TechSpot

Had Win32/Zbot.G on my laptop, unsure if it's gone

By TheMcDowell
Oct 22, 2011
  1. Hi,
    I'm running Windows 7 on my laptop and I have AVG/Avira.

    I started gettin reports from avira this morning but the details were incomplete. Since I had just upgraded Avira I thought it might be something to do with the update.
    I uninstalled avira and installed AVG which reported and healed approx. 120 infected Win32/Zbot.G files. As soon as they were gone more were found so I ran a system scan, which found 50-60 more infected files.
    I then googled Win32/Zbot.G and dowloaded malware and ran a malware system scan.
    The malware system scan came back showing nothing out of the normal and no Win32/zbot.g or trojan files.
    I then reran the AVG system scan twice and it also shows no infections. At this point I came across a post on this forum giving a much longer way of getting rid of the virus.

    Is my computer virus free now?
     
  2. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    Update

    I'm starting to get infections form AVG again so the virus is still there.
    What should I do?
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  4. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    I was unable to do anything since the lettering had disappeared in many programs (task manager, AVG, internet explorer and several others) so I did a complete system restore before running the scan. Here are the results:

    D:\empire total war\mss32.dll Win32/Ramnit.H virus
    D:\empire total war\tbb.dll Win32/Ramnit.H virus
    D:\empire total war\tbbmalloc.dll Win32/Ramnit.H virus
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
     
  6. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    How do I go about reformatting, and if the only files found to be infected are on my second hard drive (D:/) could the problem be solved simply by reformatting that.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    If D is your secondary drive, possibly we can do something here.

    To start with, disconnect that drive.

    Then....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  8. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    Just before trying all of that D is a partition of my first drive (Windows created two drives although physically there is only one as it was to large) will this make any difference?
     
  9. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    Also I havnt been able to disconnect the drive since it isnt physically a seperate drive, if there is a way to do so I am unaware.

    I have been leaving the infected laptop off and disconnected from the internet as much as possible and have avoided logging on to anything as well as having changed all my passwrds using a different computer.

    I will post as soon as I have the logs you asked for. For the moment I'm not sure if it's any help but my AVG system scan reported no infected fles/viruses.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go ahead with those logs.
     
  11. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8010

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    24/10/2011 12:18:26
    mbam-log-2011-10-24 (12-18-26).txt

