Solved Someone keeps entering my Yahoo email

[Christian Ellis]

I am not sure if this is a malware program I have inadvertantly got or if it is something with yahoo themselves. I have Avira Free antivirus Program and Spybot Search and destroy programs which I run regularly but they do not pick up anything. I do download quite a few mods for games so thinking If I did get something it would probably from one of them but always scan them before opening but guess you can never be 100% sure. I would be grateful if someone would be able to help out.

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

 

[Christian Ellis]

Well thanks for the info on the 5-step removal instructions, did a Full Malwarebytes system scan and it picked up a Trojan.agent on of course one of the mods I have. just going to keep an eye on the email and see if this has solved the problem, and then go to steps 3, 4 and 5 if it was not that one.

 

[Jay Pfoutz]

If you think you need more help, let me know. If you haven't responded in 5 days, this thread will become inactive.

 

[Christian Ellis]

Got emails now that have my email address on being sent to the same email, but checked the sent box and nothing strange there. not sure about this, its just weird, checked the email account but nothing seems to be out of the ordinary and checked the recent sign in activity on the account and noting there either but my location and ip address.

 

[Jay Pfoutz]

Still appears hacked?

 

[Christian Ellis]

I am really not 100% sure to be honest. doing another Malware scan and then going to try the last of the 5 steps and see if something is happening or not .

 

[Jay Pfoutz]

Okay. Let me know what happens...

 

[Christian Ellis]

Malware Bytes Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]

Protection: Enabled

13/07/2012 10:50:56
mbam-log-2012-07-13 (10-50-56).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 654889
Time elapsed: 2 hour(s), 8 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-13 13:37:23
Windows 6.1.7601 Service Pack 1
Running: 8cz6clv7.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x34 0x27 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x12 0x12 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x45 0xF2 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x34 0x27 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x12 0x12 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x45 0xF2 0x10 ...

