[Not curable - Ramnit] Win32/Heur from AVG

T

TheMcDowell

Posts: 35   +0
AVG keeps telling me that there's a threat which is called win32/Heur. Also I have a windows command processor permission window which keeps asking for permission to do something every few seconds.
 
You've been to this very forum twice already so you should know what preliminaries are requested.
 
I know, I started the scans just before posting

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Timeon :: MAGNERS [administrator]

06/03/2012 22:24:17
mbam-log-2012-03-06 (22-24-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196676
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Timeon at 23:39:55 on 2012-03-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.5994.3155 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Users\Timeon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI3F6W1Y\b3uORcPBMqx2wFI369Aldy[1]
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\consent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.searchonme.com/
mStart Page = hxxp://search.searchonme.com/
BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MyTools Class: {c3a44133-7ead-434c-ac9e-7f1da176ba8c} - C:\Program Files (x86)\MyTools\MyTools.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Timeon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [FuvKnyuy] C:\Users\Timeon\AppData\Local\woeypjom\fuvknyuy.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Timeon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fuvknyuy.exe
StartupFolder: C:\Users\Timeon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 77.244.128.44 77.244.128.45
TCP: Interfaces\{1AB62972-70EA-451D-AD14-5B7D095FF2C6} : DhcpNameServer = 77.244.128.44 77.244.128.45
TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5} : DhcpNameServer = 137.195.151.105 137.195.150.61 137.195.151.110
TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{B3A5F3D3-8ACE-4A35-B648-0553907E48B5}\8677D2775626 : DhcpNameServer = 137.195.151.105 137.195.150.61 137.195.151.110
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll
BHO-X64: CrossriderApp0000435 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: MyTools Class: {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll
BHO-X64: MyTools - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTUzNTIyNTQzLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=e012efa5339147d1bd15d1422d878156-fe8ff569b80f2f484900e7c69fd0f467631b63cf
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Timeon\AppData\Roaming\Mozilla\Firefox\Profiles\o9kis29y.default\
FF - prefs.js: browser.search.selectedEngine - SearchOnMe
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Timeon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/04 09:40:27];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-24 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-06 10:57:21 -------- d-----w- C:\Program Files (x86)\Amazon
2012-03-06 09:04:53 -------- d-----w- C:\Users\Timeon\AppData\Local\{0A46037A-DAC5-4120-B2AA-5D65BC24DC16}
2012-03-06 09:04:28 -------- d-----w- C:\Users\Timeon\AppData\Local\{DDAF5B49-FC05-4B00-9F93-B2CAA0CB6D68}
2012-03-03 23:53:09 -------- d-----w- C:\ProgramData\Premium
2012-03-03 23:52:43 -------- d-----w- C:\Users\Timeon\AppData\Local\Premiumplay Codec-C
2012-03-03 23:52:42 -------- d-----w- C:\Program Files (x86)\Premiumplay Codec-C
2012-03-03 23:52:34 -------- d-----w- C:\codec-info
2012-03-03 23:52:32 -------- d-----w- C:\Program Files (x86)\MyTools
2012-03-03 23:52:01 -------- d-----w- C:\ProgramData\InstallMate
2012-03-03 12:18:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{5ED7E5DD-DC45-48E6-B179-40751485A9C1}
2012-03-03 12:18:00 -------- d-----w- C:\Users\Timeon\AppData\Local\{C4FBEDE3-D7CA-4653-BB0F-F443FD953FF0}
2012-02-29 08:41:14 -------- d-----w- C:\Users\Timeon\AppData\Local\{D6EE1BEA-3529-42F1-A24E-9BC5FE2CC301}
2012-02-28 12:38:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{A24AAD06-C9EA-4F02-9A81-0D896173E615}
2012-02-28 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{3D190476-174D-445C-8691-4F5C6868D361}
2012-02-28 00:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{A58E021F-32D6-414F-88F7-D8C0360688FA}
2012-02-28 00:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{B581E3F4-A935-4263-9487-DA4C2A7CFC5B}
2012-02-27 12:38:10 -------- d-----w- C:\Users\Timeon\AppData\Local\{3CE61A20-1C69-4D8E-8D28-E146E218045B}
2012-02-27 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{ADDCB200-335F-489A-A085-CDFF67D07F02}
2012-02-27 00:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{37CF7833-11D0-4119-955C-A0786183EA64}
2012-02-27 00:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{AE234859-7D21-4A5F-A6F1-32EAADB3DC0E}
2012-02-26 12:38:11 -------- d-----w- C:\Users\Timeon\AppData\Local\{CAC1344A-BAA7-423D-AAA2-DA822B5751E6}