    Scan type: Quick scan
    Objects scanned: 181617
    Time elapsed: 2 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  12. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-24 13:10:26
    Windows 6.1.7600
    Running: download[1].exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b6368a5
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b6b6368a5 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  13. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Timeon at 13:14:06 on 2011-10-24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.5994.3856 [GMT 1:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\SetDisplayResolution.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\System32\rundll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    C:\windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Users\Timeon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASSR8LRS\avg_isct_stb_all_2012_1831_free[1].exe
    C:\Users\Timeon\AppData\Local\Temp\7zS9BEB.tmp\avgmfapx.exe
    C:\windows\system32\msiexec.exe
    C:\Windows\system32\MsiExec.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie/
    uDefault_Page_URL = hxxp://samsung.msn.com
    mStart Page = hxxp://samsung.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: DhcpNameServer = 77.244.128.60 77.244.128.61
    TCP: Interfaces\{1AB62972-70EA-451D-AD14-5B7D095FF2C6} : DhcpNameServer = 77.244.128.60 77.244.128.61
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/04 09:40:27];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-24 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-11-4 126904]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-10-24 11:23:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{32E9A101-E1D4-49C4-A82C-C2B4867A0E32}\offreg.dll
    2011-10-24 11:14:02 -------- d-----w- C:\Users\Timeon\AppData\Roaming\Malwarebytes
    2011-10-24 11:13:18 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-24 11:13:16 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-10-24 11:13:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-10-24 11:13:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-23 18:53:14 -------- d-----w- C:\Users\Timeon\AppData\Local\Microsoft Games
    2011-10-23 16:24:01 -------- d-----w- C:\Users\Timeon\AppData\Roaming\AVG2012
    2011-10-23 16:23:17 -------- d-----w- C:\ProgramData\AVG2012
    2011-10-23 16:22:54 -------- d-----w- C:\Program Files (x86)\AVG
    2011-10-23 16:18:54 -------- d--h--w- C:\ProgramData\Common Files
    2011-10-23 16:15:52 -------- d-----w- C:\ProgramData\MFAData
    2011-10-23 16:10:04 -------- d-----w- C:\Users\Timeon\AppData\Local\Diagnostics
    2011-10-23 12:32:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{32E9A101-E1D4-49C4-A82C-C2B4867A0E32}\mpengine.dll
    2011-10-23 12:32:46 270720 ------w- C:\windows\System32\MpSigStub.exe
    2011-10-23 12:28:12 -------- d-----w- C:\Program Files (x86)\ESET
    2011-10-23 12:24:41 -------- d-----w- C:\Users\Timeon\AppData\Local\SRS Labs
    2011-10-23 12:24:39 -------- d-----w- C:\Users\Timeon\AppData\Local\ATI
    2011-10-23 12:24:36 -------- d-----w- C:\Users\Timeon\AppData\Local\Power2Go
    2011-10-23 12:23:08 -------- d-----w- C:\ProgramData\OberonGameConsole
    2011-10-23 12:19:04 131368 ----a-w- C:\ProgramData\FullRemove.exe
    2011-10-23 12:19:02 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
    2011-10-23 12:18:44 -------- d-----w- C:\Program Files (x86)\Game Pack
    2011-10-23 12:18:36 -------- d-----r- C:\Program Files (x86)\Skype
    2011-10-23 12:18:27 -------- d-----w- C:\Users\Timeon\AppData\Local\Adobe
    2011-10-23 12:16:36 -------- d-----w- C:\Users\Timeon\AppData\Local\VirtualStore
    2011-10-23 12:16:19 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys
    2011-10-23 12:16:19 344616 ----a-w- C:\windows\System32\drivers\btwampfl.sys
    2011-10-23 12:16:19 21544 ----a-w- C:\windows\System32\drivers\btwrchid.sys
    2011-10-23 12:16:19 135720 ----a-w- C:\windows\System32\drivers\btwavdt.sys
    2011-10-23 12:16:19 102952 ----a-w- C:\windows\System32\drivers\btwaudio.sys
    2011-10-23 12:15:07 -------- d-----w- C:\Program Files\WIDCOMM
    2011-10-23 12:12:54 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 13:14:21.93 ===============
     
