Sign in to follow this  
Followers 0
brachers

csrss.exe trojan.agent!

13 posts in this topic

Hello,

When I do a quick scan I always get these 3 things that come up.

A file and memory process called "csrss.exe" trojan agent.

Then a malware trace registry key.

I then continue to delete using malwarebytes however upon reboot the same 3 things pop up again. It's really starting to worry me.

Here is the log from malwarebytes quick scan.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.03

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Matt :: MATT-PC [administrator]

19/02/2012 00:02:32

mbam-log-2012-02-19 (00-10-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231023

Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Detected: 1

C:\Users\Matt\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 6028 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Matt\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.

(end)

If anyone could please help I would be very grateful.

Share this post


Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.

icon11.gif Download GMER Rootkit Scanner from here to your desktop.

  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    GMER_thumb.jpg
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish.

    [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode

Please include the following in your next post:

  • OTL.txt and Extras.txt logs
  • GMER log

Share this post


Link to post
Share on other sites

Thank you very much for replying and offering your help, I have done the scans however with the GMER scan it would only tick "services, registry and files".

Here are the logs:

OTL logfile created on: 19/02/2012 11:32:26 - Run 1

OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Matt\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.95% Memory free

7.99 Gb Paging File | 6.30 Gb Available in Paging File | 78.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.27 Gb Total Space | 133.36 Gb Free Space | 46.58% Space Free | Partition Type: NTFS

Drive G: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/19 11:29:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe

PRC - [2012/02/07 13:18:30 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2011/12/09 19:06:18 | 000,513,200 | ---- | M] (Boxore OU) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2011/01/18 15:06:42 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/03/07 16:31:08 | 001,611,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe

PRC - [2010/03/07 16:31:08 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

PRC - [2010/02/07 01:23:52 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/30 11:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2009/08/22 03:49:04 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/08/21 00:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009/08/21 00:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009/08/07 09:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2009/08/07 09:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009/08/04 21:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009/08/04 20:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2009/07/31 16:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2009/06/10 21:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Matt\AppData\Local\Temp\csrss.exe

PRC - [2009/06/05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009/01/08 13:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Matt\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/03/14 23:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

========== Modules (No Company Name) ==========

MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/02/03 00:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/05 20:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)

SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/02 21:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/03/28 02:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2012/02/07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/06 02:02:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/12/09 16:15:21 | 000,138,416 | ---- | M] (Boxore OU.) [Auto | Stopped] -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe -- (supdate) Software Update Service (supdate)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/07 16:31:08 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)

SRV - [2010/02/07 01:23:52 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/21 00:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/08/07 09:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2008/09/02 01:37:42 | 000,262,144 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)

SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)

SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009/12/17 22:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/12/08 01:34:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/12/04 00:35:14 | 000,020,992 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2009/10/20 18:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/02 21:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/20 11:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/06/20 02:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)

DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 20:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/05 00:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/25 03:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/14 16:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/07 01:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/03/14 05:56:46 | 000,073,136 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2007/10/05 19:29:00 | 000,170,880 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EC168x64.sys -- (EC168x64)

DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5738&r=27361109d526l03c8z1h5t4751v67q

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5738&r=27361109d526l03c8z1h5t4751v67q

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5738&r=27361109d526l03c8z1h5t4751v67q

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5738&r=27361109d526l03c8z1h5t4751v67q

IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5738&r=27361109d526l03c8z1h5t4751v67q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=14196

IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.kodak.com:81/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {F0E1168A-B4B5-484C-B77E-0D28E6B64096}:1.0

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {193d7001-bd9f-48c2-b5c7-69775aa2201d}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {3ff85be0-5078-41bd-810f-882d79bb362b}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {6c2c8df7-18c9-433f-9359-29c00d3577e0}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=20&systemid=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\firefox\ File not found

FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.65227: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8: C:\Program Files (x86)\Software\Update\1.2.195.0\npSoftwareOneClick8.dll (Boxore OU.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Matt\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll ( )

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Matt\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Matt\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 10:03:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 00:40:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 21:06:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/02 13:28:50 | 000,000,000 | ---D | M]

[2011/08/05 14:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions

[2009/11/17 12:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2012/02/14 22:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions

[2012/01/10 21:05:05 | 000,000,000 | ---D | M] (Plusmedia uk Community Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}