2012-02-26 12:38:01 -------- d-----w- C:\Users\Timeon\AppData\Local\{A700D7E1-BC76-4E33-83AE-C5F970043AF0}
2012-02-25 20:17:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C306298A-95D6-4352-A983-9297F7471810}
2012-02-25 20:17:48 -------- d-----w- C:\Users\Timeon\AppData\Local\{FC80C91A-06FE-48EB-86A0-410132CBFFB9}
2012-02-25 11:00:23 -------- d-----w- C:\Users\Timeon\AppData\Local\{268A26A1-F7D1-4AA4-B530-E2D32A7BFE01}
2012-02-25 10:59:39 -------- d-----w- C:\Users\Timeon\AppData\Local\{0296C4C1-B7BE-4EB4-B2C8-F45E5042DA18}
2012-02-24 22:36:36 -------- d-----w- C:\Users\Timeon\AppData\Local\{86BBA40E-9D14-4E55-9F33-49CE72AE31F8}
2012-02-24 22:36:26 -------- d-----w- C:\Users\Timeon\AppData\Local\{A847D249-19C7-4242-87DD-B60CDBBE560B}
2012-02-24 10:36:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{994E6B5D-C1B2-4581-BFC5-5737097F4CA9}
2012-02-24 10:36:38 -------- d-----w- C:\Users\Timeon\AppData\Local\{79D53E16-EB78-43B1-B09D-27373B28E8EE}
2012-02-23 20:59:19 -------- d-----w- C:\Users\Timeon\AppData\Local\{6EF6AE3E-6384-4134-A6E5-C09E826CEE78}
2012-02-23 20:59:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{F658BE31-7F0F-43C9-A39A-AD389413AC19}
2012-02-23 08:59:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{C7B78A80-F13A-41E3-B1BB-E75E8213D7B4}
2012-02-23 08:59:20 -------- d-----w- C:\Users\Timeon\AppData\Local\{D95F21B7-4108-41F6-B71A-DE32DD88DC2B}
2012-02-22 18:17:28 -------- d-----w- C:\Users\Timeon\AppData\Local\{BAE50C20-E338-4FE8-9E41-6B843B7E6723}
2012-02-22 18:17:18 -------- d-----w- C:\Users\Timeon\AppData\Local\{791CA3D6-35DE-434D-AC48-53451E2053B9}
2012-02-22 12:24:52 -------- d-----w- C:\Users\Timeon\AppData\Local\{0CBFA17F-6040-4F5D-B6D7-A948D3483601}
2012-02-22 12:24:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{FEAA545B-CAB8-40EF-B63F-F093D8913C4C}
2012-02-22 11:46:34 -------- d-----w- C:\Users\Timeon\AppData\Local\{60F70DD2-0B1E-4E91-9925-8802AA1C4794}
2012-02-22 11:46:23 -------- d-----w- C:\Users\Timeon\AppData\Local\{B04E1C1D-005F-4B00-8600-C018BFD723B7}
2012-02-22 11:43:17 20 ----a-w- C:\windows\System32\SETCB3A.TMP
2012-02-22 11:29:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{86D03859-F202-4FBA-BC5C-58BBF0583140}
2012-02-22 11:29:12 -------- d-----w- C:\Users\Timeon\AppData\Local\{E58F8C43-3D07-4BDC-8239-799D45EFC445}
2012-02-22 09:18:53 -------- d-----w- C:\Users\Timeon\AppData\Local\{B99B12DA-3E0A-46E4-BE42-C82A05E150E3}
2012-02-22 09:18:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{A5D28411-F5C6-4729-A74D-D184432C845F}
2012-02-22 09:07:51 -------- d-----w- C:\Users\Timeon\AppData\Local\{17DF5B00-4962-46B9-9300-E897BE59131B}
2012-02-22 09:07:41 -------- d-----w- C:\Users\Timeon\AppData\Local\{3098AC11-028F-4803-8AB5-774700C5E9F7}
2012-02-22 00:06:09 -------- d-----w- C:\Users\Timeon\AppData\Local\{879EFAA6-B5F8-48EF-ACFF-89416C487664}
2012-02-22 00:05:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{6934E538-7EAB-41A9-B8D3-7A37690114F6}
2012-02-21 15:20:54 -------- d-----w- C:\Users\Timeon\AppData\Roaming\The Creative Assembly
2012-02-21 08:44:04 -------- d-----w- C:\Users\Timeon\AppData\Local\{4927DED6-A997-41A4-80C4-848DE880D00A}
2012-02-21 08:43:42 -------- d-----w- C:\Users\Timeon\AppData\Local\{9E2B20ED-F56D-438C-9546-32E70DD025DB}
2012-02-20 14:19:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-02-20 14:19:43 -------- d-----w- C:\Program Files (x86)\Steam
2012-02-20 12:29:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{32F8CC54-E0B0-461B-AA09-B025CF0DB6A6}
2012-02-19 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{3823B406-5DE8-4B02-AF05-B7DC6F25A36B}
2012-02-19 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{F62769AA-C351-411B-A407-91F3780753C8}
2012-02-19 09:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{49D8B769-BC3E-4AAA-B1BB-0FAFB1F2E732}
2012-02-19 09:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{F42330BD-A39E-4A7F-9584-1F347D3DEA80}
2012-02-18 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{C09B3935-F923-41CE-8654-FCB62DD00CF1}
2012-02-18 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C38CE92D-5437-4190-9858-86782085B3EB}
2012-02-18 09:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{1B7F59BE-3FF4-41B3-A685-BDF97A12CAF6}
2012-02-18 09:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{15541F83-F151-4628-BEBE-2CA6DB846217}
2012-02-17 21:01:08 -------- d-----w- C:\Users\Timeon\AppData\Local\{394924BE-05F1-41BD-BED4-329A5CF412F5}
2012-02-17 21:00:58 -------- d-----w- C:\Users\Timeon\AppData\Local\{C765B06E-5C8F-4541-81CA-FD315B4CB6F3}
2012-02-17 09:01:16 -------- d-----w- C:\Users\Timeon\AppData\Local\{A80912A3-5305-4D11-B57E-519061476903}
2012-02-17 09:01:06 -------- d-----w- C:\Users\Timeon\AppData\Local\{9E9FFE6E-0DB4-482E-93B3-7D6D745BA9DD}