  14. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 23/10/2011 13:14:44
    System Uptime: 24/10/2011 07:53:42 (6 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R540/R580/R780/SA41/E452/E852
    Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 231 GiB total, 198.335 GiB free.
    D: is FIXED (NTFS) - 345 GiB total, 297.695 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP21: 23/10/2011 13:17:10 - Installed YouCam
    RP22: 23/10/2011 13:32:35 - Windows Update
    RP23: 23/10/2011 17:22:30 - Installed AVG 2012
    RP24: 23/10/2011 17:23:01 - Installed AVG 2012
    RP25: 23/10/2011 20:03:23 - Removed Norton Online Backup
    RP26: 24/10/2011 12:22:48 - Removed AVG 2012
    RP27: 24/10/2011 12:23:56 - Removed AVG 2012
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Messenger
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?? Messenger
    ???????? ?????????? Windows Live
    ????????? Messenger
    ?????????? Windows Live
    ??????????? ?? Windows Live
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    Alice Greenfingers
    „Messenger“ pagalbine priemone
    Atheros Client Installation Program
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    BatteryLifeExtender
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Bonbon Quest
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Complemento Messenger
    Complément Messenger
    CyberLink Blu-ray Disc Suite
    CyberLink MediaShow
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Daycare Nightmare
    Doplnok programu Messenger
    Easy Content Share
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    EasyFileShare
    ESET Online Scanner v3
    Flip Words
    Fotogalerija Windows Live
    Galapago
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Game Pack
    Gem Shop
    Insaniquarium Deluxe
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Junk Mail filter update
    Mahjong Escape Ancient China
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Mesh Runtime
    Messenger-kumppani
    Messenger ??? ??
    Messenger ????
    Messenger ?????
    Messenger Assistent
    Messenger Companion
    Messenger kíséro
    Messenger Pratilac
    Messenger Suradnik
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSVCRT_amd64
    Norton Internet Security
    Norton Online Backup
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Pomocnik Messenger
    Pošta Windows Live
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    Skype™ 4.2
    Slingo
    Spremljevalec Messenger
    User Guide
    Visual Studio 2008 x64 Redistributables
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    .
    ==== End Of File ===========================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
    If Norton, use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-24 18:50:56
    -----------------------------
    18:50:56.874 OS Version: Windows x64 6.1.7600
    18:50:56.874 Number of processors: 4 586 0x2505
    18:50:56.884 ComputerName: MAGNERS UserName: Timeon
    18:50:58.834 Initialize success
    18:51:01.854 AVAST engine defs: 11102401
    18:51:07.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:51:07.664 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
    18:51:07.694 Disk 0 MBR read successfully
    18:51:07.694 Disk 0 MBR scan
    18:51:07.704 Disk 0 unknown MBR code
    18:51:07.704 Service scanning
    18:51:08.794 Modules scanning
    18:51:08.794 Disk 0 trace - called modules:
    18:51:08.834 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    18:51:08.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005efa060]
    18:51:08.844 3 CLASSPNP.SYS[fffff88001b1943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005bf4050]
    18:51:09.514 AVAST engine scan D:\
    19:32:53.747 Scan finished successfully
    19:36:55.434 Disk 0 MBR has been saved successfully to "C:\Users\Timeon\Desktop\MBR.dat"
    19:36:55.439 The log file has been saved successfully to "C:\Users\Timeon\Desktop\aswMBR.txt"
    19:37:00.045 Disk 0 MBR has been saved successfully to "C:\Users\Timeon\Desktop\MBR.dat"
    19:37:00.052 The log file has been saved successfully to "C:\Users\Timeon\Desktop\aswMBR.txt"
     
  17. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-24 18:31:53
    -----------------------------
    18:31:53.408 OS Version: Windows x64 6.1.7600
    18:31:53.408 Number of processors: 4 586 0x2505
    18:31:53.408 ComputerName: MAGNERS UserName: Timeon
    18:31:55.288 Initialize success
    18:34:08.926 AVAST engine defs: 11102401
    18:42:15.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:42:15.129 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
    18:42:15.149 Disk 0 MBR read successfully
    18:42:15.149 Disk 0 MBR scan
    18:42:15.149 Disk 0 unknown MBR code
    18:42:15.159 Service scanning
    18:42:20.319 Modules scanning
    18:42:20.319 Disk 0 trace - called modules:
    18:42:20.359 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    18:42:20.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005efa060]
    18:42:20.369 3 CLASSPNP.SYS[fffff88001b1943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005bf4050]
    18:42:20.869 AVAST engine scan C:\windows
    18:42:23.729 AVAST engine scan C:\windows\system32
    18:43:36.848 AVAST engine scan C:\windows\system32\drivers
    18:43:44.428 AVAST engine scan C:\Users\Timeon
    18:45:29.208 AVAST engine scan C:\ProgramData
    18:46:08.338 Scan finished successfully
    18:47:11.078 Disk 0 MBR has been saved successfully to "C:\Users\Timeon\Desktop\MBR.dat"
    18:47:11.078 The log file has been saved successfully to "C:\Users\Timeon\Desktop\aswMBR.txt"
     