[2012/01/10 21:05:03 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2012/02/14 22:17:54 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011/04/05 07:58:48 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\battlefieldplay4free@ea.com

[2011/05/14 22:40:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\engine@conduit.com

[2010/08/29 02:54:18 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\firefox@tvunetworks.com

[2010/08/21 15:36:54 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\extensions\vshare@toolbar

[2011/08/05 12:39:37 | 000,002,571 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\searchplugins\askcom.xml

[2011/10/20 16:39:33 | 000,003,739 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\searchplugins\avg-secure-search.xml

[2011/06/24 15:18:33 | 000,002,119 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\waa8kif5.default\searchplugins\MFGSearch.xml

[2012/02/18 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/10/22 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

[2012/02/10 00:40:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WAA8KIF5.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI

() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WAA8KIF5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/02/17 21:06:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/01/08 21:05:01 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/01/08 21:05:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/08 21:05:01 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/01/08 21:05:01 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/01/08 21:05:01 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Matt\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll

CHR - plugin: Software Update (Enabled) = C:\Program Files (x86)\Software\Update\1.2.195.0\npSoftwareOneClick8.dll

CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll

CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Matt\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Matt\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: AVG Safe Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (Boxore OU)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Adobe Flash] C:\Users\Matt\AppData\Local\Temp\adobe.exe (Adobe Inc)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Java] C:\Users\Matt\AppData\Local\Temp\java.exe File not found

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Matt\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKCU..\Run: [speedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found

O8 - Extra context menu item: &Search - Reg Error: Value error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5E83A15-B7D1-4698-A204-F4E72D0D41E2}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7ECC77D-B200-4E51-9E81-45D502A8E31B}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/16 12:57:50 | 000,000,154 | R--- | M] () - G:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2010/10/05 14:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - G:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 13:26:42 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{0528c727-e39b-11de-982c-001f16c4f418}\Shell - "" = AutoRun

O33 - MountPoints2\{0528c727-e39b-11de-982c-001f16c4f418}\Shell\AutoRun\command - "" = E:\autorun.exe

O33 - MountPoints2\{64d6cc2a-0c22-11df-8590-001f16c4f418}\Shell - "" = AutoRun

O33 - MountPoints2\{64d6cc2a-0c22-11df-8590-001f16c4f418}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{9621c1f5-0bde-11df-96fd-001f16c4f418}\Shell - "" = AutoRun

O33 - MountPoints2\{9621c1f5-0bde-11df-96fd-001f16c4f418}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2010/10/05 14:53:16 | 000,214,344 | R--- | M] (Sports Interactive)

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B2D9FE1D-DCCA-4F9B-85F2-F62B362BCF88}

[2012/02/19 11:24:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0F3CB4C3-62C6-4836-BE94-E081504B6CF3}

[2012/02/18 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{DE627687-8D41-49F4-893A-1C359491E080}

[2012/02/18 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E7BF9FEC-E5AB-4866-84F3-48E5D0BE0AD4}

[2012/02/18 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

[2012/02/18 10:44:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes

[2012/02/18 10:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/18 10:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/18 10:44:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/18 10:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/18 10:18:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{DCBDE5F8-81BB-4E2A-8F5E-50B0599FBCBD}

[2012/02/18 10:18:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A812A403-203A-4C28-B80F-BA172B30FB3F}

[2012/02/17 18:04:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{03B452E2-87FE-49C2-86A2-942601C06961}

[2012/02/17 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{11B6785E-7803-4BA4-BDB0-8398DA536DDF}

[2012/02/17 00:34:47 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Matt\AppData\Roaming\nooooooob.exe

[2012/02/16 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{7B0EF33D-7539-4392-887B-985B24ECEFC1}

[2012/02/16 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D4FFA03B-E90D-4BD1-9962-1A8830F7C778}

[2012/02/16 11:24:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F498547E-4EFC-444C-BB54-324A99EC6A37}

[2012/02/16 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FE4DF382-32AE-4833-A0A4-E05AD0E89223}

[2012/02/16 02:15:22 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/02/16 02:14:22 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/02/16 02:14:22 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/02/16 02:13:37 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/02/16 02:13:13 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/02/16 02:13:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/02/16 02:13:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/02/16 02:13:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/02/16 02:13:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/02/16 02:13:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/02/16 02:13:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/02/16 02:13:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/02/16 02:13:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/02/16 02:13:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/02/16 02:13:09 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/02/16 02:13:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/02/16 02:13:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/02/16 02:13:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/02/16 02:13:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/02/15 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{14DB4A49-917B-4B0F-BBFB-10C5FE2C4D76}