---- EOF - GMER 1.0.15 ----


DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Chris at 13:38:36 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2024 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
E:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Desura] D:\Program Files (x86)\Desura\Desura.exe -autostart
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - D:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: tradedoubler.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4962F81B-6789-4BF6-923B-44908F0623BF} : NameServer = 10.203.129.68 10.203.129.68
TCP: Interfaces\{D00078E4-61A7-4279-AF55-7A4A51448C6A} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-30 8704]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-20 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-20 110032]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;D:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-10 44808]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-22 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
S3 ZTEusbwwan;ZTE MBN Miniport;C:\Windows\system32\DRIVERS\ZTEusbwwan.sys --> C:\Windows\system32\DRIVERS\ZTEusbwwan.sys [?]
.
=============== Created Last 30 ================
.
2012-07-13 07:43:26 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B04F0083-B0CE-4349-9F78-CEE851837AC7}\mpengine.dll
2012-07-13 07:40:53 -------- d-----w- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
2012-07-13 07:40:38 -------- d-----w- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
2012-07-12 10:33:31 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-07-12 07:32:58 -------- d-----w- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
2012-07-12 07:32:41 -------- d-----w- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}
2012-07-11 22:26:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:17:52 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 08:25:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-07-11 08:25:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 08:25:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-11 07:04:44 -------- d-----w- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
2012-07-11 07:04:32 -------- d-----w- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
2012-07-10 10:36:42 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-10 10:36:40 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-10 10:36:37 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-10 10:36:10 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-10 10:35:51 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-10 10:03:21 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-10 06:57:02 -------- d-----w- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
2012-07-10 06:56:47 -------- d-----w- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
2012-07-09 07:32:52 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-09 07:23:58 -------- d-----w- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
2012-07-09 07:23:45 -------- d-----w- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
2012-07-08 15:33:28 -------- d-----w- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
2012-07-08 15:33:17 -------- d-----w- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
2012-07-07 10:36:44 -------- d-----w- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
2012-07-07 10:36:34 -------- d-----w- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
2012-07-05 06:49:14 -------- d-----w- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
2012-07-05 06:49:03 -------- d-----w- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
2012-07-04 07:23:10 -------- d-----w- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
2012-07-04 07:22:59 -------- d-----w- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
2012-07-03 06:59:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
2012-07-02 07:32:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
2012-07-02 07:31:54 -------- d-----w- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
2012-07-01 14:29:50 -------- d-----w- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
2012-07-01 14:29:32 -------- d-----w- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
2012-06-30 10:17:18 -------- d-----w- C:\Users\Chris\AppData\Local\Chromium
2012-06-30 10:11:59 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-06-29 06:43:24 -------- d-----w- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
2012-06-29 06:43:14 -------- d-----w- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
2012-06-27 07:39:13 -------- d-----w- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
2012-06-26 08:09:48 -------- d-----w- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
2012-06-25 08:01:38 -------- d-----w- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
2012-06-25 08:01:28 -------- d-----w- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
2012-06-24 10:44:02 -------- d-----w- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
2012-06-24 10:43:51 -------- d-----w- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
2012-06-23 20:11:22 -------- d-----w- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
2012-06-23 20:11:11 -------- d-----w- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
2012-06-23 04:40:11 -------- d-----w- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
2012-06-23 04:39:54 -------- d-----w- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
2012-06-22 07:02:55 -------- d-----w- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
2012-06-22 07:02:42 -------- d-----w- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
2012-06-22 06:54:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 06:53:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 06:53:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 06:53:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 07:19:43 -------- d-----w- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
2012-06-21 07:19:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
2012-06-20 07:18:06 -------- d-----w- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
2012-06-20 07:17:55 -------- d-----w- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
2012-06-19 15:58:04 -------- d-----w- C:\Program Files\iPod
2012-06-19 15:58:03 -------- d-----w- C:\Program Files\iTunes
2012-06-19 15:58:03 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-19 08:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
2012-06-19 08:13:30 -------- d-----w- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
2012-06-18 08:07:00 -------- d-----w- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
2012-06-17 12:14:46 -------- d-----w- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
2012-06-16 20:12:02 -------- d-----w- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
2012-06-16 08:11:36 -------- d-----w- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
2012-06-15 06:48:48 -------- d-----w- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}
2012-06-14 07:25:19 -------- d-----w- C:\Users\Chris\AppData\Local\{10168BAA-03DC-4700-AB6A-72C5B60EE8BA}
2012-06-14 07:25:07 -------- d-----w- C:\Users\Chris\AppData\Local\{160BEC7E-A140-4B7D-9A5F-6678B26C1824}
.
==================== Find3M ====================
.
2012-07-12 08:56:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:56:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-09 07:32:44 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 18:09:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-04 18:09:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-04 18:09:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-19 18:36:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-08 11:12:43 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 13:39:24.70 ===============




Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/10/2010 14:19:44
System Uptime: 13/07/2012 08:38:10 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N68-AM Plus
Processor: AMD Phenom(tm) 9850 Quad-Core Processor | AM2 | 2511/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 489 GiB total, 350.852 GiB free.
D: is FIXED (NTFS) - 489 GiB total, 404.402 GiB free.
E: is FIXED (NTFS) - 885 GiB total, 657.686 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP459: 09/07/2012 08:31:55 - Installed Java(TM) 6 Update 33
RP460: 10/07/2012 07:59:37 - Windows Update
RP461: 10/07/2012 10:29:03 - Windows Update
RP462: 10/07/2012 11:02:46 - Installed HiJackThis
RP463: 10/07/2012 11:35:32 - avast! Free Antivirus Setup
RP465: 10/07/2012 14:04:09 - Windows Defender Checkpoint
RP466: 11/07/2012 23:19:06 - Windows Update
.
==== Installed Programs ======================
.
.
18 Wheels of Steel: Haulin'
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ArtMoney SE v7.38
Assassin's Creed
Assassin's Creed II
Audacity 2.0
avast! Free Antivirus
Avira Free Antivirus
Battlefield 2 Map - A.T.O.M.
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 3™
Battlefield 3™ Open Beta
Battlefield Play4Free
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent
Blacklight: Retribution
Burnout(TM) Paradise The Ultimate Box
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Cities XL - Limited Edition
CoH Desert Map Pack
Command & Conquer 3
Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
Company of Heroes
Company of Heroes - FAKEMSI
Curse Client
D3DX10
DAEMON Tools Toolbar
Dead Rising 2
Dead Space™ 2
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Manager 2.3.10
Driver San Francisco
Eastern Front
Empire: Total War
ESN Sonar
EVE Online (remove only)
Fallen Earth
Far Cry 2
FileZilla Client 3.5.1
Flashpoint uninstall
Free Mp3 Wma Converter V 2.2
GameSpy Arcade
Google Chrome
Google Earth
Google Update Helper
GPGNet
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
HaloRTS Alpha Demo 1.0
Hi-Rez Studios Authenticate and Update Service
HiJackThis
Homeworld2
Java Auto Updater
Java(TM) 6 Update 33
Malwarebytes Anti-Malware version 1.62.0.1300
Medal of Honor (TM)
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite Anniversary Edition
Microsoft Digital Image Suite Anniversary Edition Editor
Microsoft Digital Image Suite Anniversary Edition Library
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MIDEAST CRISIS 2 version R2
Moon Breakers
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed™ World
Nero 7 Essentials
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
oZone3D.Net FurMark v1.7.0
PeaZip 2.0
PunisherSiX for UT3 1.0
PunkBuster Services
QuickTime
RAD Video Tools
Realtek High Definition Audio Driver
Renegade-X v0.55 Beta
Rockstar Games Social Club
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
Saints Row: The Third
San Andreas Mod Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Six Updater
Sky Broadband
Skype Toolbars
Skype™ 4.1
Spotify
Spybot - Search & Destroy
Steam
Supreme Commander
Supreme Commander - Forged Alliance
swMSM
System Requirements Lab
TC
TeamSpeak 2 RC2
Test Drive Unlimited 2
The Moon Project Demo
TotalBF2 Map Pack 3
Trains and Trucks Tycoon
Tribes: Ascend
Tropico 3 1.00
TRS2006
Tycoon City - New York
Ubisoft Game Launcher
Uninstall MEC2
Unity Web Player
Unreal Tournament 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World in Conflict MW Mod 2.0.1
World in Conflict: Soviet Assault
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
13/07/2012 08:41:16, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
13/07/2012 08:41:16, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
13/07/2012 08:38:55, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: This driver has been blocked from loading
13/07/2012 08:38:55, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\lirsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

I have installed HiJack this program also if that would help as a refference after reading the steps and tips, have to be honest I am a big gamer and work on computers so know the basics but this sort of stuff kind of goes straight over my head. I appreciate the help

 

[Jay Pfoutz]

These fixes are all likely empty folders/files/GUIDs..but we'll fix them anyway...

Download OTL.exe by OldTimer to your Desktop.