  18. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    ComboFix 11-10-24.03 - Timeon 24/10/2011 20:00:50.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.5994.4859 [GMT 1:00]
    Running from: c:\users\Timeon\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-24 19:04 . 2011-10-24 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-24 17:28 . 2011-10-24 18:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-10-24 17:28 . 2011-10-24 17:28 -------- d-----w- c:\program files\Symantec
    2011-10-24 12:48 . 2011-10-24 12:48 -------- d-----w- c:\program files\Intel
    2011-10-24 12:41 . 2011-10-24 12:41 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-10-24 12:41 . 2011-10-24 12:41 -------- d-----w- c:\program files (x86)\Real
    2011-10-24 11:13 . 2011-10-24 11:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-24 11:13 . 2011-10-24 11:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-10-24 11:13 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-24 11:13 . 2011-10-24 11:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-10-23 16:23 . 2011-10-24 17:27 -------- d-----w- c:\programdata\AVG2012
    2011-10-23 16:22 . 2011-10-23 16:22 -------- d-----w- c:\program files (x86)\AVG
    2011-10-23 16:18 . 2011-10-23 16:18 -------- d--h--w- c:\programdata\Common Files
    2011-10-23 16:15 . 2011-10-24 17:25 -------- d-----w- c:\programdata\MFAData
    2011-10-23 12:32 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32E9A101-E1D4-49C4-A82C-C2B4867A0E32}\mpengine.dll
    2011-10-23 12:32 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-23 12:28 . 2011-10-23 12:28 -------- d-----w- c:\program files (x86)\ESET
    2011-10-23 12:23 . 2011-10-23 12:23 -------- d-----w- c:\programdata\OberonGameConsole
    2011-10-23 12:19 . 2011-10-23 12:19 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
    2011-10-23 12:18 . 2011-10-23 12:23 -------- d-----w- c:\program files (x86)\Game Pack
    2011-10-23 12:18 . 2011-10-23 12:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-10-23 12:18 . 2011-10-23 12:18 -------- d-----r- c:\program files (x86)\Skype
    2011-10-23 12:18 . 2011-10-23 12:18 -------- d-----w- c:\programdata\Skype
    2011-10-23 12:18 . 2011-10-23 12:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-10-23 12:16 . 2010-07-20 06:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
    2011-10-23 12:16 . 2010-07-20 06:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-10-23 12:16 . 2010-07-20 06:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    2011-10-23 12:16 . 2010-07-13 23:25 344616 ----a-w- c:\windows\system32\drivers\btwampfl.sys
    2011-10-23 12:16 . 2010-03-02 07:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
    2011-10-23 12:15 . 2011-10-23 12:15 -------- d-----w- c:\program files\WIDCOMM
    2011-10-23 12:14 . 2011-10-23 12:24 -------- d-----w- c:\users\Timeon
    2011-10-23 12:12 . 2011-10-23 12:12 -------- d-----w- C:\Recovery
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 12:47 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-24 12:41 . 2010-11-04 00:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-24 273528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ&inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 1132320]
    SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-11-4 156952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/04 09:40];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 02:14 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-14 11046504]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ie/
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 77.244.128.60 77.244.128.61
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files (x86)\Cyberlink\Shared files\brs.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-24 20:11:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-24 19:11
    .
    Pre-Run: 211,332,554,752 bytes free
    Post-Run: 211,321,610,240 bytes free
    .
    - - End Of File - - BD287228CF0D9B6D6BD759EE2FEB9784
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    That looks good.
    Which AV program did you remove?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    I removed both, but I reinstalled AVG after performing the scan.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK, go on.......
     
  22. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    OTL logfile created on: 10/25/2011 8:41:19 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Timeon\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    5.85 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 70.23% Memory free
    11.71 Gb Paging File | 9.99 Gb Available in Paging File | 85.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 231.00 Gb Total Space | 194.14 Gb Free Space | 84.04% Space Free | Partition Type: NTFS
    Drive D: | 345.07 Gb Total Space | 297.71 Gb Free Space | 86.27% Space Free | Partition Type: NTFS

