TechSpot

Someone keeps entering my Yahoo email

By Christian Ellis
Jul 10, 2012
  1. I am not sure if this is a malware program I have inadvertantly got or if it is something with yahoo themselves. I have Avira Free antivirus Program and Spybot Search and destroy programs which I run regularly but they do not pick up anything. I do download quite a few mods for games so thinking If I did get something it would probably from one of them but always scan them before opening but guess you can never be 100% sure. I would be grateful if someone would be able to help out.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.
     
  3. Christian Ellis

    Christian Ellis TS Member Topic Starter

    Well thanks for the info on the 5-step removal instructions, did a Full Malwarebytes system scan and it picked up a Trojan.agent on of course one of the mods I have. just going to keep an eye on the email and see if this has solved the problem, and then go to steps 3, 4 and 5 if it was not that one.
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    If you think you need more help, let me know. If you haven't responded in 5 days, this thread will become inactive.
     
  5. Christian Ellis

    Christian Ellis TS Member Topic Starter

    Got emails now that have my email address on being sent to the same email, but checked the sent box and nothing strange there. not sure about this, its just weird, checked the email account but nothing seems to be out of the ordinary and checked the recent sign in activity on the account and noting there either but my location and ip address.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Still appears hacked?
     
  7. Christian Ellis

    Christian Ellis TS Member Topic Starter

    I am really not 100% sure to be honest. doing another Malware scan and then going to try the last of the 5 steps and see if something is happening or not .
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. Let me know what happens...
     
  9. Christian Ellis

    Christian Ellis TS Member Topic Starter

    Malware Bytes Log:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.13.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: CHRIS-PC [administrator]

    Protection: Enabled

    13/07/2012 10:50:56
    mbam-log-2012-07-13 (10-50-56).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 654889
    Time elapsed: 2 hour(s), 8 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)


    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-13 13:37:23
    Windows 6.1.7601 Service Pack 1
    Running: 8cz6clv7.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x34 0x27 0x56 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x12 0x12 0x9F ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x45 0xF2 0x10 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x34 0x27 0x56 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x12 0x12 0x9F ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x45 0xF2 0x10 ...

    ---- EOF - GMER 1.0.15 ----


    DDS.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by Chris at 13:38:36 on 2012-07-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2024 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    D:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    E:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    D:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    E:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    uRun: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
    uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Desura] D:\Program Files (x86)\Desura\Desura.exe -autostart
    uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - D:\Program Files (x86)\Xfire\Xfire.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: tradedoubler.com\www
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{4962F81B-6789-4BF6-923B-44908F0623BF} : NameServer = 10.203.129.68 10.203.129.68
    TCP: Interfaces\{D00078E4-61A7-4279-AF55-7A4A51448C6A} : DhcpNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-30 8704]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-20 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-20 110032]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;D:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-10 44808]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-22 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
    S3 ZTEusbwwan;ZTE MBN Miniport;C:\Windows\system32\DRIVERS\ZTEusbwwan.sys --> C:\Windows\system32\DRIVERS\ZTEusbwwan.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-13 07:43:26 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B04F0083-B0CE-4349-9F78-CEE851837AC7}\mpengine.dll
    2012-07-13 07:40:53 -------- d-----w- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
    2012-07-13 07:40:38 -------- d-----w- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
    2012-07-12 10:33:31 711240 ----a-w- C:\Windows\isRS-000.tmp
    2012-07-12 07:32:58 -------- d-----w- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
    2012-07-12 07:32:41 -------- d-----w- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}
    2012-07-11 22:26:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 19:17:52 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 08:25:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
    2012-07-11 08:25:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-11 08:25:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-11 07:04:44 -------- d-----w- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
    2012-07-11 07:04:32 -------- d-----w- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
    2012-07-10 10:36:42 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-10 10:36:40 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-07-10 10:36:37 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-10 10:36:10 41224 ----a-w- C:\Windows\avastSS.scr
    2012-07-10 10:35:51 -------- d-----w- C:\ProgramData\AVAST Software
    2012-07-10 10:03:21 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-07-10 06:57:02 -------- d-----w- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
    2012-07-10 06:56:47 -------- d-----w- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
    2012-07-09 07:32:52 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-07-09 07:23:58 -------- d-----w- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
    2012-07-09 07:23:45 -------- d-----w- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
    2012-07-08 15:33:28 -------- d-----w- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
    2012-07-08 15:33:17 -------- d-----w- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
    2012-07-07 10:36:44 -------- d-----w- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
    2012-07-07 10:36:34 -------- d-----w- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
    2012-07-05 06:49:14 -------- d-----w- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
    2012-07-05 06:49:03 -------- d-----w- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
    2012-07-04 07:23:10 -------- d-----w- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
    2012-07-04 07:22:59 -------- d-----w- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
    2012-07-03 06:59:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
    2012-07-02 07:32:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
    2012-07-02 07:31:54 -------- d-----w- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
    2012-07-01 14:29:50 -------- d-----w- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
    2012-07-01 14:29:32 -------- d-----w- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
    2012-06-30 10:17:18 -------- d-----w- C:\Users\Chris\AppData\Local\Chromium
    2012-06-30 10:11:59 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-06-29 06:43:24 -------- d-----w- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
    2012-06-29 06:43:14 -------- d-----w- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
    2012-06-27 07:39:13 -------- d-----w- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
    2012-06-26 08:09:48 -------- d-----w- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
    2012-06-25 08:01:38 -------- d-----w- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
    2012-06-25 08:01:28 -------- d-----w- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
    2012-06-24 10:44:02 -------- d-----w- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
    2012-06-24 10:43:51 -------- d-----w- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
    2012-06-23 20:11:22 -------- d-----w- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
    2012-06-23 20:11:11 -------- d-----w- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
    2012-06-23 04:40:11 -------- d-----w- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
    2012-06-23 04:39:54 -------- d-----w- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
    2012-06-22 07:02:55 -------- d-----w- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
    2012-06-22 07:02:42 -------- d-----w- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
    2012-06-22 06:54:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-22 06:53:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-22 06:53:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-22 06:53:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 07:19:43 -------- d-----w- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
    2012-06-21 07:19:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
    2012-06-20 07:18:06 -------- d-----w- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
    2012-06-20 07:17:55 -------- d-----w- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
    2012-06-19 15:58:04 -------- d-----w- C:\Program Files\iPod
    2012-06-19 15:58:03 -------- d-----w- C:\Program Files\iTunes
    2012-06-19 15:58:03 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-06-19 08:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
    2012-06-19 08:13:30 -------- d-----w- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
    2012-06-18 08:07:00 -------- d-----w- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
    2012-06-17 12:14:46 -------- d-----w- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
    2012-06-16 20:12:02 -------- d-----w- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
    2012-06-16 08:11:36 -------- d-----w- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
    2012-06-15 06:48:48 -------- d-----w- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}
    2012-06-14 07:25:19 -------- d-----w- C:\Users\Chris\AppData\Local\{10168BAA-03DC-4700-AB6A-72C5B60EE8BA}
    2012-06-14 07:25:07 -------- d-----w- C:\Users\Chris\AppData\Local\{160BEC7E-A140-4B7D-9A5F-6678B26C1824}
    .
    ==================== Find3M ====================
    .
    2012-07-12 08:56:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 08:56:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-09 07:32:44 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-04 18:09:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-04 18:09:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-04 18:09:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-19 18:36:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-05-08 11:12:43 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    .
    ============= FINISH: 13:39:24.70 ===============