2012-02-16 20:40:44 -------- d-----w- C:\Users\Timeon\AppData\Local\{A80939BD-EA61-43F6-A0BD-DC2D6EDDB356}
2012-02-16 20:40:34 -------- d-----w- C:\Users\Timeon\AppData\Local\{F8766856-1FEB-4F2B-BC6F-A838B01145A9}
2012-02-16 08:41:07 -------- d-----w- C:\Users\Timeon\AppData\Local\{803E6197-4AD7-4FDA-9EA9-650350F6478D}
2012-02-16 08:40:56 -------- d-----w- C:\Users\Timeon\AppData\Local\{6719EBB9-6D13-4AD6-88A5-09D5D7570F6B}
2012-02-16 08:40:46 -------- d-----w- C:\Users\Timeon\AppData\Local\{5CE0131D-D6E1-472C-AC63-D73D52C80519}
2012-02-16 08:40:35 -------- d-----w- C:\Users\Timeon\AppData\Local\{B203E34B-FEF3-4DFA-B873-A12D54D8252C}
2012-02-15 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{D8172E0A-000C-4EC0-BF2F-F9AA0A0974CA}
2012-02-15 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{4EDE9884-1C38-4D25-A7E8-623081B626A2}
2012-02-15 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{1C58CDD9-3839-42D0-A81F-25F3C7112A6E}
2012-02-15 08:56:14 -------- d-----w- C:\Users\Timeon\AppData\Local\{76550A5F-040D-4AC6-A6D5-C98326647FC5}
2012-02-15 08:56:04 -------- d-----w- C:\Users\Timeon\AppData\Local\{8890587A-5C81-4856-946F-DB624C94EE45}
2012-02-15 08:47:15 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-15 08:47:15 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-15 08:47:14 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-15 08:47:14 478208 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-15 08:47:14 3143168 ----a-w- C:\windows\System32\win32k.sys
2012-02-15 08:47:11 499200 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-15 08:47:08 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-15 08:47:08 634368 ----a-w- C:\windows\System32\msvcrt.dll
2012-02-14 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{83A47342-0795-4C4A-874B-8B3B9A4ED389}
2012-02-14 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{D466A53A-5B2D-4AD4-9969-8FEEA4B39786}
2012-02-14 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{D05ADBE3-B60E-4411-9C2F-45F05056AB40}
2012-02-14 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{A9C292A3-AAE2-4B02-895F-81ED3AA13109}
2012-02-13 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{2E9032DB-2A6B-4994-A240-40B1318BAF01}
2012-02-13 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{38B0F116-0700-4F2D-AC85-655C67BC75FD}
2012-02-13 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{13E4791E-C447-4284-AF54-1BC9F0347C49}
2012-02-13 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{A3FE5201-5B65-4F44-90F1-96883A2FF87F}
2012-02-12 22:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{269D5244-0BEB-4D55-8FFF-257F46C18EE3}
2012-02-12 22:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{088A6541-DCCC-47FA-A166-561A068DCFB6}
2012-02-12 10:03:15 -------- d-----w- C:\Users\Timeon\AppData\Local\{FCB83F0A-3D22-471F-A964-44C1475543F0}
2012-02-12 10:03:05 -------- d-----w- C:\Users\Timeon\AppData\Local\{0EA6DF24-C8CA-495A-8CD4-C66B5D51BBA1}
2012-02-11 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{B41CFC68-7C6E-42DC-A30C-B8CD55F55D72}
2012-02-11 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{AD5D8414-090E-46AF-93E7-7F088B8061D4}
2012-02-11 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{6AC8386C-2FF2-4FD3-8F29-A78B64DFAA08}
2012-02-11 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{15D347CE-C898-4A7B-8868-744CC57C3224}
2012-02-10 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{D4C745ED-975E-443A-B024-192921224915}
2012-02-10 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{73D169C6-A1A6-4FAF-A525-36D2E3D284CA}
2012-02-10 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{CF8AA3D5-31C9-40AB-A53F-A8172D76D66C}
2012-02-10 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{B2DF29BF-D95C-456E-BE58-330EA6259C5D}
2012-02-09 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{8E12DD53-7E64-455C-AD30-E3C622BE5FDF}
2012-02-09 22:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{DA280597-0788-467F-8B43-58EAB251D857}
2012-02-09 10:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{E2ED659D-E58D-4630-B58D-37716506557D}
2012-02-09 10:03:03 -------- d-----w- C:\Users\Timeon\AppData\Local\{F5C6ADCF-0729-4377-9F80-268A61A2BCBD}
2012-02-08 22:03:13 -------- d-----w- C:\Users\Timeon\AppData\Local\{80271219-2AEC-49C0-A418-B82BBBE1B461}
2012-02-08 22:03:02 -------- d-----w- C:\Users\Timeon\AppData\Local\{BF495492-67B6-46DC-95EE-D5FD2C8FA828}
2012-02-08 10:03:59 -------- d-----w- C:\Users\Timeon\AppData\Local\{8AF21186-ECE3-4BAC-925D-8F750F99C1C7}
2012-02-08 10:03:26 -------- d-----w- C:\Users\Timeon\AppData\Local\{BE881B6E-D4EE-4FC6-8AB6-9C10CC63E8C9}
2012-02-07 21:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{BC7E4E80-8E85-49A6-9DCA-8B51C3AB4502}
2012-02-07 21:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{C59461A3-DB6D-4E52-8873-7018EFF18607}