    Computer Name: MAGNERS | User Name: Timeon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/24 22:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timeon\Desktop\OTL.exe
    PRC - [2011/10/24 20:21:06 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    PRC - [2011/10/24 20:21:06 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2011/10/24 13:41:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/08/13 07:19:04 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
    PRC - [2010/08/05 09:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2010/07/30 09:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2010/03/18 03:57:46 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/07/06 06:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/24 20:21:06 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/07/21 13:46:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/07/07 19:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/10/24 20:21:06 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/07/29 01:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/07/20 07:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/07/20 07:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/07/20 07:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/07/14 00:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2010/07/07 20:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/07/07 19:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/06/17 05:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/05/21 05:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/03/02 08:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2010/02/24 03:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/04 09:40:27] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/04 02:50:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/04 02:50:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/04 02:51:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/24 20:21:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 13:41:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/24 20:30:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/24 22:10:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/10/24 22:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timeon\AppData\Roaming\Mozilla\Extensions
    [2011/10/24 22:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/24 20:21:09 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2011/10/24 13:41:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/10/24 20:07:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.244.128.60 77.244.128.61
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AB62972-70EA-451D-AD14-5B7D095FF2C6}: DhcpNameServer = 77.244.128.60 77.244.128.61
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/24 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Mozilla
    [2011/10/24 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Mozilla
    [2011/10/24 22:12:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Timeon\Desktop\OTL.exe
    [2011/10/24 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2011/10/24 20:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/10/24 20:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/10/24 20:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2011/10/24 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\DDMSettings
    [2011/10/24 20:30:16 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\DivX
    [2011/10/24 20:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2011/10/24 20:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
    [2011/10/24 20:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIVX
    [2011/10/24 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2011/10/24 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Google
    [2011/10/24 20:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2011/10/24 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2011/10/24 20:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011/10/24 20:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
    [2011/10/24 20:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2011/10/24 20:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2011/10/24 20:21:03 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
    [2011/10/24 20:20:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
    [2011/10/24 20:11:12 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2011/10/24 20:07:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/10/24 19:50:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/10/24 19:50:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/10/24 19:50:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/10/24 19:50:07 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/10/24 19:49:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/24 19:40:00 | 004,272,498 | R--- | C] (Swearware) -- C:\Users\Timeon\Desktop\ComboFix.exe
    [2011/10/24 18:50:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Timeon\Desktop\aswMBR.exe
    [2011/10/24 18:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/10/24 18:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/10/24 13:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2011/10/24 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2011/10/24 13:41:12 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
    [2011/10/24 13:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
    [2011/10/24 13:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2011/10/24 13:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2011/10/24 13:41:05 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Real
    [2011/10/24 13:38:06 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\InstallShield
    [2011/10/24 13:12:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Timeon\Desktop\dds.scr
    [2011/10/24 12:14:02 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Malwarebytes
    [2011/10/24 12:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/24 12:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/10/24 12:13:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2011/10/24 12:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    [2011/10/24 12:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/10/23 19:53:14 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Microsoft Games
    [2011/10/23 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\AVG2012
    [2011/10/23 17:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2011/10/23 17:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2011/10/23 17:18:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2011/10/23 17:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/10/23 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Diagnostics
    [2011/10/23 13:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/10/23 13:25:12 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Macromedia
    [2011/10/23 13:25:09 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Adobe
    [2011/10/23 13:24:41 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\SRS Labs
    [2011/10/23 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\ATI
    [2011/10/23 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\ATI
    [2011/10/23 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Power2Go
    [2011/10/23 13:24:14 | 000,000,000 | R--D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/10/23 13:24:14 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Searches
    [2011/10/23 13:24:14 | 000,000,000 | R--D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/10/23 13:24:14 | 000,000,000 | -H-D | C] -- C:\Users\Timeon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/10/23 13:24:07 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Identities
    [2011/10/23 13:24:03 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Contacts
    [2011/10/23 13:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
    [2011/10/23 13:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
    [2011/10/23 13:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
    [2011/10/23 13:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Pack
    [2011/10/23 13:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/10/23 13:18:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2011/10/23 13:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2011/10/23 13:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2011/10/23 13:18:27 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Adobe
    [2011/10/23 13:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2011/10/23 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2011/10/23 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2011/10/23 13:18:02 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
    [2011/10/23 13:16:36 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\VirtualStore
    [2011/10/23 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
    [2011/10/23 13:14:48 | 000,000,000 | --SD | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Videos
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Saved Games
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Pictures
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Music
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Links
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Favorites
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Downloads
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Documents
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\Desktop
    [2011/10/23 13:14:48 | 000,000,000 | R--D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\AppData\Local\Temporary Internet Files
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Templates
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Start Menu
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\SendTo
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Recent
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\PrintHood
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\NetHood
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Documents\My Videos
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Documents\My Pictures
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Documents\My Music
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\My Documents
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Local Settings
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\AppData\Local\History
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Cookies
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\Application Data
    [2011/10/23 13:14:48 | 000,000,000 | -HSD | C] -- C:\Users\Timeon\AppData\Local\Application Data
    [2011/10/23 13:14:48 | 000,000,000 | -H-D | C] -- C:\Users\Timeon\AppData
    [2011/10/23 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Temp
    [2011/10/23 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Local\Microsoft
    [2011/10/23 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Media Center Programs
    [2011/10/23 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
    [2011/10/23 13:12:54 | 000,000,000 | ---D | C] -- C:\Recovery