• Copy the commands below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  :OTL
  2012-06-19 08:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
  2012-06-19 08:13:30 -------- d-----w- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
  2012-06-18 08:07:00 -------- d-----w- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
  2012-06-17 12:14:46 -------- d-----w- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
  2012-06-16 20:12:02 -------- d-----w- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
  2012-06-16 08:11:36 -------- d-----w- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
  2012-06-15 06:48:48 -------- d-----w- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}
  2012-06-14 07:25:19 -------- d-----w- C:\Users\Chris\AppData\Local\{10168BAA-03DC-4700-AB6A-72C5B60EE8BA}
  2012-06-14 07:25:07 -------- d-----w- C:\Users\Chris\AppData\Local\{160BEC7E-A140-4B7D-9A5F-6678B26C1824}
  2012-06-21 07:19:43 -------- d-----w- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
  2012-06-21 07:19:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
  2012-06-20 07:18:06 -------- d-----w- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
  2012-06-20 07:17:55 -------- d-----w- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
  2012-06-29 06:43:24 -------- d-----w- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
  2012-06-29 06:43:14 -------- d-----w- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
  2012-06-27 07:39:13 -------- d-----w- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
  2012-06-26 08:09:48 -------- d-----w- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
  2012-06-25 08:01:38 -------- d-----w- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
  2012-06-25 08:01:28 -------- d-----w- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
  2012-06-24 10:44:02 -------- d-----w- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
  2012-06-24 10:43:51 -------- d-----w- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
  2012-06-23 20:11:22 -------- d-----w- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
  2012-06-23 20:11:11 -------- d-----w- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
  2012-06-23 04:40:11 -------- d-----w- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
  2012-06-23 04:39:54 -------- d-----w- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
  2012-06-22 07:02:55 -------- d-----w- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
  2012-06-22 07:02:42 -------- d-----w- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
  2012-07-09 07:23:58 -------- d-----w- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
  2012-07-09 07:23:45 -------- d-----w- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
  2012-07-08 15:33:28 -------- d-----w- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
  2012-07-08 15:33:17 -------- d-----w- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
  2012-07-07 10:36:44 -------- d-----w- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
  2012-07-07 10:36:34 -------- d-----w- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
  2012-07-05 06:49:14 -------- d-----w- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
  2012-07-05 06:49:03 -------- d-----w- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
  2012-07-04 07:23:10 -------- d-----w- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
  2012-07-04 07:22:59 -------- d-----w- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
  2012-07-03 06:59:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
  2012-07-02 07:32:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
  2012-07-02 07:31:54 -------- d-----w- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
  2012-07-01 14:29:50 -------- d-----w- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
  2012-07-01 14:29:32 -------- d-----w- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
  2012-07-10 06:57:02 -------- d-----w- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
  2012-07-10 06:56:47 -------- d-----w- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
  2012-07-11 07:04:44 -------- d-----w- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
  2012-07-11 07:04:32 -------- d-----w- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
  2012-07-13 07:40:53 -------- d-----w- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
  2012-07-13 07:40:38 -------- d-----w- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
  2012-07-12 10:33:31 711240 ----a-w- C:\Windows\isRS-000.tmp
  2012-07-12 07:32:58 -------- d-----w- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
  2012-07-12 07:32:41 -------- d-----w- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}
  
  :commands
  [reboot]
  [emptytemp]
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
• Click the red Run Fix button.
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Then, press Quick Scan. A log will launch eventually, please post that in your next reply.
• Close OTL.exe

 

[Christian Ellis]

OTL Run:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 19660001 bytes
->Temporary Internet Files folder emptied: 618135191 bytes
->Java cache emptied: 429305 bytes
->FireFox cache emptied: 52673172 bytes
->Google Chrome cache emptied: 91045877 bytes
->Flash cache emptied: 471410346 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119649847 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,310.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07142012_131447

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\startupCache\startupCache.4.little not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_001_ not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_002_ not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_003_ not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\urlclassifier3.sqlite not found!
[2012/07/14 13:23:59 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

 

[Christian Ellis]

OTL Quick Scan:
OTL logfile created on: 14/07/2012 13:28:58 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 44.99% Memory free
8.00 Gb Paging File | 5.51 Gb Available in Paging File | 68.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.89 Gb Total Space | 352.83 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
Drive D: | 488.99 Gb Total Space | 404.40 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive E: | 885.03 Gb Total Space | 657.73 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/14 13:13:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012/07/12 09:56:27 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/27 17:31:18 | 001,192,664 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/06/20 08:17:14 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/20 09:01:15 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/05/19 19:36:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/05/08 12:12:42 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 12:12:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 12:12:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/21 02:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/12 09:56:26 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/27 17:31:18 | 001,192,664 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/06/20 08:17:14 | 020,313,384 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 08:17:11 | 001,099,576 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/20 08:17:11 | 000,895,312 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 08:17:11 | 000,190,776 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 08:17:11 | 000,123,192 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/21 02:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 09:56:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/06/20 08:17:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/19 19:36:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/08 12:12:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 12:12:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/08 12:12:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 12:12:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/04 07:07:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/19 15:42:30 | 000,233,472 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/04/19 15:42:28 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 02:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/03 13:57:38 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/03 13:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
DRV:64bit: - [2007/04/03 13:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
DRV:64bit: - [2007/04/03 13:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2010/10/07 19:55:57 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/07/04 08:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci)
DRV - [2003/07/04 08:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 9D 04 2F 9F F7 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.64.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/11 10:50:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 11:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 08:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 08:32:52 | 000,000,000 | ---D | M]