2012-02-07 20:56:54 -------- d-----w- C:\Users\Timeon\AppData\Local\{D6A9D90E-F80B-4333-8E5D-00B7475DAFA8}
2012-02-07 09:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{59057672-2472-4933-80C7-8F50C735CA44}
2012-02-07 09:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{7E807C68-0390-4A47-908B-DC9B225D0F53}
2012-02-06 21:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{9FC72AAF-E671-45A3-BC02-FD5FCFE75A07}
2012-02-06 21:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{157B3856-342C-46E8-A27C-79935C0DBC9C}
2012-02-06 09:32:32 -------- d-----w- C:\Users\Timeon\AppData\Local\{EF8B5F10-1919-4FA8-A4FF-FE8B0090323A}
2012-02-06 09:32:22 -------- d-----w- C:\Users\Timeon\AppData\Local\{251A7BA3-83A1-454D-A041-DD876B2AB697}
.
==================== Find3M ====================
.
2012-02-25 20:18:58 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 14:23:44 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-01-06 00:23:58 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-16 08:45:22 1197568 ----a-w- C:\windows\System32\wininet.dll
2011-12-16 08:41:26 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-16 07:58:33 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-12-10 15:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 23:40:32.15 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/10/2011 13:14:44
System Uptime: 28/02/2012 01:07:24 (190 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R540/R580/R780/SA41/E452/E852
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 95.784 GiB free.
D: is FIXED (NTFS) - 345 GiB total, 277.888 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 28/02/2012 00:13:05 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
"The last Kingdom"
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?? Messenger
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
888poker
Acoustica Effects Pack
Acoustica Mixcraft 5
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Reader 9.1
Alice Greenfingers
Amazon MP3 Downloader 1.0.9
„Messenger“ pagalbine priemone
Atheros Client Installation Program
AVG Security Toolbar
Avid License Control
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
Barbarian Invasion
BatteryLifeExtender
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonbon Quest
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CivCity
Commander: Conquest of the Americas
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Blu-ray Disc Suite
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Daycare Nightmare
DivX Setup
Doplnok programu Messenger
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
Empire: Total War
Facebook Video Calling 1.1.1.1
Flip Words
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galapago
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Pack
GameSpy Arcade
Gem Shop
Google Earth
Google Update Helper
Insaniquarium Deluxe
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
MagicDisc 2.7.106
Mahjong Escape Ancient China
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Medieval II Total War
Medieval II Total War : Kingdoms : Britannia
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Rise Of Nations
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MyTools
Norton Online Backup
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Poczta uslugi Windows Live
Podstawowe programy Windows Live
PokerStars
Pomocnik Messenger
Pošta Windows Live
Premiumplay Codec-C
Raccolta foto di Windows Live
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rise of Nations Thrones and Patriots
Rome - Total War - Alexander
Rome - Total War(TM)
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sibelius 7 OpenType Fonts
Skype™ 4.2
Slingo
Spremljevalec Messenger
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
The Sims(TM) 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
05/03/2012 13:28:22, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 109.202.235.91. The computer with the IP address 109.202.235.90 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 
Ran GMER forgot to save, unable to post since nothing was found when I ran it a second time nothing comes up. Also I don't know if this is related but firefox keeps crashing:
2830737%2C+%276841166657021360107%27%2C+1331077718%2C+1341445718%2C+288734%2C+147776%2C+0%2C+4%2C+10368000%29%3B&cnd=!dRuOBgjezxEQhaFdGAAgwIIJMAA4h6UFQARInQRQrLstWABg1AdoAHAGeJYBgAEKiAE0kAEBmAEBoAEBqAEAsAEAuQEAAAAAAAAIQMEBAAAAAAAACEDJAbxVCpvEpt8_2QEAAAAAAADwP-ABAA..&ccd=!4QTKKQjezxEQhaFdGMCCCSAE&vpid=45&referrer=http://vidreel.com/video/OTE4NDI3/&media_subtypes=6&dlo=1
Vendor: Mozilla
Version: 9.0.1
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] : 2 : 2 :
MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP TCP Service Provider : 2 : 1 :
RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
RSVP UDP Service Provider : 2 : 2 :

