppData\Roaming\getrighttogo    Quarantined Application.AppInstall (A)

Quarantined    562

Things do seem to be improved speed wise and I have not yet received an error about missing files or errors finding files
I am grateful for your support on this.

Awaiting next instruction



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 31 December 2014 - 04:55 PM

One more scan to check for any leftovers.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 01 January 2015 - 05:59 AM

Results of the scan were that 2 infected files were found, of which 1 was cleaned.

ESETlog.txt is as follows



C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB6FA.exe    a variant of Win32/Injector.BSBN trojan    
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB6FA.exe    a variant of Win32/Injector.BSBN trojan    cleaned by deleting - quarantined
 



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 01 January 2015 - 04:04 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 MentalMiggy

MentalMiggy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 01 January 2015 - 04:56 PM

It appears to be running great.  I am not receiving any error messages or having problems with multiple processes hogging resources.  This thing has been hounding me for what seems like forever but my amateur opinion would be that it seems to have been put to the sword.



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 AM

Posted 01 January 2015 - 07:14 PM

Hello, MentalMiggy.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.


One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users