[2012/02/15 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D5CA09ED-678B-4510-83C1-9E8004674021}

[2012/02/15 00:27:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4B782367-C250-409F-B87C-46A45797819F}

[2012/02/15 00:26:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{2DA06FF9-B2FB-499E-ADDB-E981590BF96A}

[2012/02/14 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A2837308-3130-4475-BB60-38A62D6C20E0}

[2012/02/14 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5063C17E-0C47-4A24-9D5A-7221AB716266}

[2012/02/14 00:08:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C3D15AFB-3F4E-4FBB-8F20-E4229A460F9C}

[2012/02/14 00:08:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{18760A24-AAF4-4742-9972-57FB9C3A216E}

[2012/02/13 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1899C487-E983-4665-9090-FCD15048B74B}

[2012/02/13 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B3FDE776-D90C-4107-8ED4-12809449DA6C}

[2012/02/12 17:44:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A8BD1463-F9EF-4A89-AB46-6394368E4FAD}

[2012/02/12 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B0056738-5B38-4F48-A81A-ED596111438A}

[2012/02/11 17:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/02/11 17:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/02/11 15:04:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{14D91778-3E35-458D-A074-78C284BC498D}

[2012/02/11 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{43567085-A87E-4F23-BEC6-4E8C6605B370}

[2012/02/10 20:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2012/02/10 16:53:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9599AA83-4F32-4724-B0EA-5BA075035196}

[2012/02/10 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1B97EA00-3742-40E7-9046-C57FDB834904}

[2012/02/10 03:37:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan

[2012/02/10 03:37:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64

[2012/02/10 03:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan

[2012/02/10 03:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/02/10 03:37:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0306010.00B

[2012/02/10 03:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2012/02/10 03:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2012/02/10 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\DDMSettings

[2012/02/10 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\DivX

[2012/02/10 00:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2012/02/10 00:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2012/02/10 00:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2012/02/10 00:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2012/02/10 00:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

[2012/02/09 11:32:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B122F659-45FD-4BF0-9861-4E15DD96F71A}

[2012/02/09 11:32:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{CF8381F0-CB16-4941-8CC8-D5099821F3A2}

[2012/02/08 23:31:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{12905435-815E-487D-8B81-3D1A3E000BDB}

[2012/02/08 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EDEC997A-3902-408D-B187-66B5E0257990}

[2012/02/08 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{87F0E4BC-EBC4-474D-8FA3-EE6C1EF346C4}

[2012/02/08 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C218D0AC-B112-4576-8C39-37BBF85EE748}

[2012/02/07 22:35:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E194E84F-B367-4130-BDDA-514B091CA97A}

[2012/02/07 22:35:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{60A825DD-B8B5-483A-8DC9-F0532A16FE23}

[2012/02/07 02:59:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4B7A897A-3BE8-4D21-923F-7D2272968460}

[2012/02/07 02:59:17 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{38439BC3-A070-480B-8C7A-EF2DE7278280}

[2012/02/06 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{50C27E9B-86EC-4705-B5AD-11F6170450B8}

[2012/02/06 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AD425512-53C0-4F49-8197-1408A1E64769}

[2012/02/06 02:12:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C35F7076-9BF3-49F1-8E74-82A425F149FE}

[2012/02/06 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{26B1FDFF-7F0E-474C-804E-B6F5D0877BC1}

[2012/02/05 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{45D3C742-7128-476D-880C-7AFA2559FE6E}

[2012/02/04 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EA55C242-4BDF-438A-A2CD-E0B664089551}

[2012/02/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8F4EB113-8719-4D52-A9D3-FCD64069AB71}

[2012/02/03 23:42:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9B7FD359-8D04-43EE-A6C1-539CBE391D32}

[2012/02/03 23:41:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C969AD93-1A1F-428A-BABA-14F4D2C9F5A9}

[2012/02/03 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8AC93D7B-F051-40B1-8217-614E07460AAD}

[2012/02/03 11:39:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{CB757EB4-0BA6-4A8E-ACEC-124AF3A5FA6B}

[2012/02/03 02:23:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Skype

[2012/02/03 02:23:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/02/03 02:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/02/03 02:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/02/03 02:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/02/02 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1D0F98C8-F1A0-4ED7-B64F-82F071D64734}