This report also contains technical information about the state of the application when it crashed.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 10:28:52
-----------------------------
10:28:52.844 OS Version: Windows x64 6.1.7600
10:28:52.844 Number of processors: 4 586 0x2505
10:28:52.844 ComputerName: MAGNERS UserName: Timeon
10:28:53.795 Initialize success
10:30:47.941 AVAST engine defs: 12030600
10:30:52.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:30:52.121 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
10:30:52.137 Disk 0 MBR read successfully
10:30:52.153 Disk 0 MBR scan
10:30:52.199 Disk 0 unknown MBR code
10:30:52.215 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
10:30:52.231 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
10:30:52.231 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 236544 MB offset 42149888
10:30:52.262 Disk 0 Partition - 00 0F Extended LBA 353354 MB offset 526592000
10:30:52.277 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 353353 MB offset 526594048
10:30:52.309 Disk 0 scanning C:\windows\system32\drivers
10:31:00.936 Service scanning
10:31:21.434 Modules scanning
10:31:21.434 Disk 0 trace - called modules:
10:31:21.450 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:31:21.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005eca060]
10:31:21.450 3 CLASSPNP.SYS[fffff88001a9b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800580f050]
10:31:22.526 AVAST engine scan C:\windows
10:31:25.880 AVAST engine scan C:\windows\system32
10:33:52.739 AVAST engine scan C:\windows\system32\drivers
10:34:01.677 AVAST engine scan C:\Users\Timeon
10:34:42.393 File: C:\Users\Timeon\AppData\Local\Microsoft\Toolbar\Applications\bingrewardsclient.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:34:42.815 File: C:\Users\Timeon\AppData\Local\Microsoft\Toolbar\BackUp\bingrewardsclient.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:37:04.713 File: C:\Users\Timeon\AppData\Local\Temp\Addons\CC42B9F0\mytools.exe **INFECTED** Win32:Ramnit-AC [Drp]
10:37:12.169 File: C:\Users\Timeon\AppData\Local\Temp\drm_dialogs.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:37:12.216 File: C:\Users\Timeon\AppData\Local\Temp\drm_dyndata_7350008.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:37:19.049 File: C:\Users\Timeon\AppData\Local\Temp\stubhelper.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:37:31.669 File: C:\Users\Timeon\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll **INFECTED** Win32:Ramnit-AC [Drp]
10:43:47.599 AVAST engine scan C:\ProgramData
10:44:25.866 Disk 0 MBR has been saved successfully to "C:\Users\Timeon\Desktop\MBR.dat"
10:44:25.866 The log file has been saved successfully to "C:\Users\Timeon\Desktop\aswMBR.txt"
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000005`06500000
Boot sector MD5 is: b056bbeee0e7c7054bd76bc96e85f56a