    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 07/10/2010 14:19:44
    System Uptime: 13/07/2012 08:38:10 (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2N68-AM Plus
    Processor: AMD Phenom(tm) 9850 Quad-Core Processor | AM2 | 2511/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 489 GiB total, 350.852 GiB free.
    D: is FIXED (NTFS) - 489 GiB total, 404.402 GiB free.
    E: is FIXED (NTFS) - 885 GiB total, 657.686 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP459: 09/07/2012 08:31:55 - Installed Java(TM) 6 Update 33
    RP460: 10/07/2012 07:59:37 - Windows Update
    RP461: 10/07/2012 10:29:03 - Windows Update
    RP462: 10/07/2012 11:02:46 - Installed HiJackThis
    RP463: 10/07/2012 11:35:32 - avast! Free Antivirus Setup
    RP465: 10/07/2012 14:04:09 - Windows Defender Checkpoint
    RP466: 11/07/2012 23:19:06 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    18 Wheels of Steel: Haulin'
    AC3Filter (remove only)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    ARMA 2
    ARMA 2: British Armed Forces
    ARMA 2: British Armed Forces - Data cache removal
    ARMA 2: Operation Arrowhead
    ArtMoney SE v7.38
    Assassin's Creed
    Assassin's Creed II
    Audacity 2.0
    avast! Free Antivirus
    Avira Free Antivirus
    Battlefield 2 Map - A.T.O.M.
    Battlefield 2(TM)
    Battlefield 2: Special Forces
    Battlefield 3™
    Battlefield 3™ Open Beta
    Battlefield Play4Free
    Battlelog Web Plugins
    BattlEye for OA Uninstall
    BattlEye Uninstall
    BitTorrent
    Blacklight: Retribution
    Burnout(TM) Paradise The Ultimate Box
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Cities XL - Limited Edition
    CoH Desert Map Pack
    Command & Conquer 3
    Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
    Company of Heroes
    Company of Heroes - FAKEMSI
    Curse Client
    D3DX10
    DAEMON Tools Toolbar
    Dead Rising 2
    Dead Space™ 2
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Download Manager 2.3.10
    Driver San Francisco
    Eastern Front
    Empire: Total War
    ESN Sonar
    EVE Online (remove only)
    Fallen Earth
    Far Cry 2
    FileZilla Client 3.5.1
    Flashpoint uninstall
    Free Mp3 Wma Converter V 2.2
    GameSpy Arcade
    Google Chrome
    Google Earth
    Google Update Helper
    GPGNet
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    HaloRTS Alpha Demo 1.0
    Hi-Rez Studios Authenticate and Update Service
    HiJackThis
    Homeworld2
    Java Auto Updater
    Java(TM) 6 Update 33
    Malwarebytes Anti-Malware version 1.62.0.1300
    Medal of Honor (TM)
    Microsoft .NET Framework 1.1
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Suite Anniversary Edition
    Microsoft Digital Image Suite Anniversary Edition Editor
    Microsoft Digital Image Suite Anniversary Edition Library
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MIDEAST CRISIS 2 version R2
    Moon Breakers
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need For Speed™ World
    Nero 7 Essentials
    neroxml
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Origin
    oZone3D.Net FurMark v1.7.0
    PeaZip 2.0
    PunisherSiX for UT3 1.0
    PunkBuster Services
    QuickTime
    RAD Video Tools
    Realtek High Definition Audio Driver
    Renegade-X v0.55 Beta
    Rockstar Games Social Club
    Roll
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon 2: Time Twister
    RollerCoaster Tycoon 2: Wacky Worlds
    Saints Row: The Third
    San Andreas Mod Installer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Six Updater
    Sky Broadband
    Skype Toolbars
    Skype™ 4.1
    Spotify
    Spybot - Search & Destroy
    Steam
    Supreme Commander
    Supreme Commander - Forged Alliance
    swMSM
    System Requirements Lab
    TC
    TeamSpeak 2 RC2
    Test Drive Unlimited 2
    The Moon Project Demo
    TotalBF2 Map Pack 3
    Trains and Trucks Tycoon
    Tribes: Ascend
    Tropico 3 1.00
    TRS2006
    Tycoon City - New York
    Ubisoft Game Launcher
    Uninstall MEC2
    Unity Web Player
    Unreal Tournament 3
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    World in Conflict MW Mod 2.0.1
    World in Conflict: Soviet Assault
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/07/2012 08:41:16, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    13/07/2012 08:41:16, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    13/07/2012 08:38:55, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: This driver has been blocked from loading
    13/07/2012 08:38:55, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\lirsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    .
    ==== End Of File ===========================