    ========== Files - Modified Within 30 Days ==========

    [2011/10/25 08:38:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/10/24 22:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timeon\Desktop\OTL.exe
    [2011/10/24 22:10:16 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/10/24 20:30:28 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/10/24 20:30:27 | 000,001,576 | ---- | M] () -- C:\Users\Timeon\Desktop\DivX Movies.lnk
    [2011/10/24 20:30:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/10/24 20:24:21 | 069,848,843 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2011/10/24 20:21:09 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/10/24 20:21:03 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2011/10/24 20:21:03 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2011/10/24 20:15:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/24 20:15:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/24 20:07:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2011/10/24 20:06:35 | 1990,369,279 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/24 19:40:13 | 004,272,498 | R--- | M] (Swearware) -- C:\Users\Timeon\Desktop\ComboFix.exe
    [2011/10/24 19:37:00 | 000,000,512 | ---- | M] () -- C:\Users\Timeon\Desktop\MBR.dat
    [2011/10/24 18:50:47 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Timeon\Desktop\aswMBR.exe
    [2011/10/24 18:31:36 | 003,085,342 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/10/24 18:31:36 | 000,697,406 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
    [2011/10/24 18:31:36 | 000,692,462 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
    [2011/10/24 18:31:36 | 000,645,988 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
    [2011/10/24 18:31:36 | 000,619,642 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/10/24 18:31:36 | 000,131,294 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
    [2011/10/24 18:31:36 | 000,130,152 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
    [2011/10/24 18:31:36 | 000,128,230 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
    [2011/10/24 18:31:36 | 000,107,792 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/10/24 13:41:24 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
    [2011/10/24 13:41:24 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2011/10/24 13:41:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
    [2011/10/24 13:35:16 | 000,276,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2011/10/24 13:13:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Timeon\Desktop\dds.scr
    [2011/10/24 12:13:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/23 13:25:01 | 000,001,441 | ---- | M] () -- C:\Users\Timeon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/23 13:24:39 | 000,001,121 | ---- | M] () -- C:\Users\Timeon\Desktop\CyberLink YouCam.lnk
    [2011/10/23 13:24:38 | 000,001,179 | ---- | M] () -- C:\Users\Timeon\Desktop\Blu-ray Disc Suite.lnk
    [2011/10/23 13:23:51 | 000,001,076 | ---- | M] () -- C:\Users\Timeon\Desktop\Your Feedback is Important.lnk
    [2011/10/23 13:23:13 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk
    [2011/10/23 13:23:13 | 000,000,033 | ---- | M] () -- C:\windows\0
    [2011/10/23 13:18:37 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/10/23 13:18:22 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/10/23 13:16:25 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/10/23 13:15:21 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R540_03KP.mrk
    [2011/10/23 05:12:25 | 000,039,219 | ---- | M] () -- C:\windows\SysWow64\license.rtf
    [2011/10/23 05:12:25 | 000,039,219 | ---- | M] () -- C:\windows\SysNative\license.rtf