[2012/02/02 23:01:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B2B21FAE-4C45-4403-A53D-5B1B3FFFBC2B}

[2012/02/02 11:00:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F9768B53-9F83-4496-8068-4DCABD265B01}

[2012/02/02 11:00:13 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0677F68E-AD0A-4BD5-AAAC-2D64DEE1C59D}

[2012/02/01 22:59:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AA4F341E-4C75-4BD5-9C50-218C98A83297}

[2012/02/01 22:58:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{99BD6C3B-742A-46F5-9CF4-909EDA607E5A}

[2012/02/01 10:57:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3DF5CD46-84A3-479C-8015-DDE7FCBC51FA}

[2012/02/01 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{38868935-F352-47DB-9900-CD41D61A72D3}

[2012/01/31 15:07:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{116088D9-BF12-41CA-92CD-0B6888B644D3}

[2012/01/31 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EC45ED5D-C3EE-4F21-BBF3-5E2C3216BF24}

[2012/01/31 02:16:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6065E7EC-81C7-44A6-9C97-7AB829B5C0A9}

[2012/01/31 02:15:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F2474C88-361B-4F7C-AC61-C512B697DAB2}

[2012/01/30 14:15:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{DF7035EC-F2F5-48A7-ADC7-FA510CE1DA19}

[2012/01/30 14:14:37 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4BCA00F6-52F6-46DF-9AD8-1EDE0E51A9C7}

[2012/01/30 02:14:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9353ABB3-BCE3-4EF8-847E-E26CFFE026D8}

[2012/01/30 02:13:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F7743DE9-EA7B-4BF4-95A7-0045A44F08E6}

[2012/01/29 14:12:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6025E82D-24F4-44E1-ABAF-45E0B7CDB9C9}

[2012/01/29 14:12:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1545D486-90B1-48BA-A20D-50D6459BCF5D}

[2012/01/29 00:33:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6F774E02-5AE8-406B-8EE7-BDBAD0D72460}

[2012/01/29 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{88B89E9A-E5F6-40AD-B32B-B24570D05834}

[2012/01/27 16:21:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B2E7CC8B-F400-43B6-B41D-A984BD7B68EF}

[2012/01/27 16:21:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F78AA857-C058-458C-85A9-C664ECA50085}

[2012/01/27 04:20:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{7715BB26-8405-4382-9AA6-C8973E912FE3}

[2012/01/27 04:19:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A74984A5-038B-4F7E-979F-2462EDC80FA7}

[2012/01/26 16:19:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{70613076-F6CA-4A63-B251-4B24ABF9CB6C}

[2012/01/26 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{87614110-7AE7-4DBD-A570-7ADF44E932F7}

[2012/01/26 04:17:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{25681996-8AA5-4F71-BDE7-0982BAEBF106}

[2012/01/26 04:17:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C1946B67-B984-446A-BA27-A7EEE4DF2E1C}

[2012/01/25 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{2D1E1794-3E1E-412E-A0ED-9C554779D703}

[2012/01/25 16:15:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4E393F14-2CBC-45D7-B6E3-37B95645F17A}

[2012/01/25 13:03:01 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/01/25 13:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/01/25 12:50:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9B1015CC-7919-4EB4-A427-CC3327BDF879}

[2012/01/25 12:49:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{987F3116-ADF9-4395-8DB6-BAFAA951EB6F}

[2012/01/24 23:14:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{7B6BE3E9-14DB-431A-B934-A67542DE065E}

[2012/01/24 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{55F5CE22-49BC-489E-98E6-2E3D6A732587}

[2012/01/24 02:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/01/24 02:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/01/24 02:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/01/24 02:20:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AC2DE9DD-BB3F-4813-AD69-BDFA0CACDB2C}

[2012/01/24 02:20:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{BFA58752-F7CB-4A69-9E42-532EA3454FD4}

[2012/01/24 02:08:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EA6052E0-1098-4FE0-BAE8-1AB900E63AE5}

[2012/01/23 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E9C41AC6-66F6-476F-8A29-1C2544192129}

[2012/01/23 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A9A4D5CB-4B38-4903-A973-FB1330EBDA2E}

[2012/01/23 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{CB179DA1-95F1-4708-89CB-190D6379C9AE}

[2012/01/23 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B6525887-D59C-412F-930F-3F5FA60D8219}