[2010/10/08 17:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/03/06 20:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\extensions
[2011/09/24 18:10:33 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\extensions\battlefieldplay4free@ea.com
[2012/07/09 08:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/25 14:08:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/09 08:32:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/10 11:36:19 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

[Christian Ellis]

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2010/10/22 13:24:32 | 000,423,309 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14590 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desura] D:\Program Files (x86)\Desura\Desura.exe -autostart File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork File not found
O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = D:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tradedoubler.com ([www] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4962F81B-6789-4BF6-923B-44908F0623BF}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00078E4-61A7-4279-AF55-7A4A51448C6A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 18:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{4f14f4cd-d6bc-11e0-832e-485b395a8334}\Shell - "" = AutoRun
O33 - MountPoints2\{4f14f4cd-d6bc-11e0-832e-485b395a8334}\Shell\AutoRun\command - "" = G:\SETUP.EXE -autorun
O33 - MountPoints2\{874049fc-d225-11df-a319-485b395a8334}\Shell - "" = AutoRun
O33 - MountPoints2\{874049fc-d225-11df-a319-485b395a8334}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aaeb8dcb-ccae-11df-9fd0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aaeb8dcb-ccae-11df-9fd0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/11/15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 13:14:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/14 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{88553B0D-0295-4E84-86D7-7C6A8DF94A13}
[2012/07/14 08:24:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0534AB49-29DF-4D92-8123-409C90C0DA88}
[2012/07/13 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
[2012/07/13 08:40:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
[2012/07/12 08:32:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
[2012/07/12 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}
[2012/07/11 09:25:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012/07/11 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/11 09:25:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/11 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
[2012/07/11 08:04:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
[2012/07/10 11:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/10 11:36:45 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/10 11:36:45 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/10 11:36:42 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/10 11:36:41 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/10 11:36:40 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/10 11:36:37 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/10 11:36:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/10 11:36:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/10 11:36:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/10 11:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/10 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/10 07:57:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
[2012/07/10 07:56:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
[2012/07/09 08:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/09 08:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/09 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
[2012/07/09 08:23:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
[2012/07/08 16:33:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
[2012/07/08 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
[2012/07/07 11:36:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
[2012/07/07 11:36:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
[2012/07/05 07:49:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
[2012/07/05 07:49:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
[2012/07/04 08:23:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
[2012/07/04 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
[2012/07/03 07:59:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
[2012/07/02 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
[2012/07/02 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
[2012/07/01 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
[2012/07/01 15:29:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
[2012/06/30 11:17:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Chromium
[2012/06/30 11:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/06/30 11:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/06/29 07:43:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
[2012/06/29 07:43:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
[2012/06/27 08:39:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
[2012/06/26 09:09:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
[2012/06/25 09:01:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
[2012/06/25 09:01:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
[2012/06/24 11:44:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
[2012/06/24 11:43:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
[2012/06/23 21:11:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
[2012/06/23 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
[2012/06/23 05:40:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
[2012/06/23 05:39:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
[2012/06/22 08:02:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
[2012/06/22 08:02:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
[2012/06/21 08:19:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
[2012/06/21 08:19:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
[2012/06/20 08:18:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
[2012/06/20 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
[2012/06/19 16:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/19 16:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/19 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/19 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/19 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
[2012/06/19 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
[2012/06/18 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
[2012/06/17 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
[2012/06/16 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
[2012/06/16 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
[2012/06/15 07:48:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}