    ========== Files Created - No Company Name ==========

    [2011/10/24 22:10:16 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/10/24 22:10:16 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/10/24 20:30:27 | 000,001,576 | ---- | C] () -- C:\Users\Timeon\Desktop\DivX Movies.lnk
    [2011/10/24 20:30:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/10/24 20:29:55 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/10/24 20:24:21 | 069,848,843 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2011/10/24 20:21:09 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/10/24 20:21:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2011/10/24 20:21:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2011/10/24 19:50:11 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2011/10/24 19:50:11 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2011/10/24 19:50:11 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/10/24 19:50:11 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/10/24 19:50:11 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/10/24 18:47:11 | 000,000,512 | ---- | C] () -- C:\Users\Timeon\Desktop\MBR.dat
    [2011/10/24 13:41:24 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk
    [2011/10/24 13:41:24 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2011/10/24 12:13:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/23 13:25:01 | 000,001,441 | ---- | C] () -- C:\Users\Timeon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/23 13:24:28 | 000,001,413 | ---- | C] () -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/10/23 13:24:24 | 000,001,447 | ---- | C] () -- C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/10/23 13:23:51 | 000,001,076 | ---- | C] () -- C:\Users\Timeon\Desktop\Your Feedback is Important.lnk
    [2011/10/23 13:23:13 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk
    [2011/10/23 13:23:13 | 000,000,033 | ---- | C] () -- C:\windows\0
    [2011/10/23 13:18:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/10/23 13:18:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/10/23 13:18:22 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/10/23 13:18:02 | 000,001,121 | ---- | C] () -- C:\Users\Timeon\Desktop\CyberLink YouCam.lnk
    [2011/10/23 13:15:21 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R540_03KP.mrk
    [2011/10/23 13:15:13 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/10/23 13:14:48 | 000,001,179 | ---- | C] () -- C:\Users\Timeon\Desktop\Blu-ray Disc Suite.lnk
    [2011/10/23 13:14:48 | 000,000,290 | ---- | C] () -- C:\Users\Timeon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/10/23 13:14:48 | 000,000,272 | ---- | C] () -- C:\Users\Timeon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/10/23 05:08:51 | 000,679,298 | ---- | C] () -- C:\windows\SysNative\oem10.inf
    [2010/11/04 17:18:17 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2010/11/04 02:51:44 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2010/11/04 02:22:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2010/11/04 01:48:20 | 000,001,238 | ---- | C] () -- C:\windows\HotFixList.ini
    [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
    [2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
    [2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
    [2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/10/23 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Timeon\AppData\Roaming\AVG2012
    [2009/07/14 06:08:49 | 000,006,366 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  23. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/10/24 20:11:11 | 000,012,789 | ---- | M] () -- C:\ComboFix.txt
    [2011/10/24 20:06:35 | 1990,369,279 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/24 20:06:40 | 1990,369,279 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/04 01:28:15 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/04 01:46:26 | 000,000,190 | ---- | M] () -- C:\setup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2006/11/09 23:31:56 | 000,016,018 | ---- | M] () -- C:\windows\Samsung.png

    < %systemroot%\*.scr >
    [2009/11/16 08:27:16 | 019,480,587 | ---- | M] () -- C:\windows\Crystal Delight.scr
    [2010/09/22 16:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/10/23 13:25:01 | 000,000,221 | -HS- | M] () -- C:\Users\Timeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/24 18:50:47 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Timeon\Desktop\aswMBR.exe
    [2011/10/24 19:40:13 | 004,272,498 | R--- | M] (Swearware) -- C:\Users\Timeon\Desktop\ComboFix.exe
    [2011/10/24 22:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timeon\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/10/23 13:16:47 | 000,008,192 | ---- | M] () -- C:\windows\SECURITY\Database\edb.chk
    [2011/10/23 13:16:47 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edb.log
    [2011/10/23 13:16:46 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00001.jrs
    [2011/10/23 13:16:46 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00002.jrs
    [2011/10/23 13:16:46 | 000,786,432 | ---- | M] () -- C:\windows\SECURITY\Database\edbtmp.log
    [2011/10/23 13:16:47 | 001,056,768 | ---- | M] () -- C:\windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/10/23 13:24:28 | 000,000,402 | -HS- | M] () -- C:\Users\Timeon\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/05 01:45:25 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/11/05 01:39:45 | 000,000,106 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/11/05 01:39:31 | 000,000,107 | ---- | M] () -- C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    [2010/11/05 01:44:46 | 000,000,107 | ---- | M] () -- C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
    [2010/11/05 01:44:30 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/11/05 01:45:55 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  24. TheMcDowell