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
I'm afraid I have very bad news.

You're infected with Ramnit file infector virus.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
Click to expand...
Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).
Click to expand...


Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
 
I have a lot of important files (Uni thesis, correspondance, work etc.) is it possible to save them? Also how do I go about reformatting if my harddisk is partioned into C and D?
 
I have a lot of important files (Uni thesis, correspondance, work etc.) is it possible to save them?
Click to expand...
Yes, you can save your data but you have to scan all those files with your AV program after formatting and before putting them back.

Also how do I go about reformatting if my harddisk is partioned into C and D?
Click to expand...
I suggest you ask that question at Windows or hardware forum.

Also if amazon memorizes my credit details and my amazon password remembered by firefox is that a problem?
Click to expand...
I'm not exactly sure what is your question.
 
Is it safe to put the files on a portable harddrive and then reconnect it or is there another way I should do things?
Also can CD/DVDs be infected?
 
If you formatted the drive you don't have to worry about anything.

Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Download and install Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free.
Use it every couple of weeks.

Make sure, Windows Updates are current.

Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
 
You must log in or register to reply here.

Similar threads

Z
Windows Insiders can now use Sudo just like they do on Linux
Replies
3
Views
195
bviktor
B
midian182
Arm CEO says his fear that humans could lose control over AI keeps him up at night
Replies
7
Views
306
GodisanAtheist
GodisanAtheist
Z
Ubisoft is removing The Crew from libraries following shutdown, reigniting digital ownership debate
2
Replies
47
Views
399
ceasorlydell31
ceasorlydell31

Latest posts

Back