========== Files - Modified Within 30 Days ==========

[2012/07/14 13:31:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 13:31:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 13:23:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/14 13:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/14 13:23:40 | 3220,566,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 13:20:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/14 12:56:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 12:39:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292920716-1066258704-1708500095-1000UA.job
[2012/07/14 08:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292920716-1066258704-1708500095-1000Core.job
[2012/07/12 18:41:14 | 000,002,401 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2012/07/12 11:33:31 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 08:30:08 | 000,403,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 11:36:46 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/10 11:36:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/10 11:03:21 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2012/07/04 19:09:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/04 19:09:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/04 19:09:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 20:47:13 | 000,744,006 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/01 20:47:13 | 000,640,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/01 20:47:13 | 000,115,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/19 16:59:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/07/11 09:25:05 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 11:36:46 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/10 11:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/10 11:03:21 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2012/06/19 16:59:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/01/20 17:07:32 | 000,386,560 | R--- | C] () -- C:\Windows\mss32.dll
[2012/01/20 17:06:55 | 000,194,560 | R--- | C] () -- C:\Windows\binkw32.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/05 16:37:00 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/08/09 11:27:45 | 000,748,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 11:09:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/10 19:21:50 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2011/06/10 19:21:50 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2011/06/10 19:21:49 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2011/03/08 00:58:45 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/03 11:41:41 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/12/27 16:47:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/12/27 16:47:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/11/14 14:18:07 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/10/25 14:13:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/19 17:06:26 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/07 19:57:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/10/07 19:55:00 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2010/10/07 19:31:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/07 19:31:37 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/10/07 19:31:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/01 10:50:35 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/09/30 14:11:45 | 000,020,933 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/09/30 14:11:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/30 14:11:08 | 000,015,861 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2012/04/29 20:32:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2011/12/14 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitTorrent
[2011/08/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/09/04 07:12:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2012/02/19 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DarknessII
[2011/12/13 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2012/04/29 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/08/03 10:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Need for Speed World
[2011/11/14 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2011/01/03 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Red Alert 3
[2012/05/02 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\six-updater
[2012/02/20 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\six-zsync
[2012/07/14 12:43:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2012/01/04 14:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2011/07/18 17:16:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tropico 3
[2012/02/20 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2012/05/20 09:08:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2011/09/10 13:05:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2010/10/07 16:49:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vodafone
[2012/02/28 17:13:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Youtube Downloader HD
[2012/04/15 08:09:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >

 

[Jay Pfoutz]

Well that fix half functioned. Oh brother. Well like I said, they're probably all empty anyway.

One more scan, then I think we can call it clean 99% sure...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[Christian Ellis]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9b441feabcb90449df820805232bc7f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-16 04:01:20
# local_time=2012-07-16 05:01:20 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 23349653 23349653 0 0
# compatibility_mode=5893 16776573 100 94 11591 94913082 0 0
# compatibility_mode=8192 67108863 100 0 165 165 0 0
# scanned=403566
# found=0
# cleaned=0
# scan_time=6448

 

[Jay Pfoutz]

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
• Ran OTC
• Ran TFC
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

 

[Christian Ellis]

I have done all the checks and I can see no threats on the system.

Security Check:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Antivirus Overkill

I notice that you are using more than one antivirus program.

• AVAST Antivirus
• Avira Desktop

This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
It is important that only ONE antivirus program is running realtime protection.
I strongly suggest you either (1) uninstall all but one antivirus program through Control Panel->Add or remove Programs,
OR (2) keep the programs, but leave all but one of them disabled most of the time.
You can still use them for scanning your computer.

Program Updates

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox. It will either have a button that says Check for Updates or Apply Update. Please click that button.

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[Christian Ellis]

Ok thank you very much for taking the time to help me in this situation I really appreciate it. I have the avast as the realtime virus program and the avira as just a scanner. I will get the updates for firefox and java done asap. Thanks again.

 

[Jay Pfoutz]

You're welcome! Marked as solved.