    TheMcDowell TS Rookie Topic Starter Posts: 35

    OTL Extras logfile created on: 10/25/2011 8:41:19 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Timeon\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    5.85 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 70.23% Memory free
    11.71 Gb Paging File | 9.99 Gb Available in Paging File | 85.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 231.00 Gb Total Space | 194.14 Gb Free Space | 84.04% Space Free | Partition Type: NTFS
    Drive D: | 345.07 Gb Total Space | 297.71 Gb Free Space | 86.27% Space Free | Partition Type: NTFS

    Computer Name: MAGNERS | User Name: Timeon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{88381CA0-AB27-45B5-8BB8-E68987822AF8}" = AVG 2012
    "{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "AVG" = AVG 2012
    "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
    "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
    "{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
    "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
    "{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
    "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0A455897-C606-4958-AD34-6DF0430D184B}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{1127FA07-963E-479B-AE80-B99C571E52D8}" = Easy Network Manager
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1CFBB921-4E8F-47C1-81A0-1CB94454199E}" = Windows Live UX Platform Language Pack
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
    "{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
    "{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
    "{240DB1E2-EDFC-4489-9B00-286A61137EE8}" = Windows Live UX Platform Language Pack
    "{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
    "{269FAF4C-8237-49A4-8440-6560FF15B4B0}" = Windows Live UX Platform Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{2719ED2A-F6F5-4CA4-B248-A48FFE75DB84}" = Windows Live UX Platform Language Pack
    "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
    "{2798CE54-AD9D-4704-B940-6C451973CBA4}" = Windows Live UX Platform Language Pack
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
    "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
    "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
    "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
    "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
    "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
    "{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent
    "{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
    "{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CADEAC5-0A9C-4680-B850-6A9085ADD23B}" = Windows Live UX Platform Language Pack
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
    "{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
    "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
    "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
    "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
    "{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
    "{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
    "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
    "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
    "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
    "{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
    "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
    "{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
    "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
    "{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
    "{B4FF212F-F56E-463D-95DC-449DA1480E27}" = Windows Live UX Platform Language Pack
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
    "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
    "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
    "{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
    "{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C011E1C5-86F7-4EEB-B7E6-0C367CED97B2}" = Windows Live UX Platform Language Pack
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
    "{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
    "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
    "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
    "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
    "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion
    "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
    "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
    "{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack
    "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
    "{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
    "{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
    "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
    "{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
    "{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
    "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "{FFF8D436-0A41-4BB0-8E9B-6256B07AF66B}" = Windows Live UX Platform Language Pack
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "DivX Setup" = DivX Setup
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
    "RealPlayer 12.0" = RealPlayer
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1464188474-2884481331-1794327815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ System Events ]
    Error - 10/24/2011 10:57:33 AM | Computer Name = Magners | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 109.202.235.2. The computer with the IP address 109.202.235.59 did
    not allow the name to be claimed by this computer.

    Error - 10/24/2011 1:28:44 PM | Computer Name = Magners | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 10/24/2011 2:51:56 PM | Computer Name = Magners | Source = Service Control Manager | ID = 7031
    Description = The Norton Internet Security service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 120000
    milliseconds: Restart the service.

    Error - 10/24/2011 3:03:16 PM | Computer Name = Magners | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/24/2011 3:04:31 PM | Computer Name = Magners | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/24/2011 3:06:09 PM | Computer Name = Magners | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/24/2011 3:10:04 PM | Computer Name = Magners | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the eventlog service.


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-1464188474-2884481331-1794327815-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...