[2012/01/23 15:47:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{28A8D51F-03CC-4B65-9664-D08EE720E364}

[2012/01/23 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{810FEC40-AB62-46D5-8CE1-F9E944CC1EEF}

[2012/01/22 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C2EDF930-FC81-4526-8EF9-BFBD0FEFCDDE}

[2012/01/22 23:16:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B6FC2270-1B5C-4693-8727-C0D3009FCFFD}

[2012/01/22 12:52:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{54FD8CB2-1EB8-4E13-AF0B-71C48727F5FA}

[2012/01/22 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{BB73D9C2-2B20-47ED-BC93-6732E7804E25}

[2012/01/22 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{138BDF5C-48CC-448F-A6C1-ED2139484ABA}

[2012/01/22 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{48ED4DB6-0611-4875-A7A1-1CB25C7F642F}

[2012/01/22 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1DE53884-C20D-4A61-AB01-5471AAB6BAA5}

[2012/01/21 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FFC75CDC-7BDF-4336-9C32-E48FB5CEF774}

[2012/01/21 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{367BD9FB-2E08-468E-921B-C2D47CEF6B24}

[2012/01/21 11:16:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F8B9DE35-F1D6-4917-9EBB-90AF695DF090}

[2012/01/21 11:16:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{992700B4-6888-4290-8226-675F02332763}

[2012/01/21 07:42:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3E69B05C-0C3F-473C-A883-BEED269D7AE8}

[2012/01/21 07:41:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EC953064-BE81-4004-B587-5149D9ECF948}

[2012/01/20 23:05:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{DDFF35BE-876D-46DE-885A-04D96C6069C1}

[2012/01/20 23:04:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5DB93EDC-26D5-480F-9A7F-E542334177B6}

[2012/01/20 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{DBD30CC0-220C-400F-BDE5-6D897F48394C}

[2012/01/20 18:41:57 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A752D583-65A0-4744-BED6-5EA2FB2E86C5}

[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/19 11:29:59 | 089,457,073 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2012/02/19 11:24:15 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140921106-596118324-3060624760-1001UA.job

[2012/02/19 11:24:14 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineUA.job

[2012/02/19 11:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/18 22:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140921106-596118324-3060624760-1001Core.job

[2012/02/18 21:30:58 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/18 21:30:58 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/18 21:23:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineCore.job

[2012/02/18 21:22:29 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/18 10:44:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/18 10:16:55 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll

[2012/02/18 10:16:20 | 543,350,000 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/02/18 10:03:00 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Matt.job

[2012/02/17 13:39:46 | 000,000,040 | ---- | M] () -- C:\Users\Matt\jagex_cl_runescape_LIVE.dat

[2012/02/16 16:56:32 | 000,002,395 | ---- | M] () -- C:\Users\Matt\Desktop\Google Chrome.lnk

[2012/02/16 13:14:43 | 000,001,147 | ---- | M] () -- C:\Users\Matt\Desktop\Core Temp - Shortcut.lnk

[2012/02/16 03:37:58 | 000,426,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/16 03:13:31 | 000,789,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/16 03:13:31 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/16 03:13:31 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/15 21:12:14 | 000,001,867 | ---- | M] () -- C:\Users\Matt\Desktop\Yawcam.lnk

[2012/02/13 17:43:20 | 000,537,357 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjg.avm

[2012/02/03 02:23:10 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/02/01 15:55:10 | 000,002,048 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/02/01 10:03:25 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/01/26 21:44:31 | 000,788,548 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 10:44:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 13:14:43 | 000,001,147 | ---- | C] () -- C:\Users\Matt\Desktop\Core Temp - Shortcut.lnk

[2012/02/15 21:12:14 | 000,001,867 | ---- | C] () -- C:\Users\Matt\Desktop\Yawcam.lnk

[2012/02/10 03:37:36 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Matt.job

[2012/02/10 03:37:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0306010.00B\isolate.ini

[2012/02/03 02:23:10 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/07/31 23:52:42 | 000,000,111 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\RSBuddy_brachers.ini

[2011/05/31 21:55:21 | 000,000,070 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\RSBot_Accounts.ini

[2011/05/23 12:46:54 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini

[2011/05/22 18:54:50 | 000,788,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/13 23:21:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/05/13 23:21:32 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/04/10 22:21:44 | 000,017,408 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/08 16:40:10 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe

[2010/03/08 16:40:10 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe

========== Custom Scans ==========

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction

[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction

[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction

[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction

[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction

[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction

[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction

[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction

[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction

[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction

[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction

[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction

[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation

@Alternate Data Stream - 124 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 19/02/2012 11:32:26 - Run 1

OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Matt\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 58.95% Memory free

7.99 Gb Paging File | 6.30 Gb Available in Paging File | 78.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.27 Gb Total Space | 133.36 Gb Free Space | 46.58% Space Free | Partition Type: NTFS

Drive G: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Users\Matt\AppData\Roaming\nooooooob.exe" = C:\Users\Matt\AppData\Roaming\nooooooob.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

"C:\Users\Matt\AppData\Local\Temp\csrss.exe" = C:\Users\Matt\AppData\Local\Temp\csrss.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

"C:\Users\Matt\AppData\Roaming\nooooooob.exe" = C:\Users\Matt\AppData\Roaming\nooooooob.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

"C:\Users\Matt\AppData\Local\Temp\csrss.exe" = C:\Users\Matt\AppData\Local\Temp\csrss.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java 6 Update 25 (64-bit)

"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64

"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support

"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs

"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java SE Development Kit 6 Update 25 (64-bit)

"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes

"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour

"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012

"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

"AVG" = AVG 2012

"EPSON Stylus S20 Series" = EPSON Stylus S20 Series Printer Uninstall

"LSI Soft Modem" = LSI HDA Modem

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy

"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}" = FMRTE

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 26

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{466D379F-D2A4-4F9B-86E2-E2CBA6056D87}" = KODAK Share Button App

"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58AB24F7-9A4A-4573-B9CE-58AF961E173B}" = Boxore Client

"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian

"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam

"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2

"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista

"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.7

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese

"{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver

"{A2770F50-89C7-433E-8E19-7148B21172EB}" = RESIDENT EVIL 5 Benchmark Version

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B1AFB194-4577-4A33-9815-49845F8F42E9}" = Playstation 2 Emulator 1.00.48

"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek

"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish

"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai

"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing

"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard

"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish

"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"Cain & Abel v4.9.35" = Cain & Abel v4.9.35

"CamStudio" = CamStudio

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"conduitEngine" = Conduit Engine

"DivX Setup" = DivX Setup

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Football Manager 2010" = Football Manager 2010

"Football Manager 2011" = Football Manager 2011

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"hon" = Heroes of Newerth

"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"LManager" = Launch Manager

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"MediaPortal" = MediaPortal

"Messenger Plus! Live" = Messenger Plus! Live

"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)

"NetTools_is1" = NetTools 5.0

"Notepad++" = Notepad++

"NSS" = Norton Security Scan

"OnLive" = OnLive

"Origin" = Origin

"PlayerPlus" = PlayerPlus

"Plusmedia_uk Toolbar" = Plusmedia_uk Toolbar

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"SopCast" = SopCast 3.2.4

"SpeedBit Video Accelerator" = SpeedBit Video Accelerator

"Steam App 105600" = Terraria

"Steam App 1250" = Killing Floor

"Steam App 13140" = America's Army 3

"Steam App 440" = Team Fortress 2

"Steam App 630" = Alien Swarm

"Steam App 71270" = Football Manager 2012

"TVUPlayer" = TVUPlayer 2.5.3.1

"uTorrent" = µTorrent

"Veetle TV" = Veetle TV 0.9.18

"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar

"VirtualCloneDrive" = VirtualCloneDrive

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 3.0

"Xvid Video Codec 1.3.1" = Xvid Video Codec

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"Octoshape Streaming Services" = Octoshape Streaming Services

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 26/01/2012 02:06:33 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 27/01/2012 08:56:06 | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 28/01/2012 08:01:29 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/01/2012 08:01:29 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 28/01/2012 08:01:29 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 29/01/2012 16:05:42 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/01/2012 16:05:42 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1201

Error - 29/01/2012 16:05:42 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

Error - 29/01/2012 16:05:43 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/01/2012 16:05:43 | Computer Name = Matt-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2231

[ System Events ]

Error - 18/02/2012 16:53:24 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000

Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to

the following error: %%2

Error - 18/02/2012 16:53:38 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000

Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to

the following error: %%2

Error - 18/02/2012 16:53:38 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000

Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to

the following error: %%2

Error - 18/02/2012 16:53:42 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000

Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to

the following error: %%2

Error - 18/02/2012 16:53:42 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000

Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to

the following error: %%2

Error - 18/02/2012 17:03:48 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034

Description = The PinnacleUpdate Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 18/02/2012 17:20:33 | Computer Name = Matt-PC | Source = BROWSER | ID = 8032

Description =

Error - 18/02/2012 17:23:20 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034

Description = The PinnacleUpdate Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 18/02/2012 17:39:39 | Computer Name = Matt-PC | Source = BROWSER | ID = 8032

Description =

Error - 19/02/2012 07:24:11 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034

Description = The VideoAcceleratorService service terminated unexpectedly. It has

done this 1 time(s).

< End of report >

Share this post


Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-19 12:15:17

Windows 6.1.7600

Running: jjnzsjqf.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x68 0x78 0x83 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x04 0xD6 0xDB ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6A 0xD5 0x7D 0x36 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA3 0x68 0x78 0x83 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x04 0xD6 0xDB ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6A 0xD5 0x7D 0x36 ...

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Matt\Documents\Playstation 2\\xa9PS2\xae (BIOS) Emulator\Click-2UPS2Emulator.exe 1

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Please do this next:

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • ComboFix log

Share this post


Link to post
Share on other sites

Hi, I disabled my AVG and attempted to run combofix. After a few seconds of it running I went to a blue screen and the system crashed leading to a restart.

Share this post


Link to post
Share on other sites

OK, do this next:

icon11.gif Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - [2009/06/10 21:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Matt\AppData\Local\Temp\csrss.exe
    [2012/02/17 00:34:47 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Matt\AppData\Roaming\nooooooob.exe
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\Matt\AppData\Roaming\nooooooob.exe" = -
    "C:\Users\Matt\AppData\Local\Temp\csrss.exe" = -
    "C:\Users\Matt\AppData\Roaming\nooooooob.exe" = -
    "C:\Users\Matt\AppData\Local\Temp\csrss.exe" = -
    :Files
    C:\Users\Matt\AppData\Local\Temp\csrss.exe
    :Commands
    [ClearAllRestorePoints]
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • OTL Fix log
  • MBAM log

Share this post


Link to post
Share on other sites

Hello again, I attempted to run the fix in OTL but after a few seconds that put my laptop to a blue screen and reset the system so it basically crashed. Therefore I couldn't obtain a log.

Share this post


Link to post
Share on other sites

ok thanks safe mode worked.

Here are the two logs and the Csrss.exe trojan agent wasnt coming up anymore!

All processes killed

========== OTL ==========

No active process named csrss.exe was found!

C:\Users\Matt\AppData\Roaming\nooooooob.exe moved successfully.

ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\nooooooob.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\csrss.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Roaming\nooooooob.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Matt\AppData\Local\Temp\csrss.exe not found.

========== FILES ==========

C:\Users\Matt\AppData\Local\Temp\csrss.exe moved successfully.

========== COMMANDS ==========

Error creating restore point.

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default

User: Default User

User: Kirsty

->Flash cache emptied: 1189 bytes

User: Matt

->Flash cache emptied: 361388 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Kirsty

->Temp folder emptied: 4119760 bytes

->Temporary Internet Files folder emptied: 74997565 bytes

->Flash cache emptied: 0 bytes

User: Matt

->Temp folder emptied: 3909949598 bytes

->Temporary Internet Files folder emptied: 327057116 bytes

->Java cache emptied: 68357351 bytes

->FireFox cache emptied: 167961685 bytes

->Google Chrome cache emptied: 383054931 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 430952032 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 8677448 bytes

Total Files Cleaned = 5,126.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.0 log created on 02202012_134922

Files\Folders moved on Reboot...

C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.20.02

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Matt :: MATT-PC [administrator]

20/02/2012 14:00:48

mbam-log-2012-02-20 (14-00-48).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 436420

Time elapsed: 1 hour(s), 16 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Great! How is the computer running now? Please do this next:

icon11.gifYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files Window[*]Click OK to leave the Java Control Panel.

icon11.gif Please go to here to run an online scan with ESET.


    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Click Scan

[*]Wait for the scan to finish

[*]If any threats were found, click the 'List of found threats' , then click Export to text file....

[*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

  • How is the computer running now?
  • ESET log

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.