    I have installed HiJack this program also if that would help as a refference after reading the steps and tips, have to be honest I am a big gamer and work on computers so know the basics but this sort of stuff kind of goes straight over my head. I appreciate the help :)
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    These fixes are all likely empty folders/files/GUIDs..but we'll fix them anyway...

    Download OTL.exe by OldTimer to your Desktop.
    • Copy the commands below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      :OTL
      2012-06-19 08:13:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
      2012-06-19 08:13:30 -------- d-----w- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
      2012-06-18 08:07:00 -------- d-----w- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
      2012-06-17 12:14:46 -------- d-----w- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
      2012-06-16 20:12:02 -------- d-----w- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
      2012-06-16 08:11:36 -------- d-----w- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
      2012-06-15 06:48:48 -------- d-----w- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}
      2012-06-14 07:25:19 -------- d-----w- C:\Users\Chris\AppData\Local\{10168BAA-03DC-4700-AB6A-72C5B60EE8BA}
      2012-06-14 07:25:07 -------- d-----w- C:\Users\Chris\AppData\Local\{160BEC7E-A140-4B7D-9A5F-6678B26C1824}
      2012-06-21 07:19:43 -------- d-----w- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
      2012-06-21 07:19:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
      2012-06-20 07:18:06 -------- d-----w- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
      2012-06-20 07:17:55 -------- d-----w- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
      2012-06-29 06:43:24 -------- d-----w- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
      2012-06-29 06:43:14 -------- d-----w- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
      2012-06-27 07:39:13 -------- d-----w- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
      2012-06-26 08:09:48 -------- d-----w- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
      2012-06-25 08:01:38 -------- d-----w- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
      2012-06-25 08:01:28 -------- d-----w- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
      2012-06-24 10:44:02 -------- d-----w- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
      2012-06-24 10:43:51 -------- d-----w- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
      2012-06-23 20:11:22 -------- d-----w- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
      2012-06-23 20:11:11 -------- d-----w- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
      2012-06-23 04:40:11 -------- d-----w- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
      2012-06-23 04:39:54 -------- d-----w- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
      2012-06-22 07:02:55 -------- d-----w- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
      2012-06-22 07:02:42 -------- d-----w- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
      2012-07-09 07:23:58 -------- d-----w- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
      2012-07-09 07:23:45 -------- d-----w- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
      2012-07-08 15:33:28 -------- d-----w- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
      2012-07-08 15:33:17 -------- d-----w- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
      2012-07-07 10:36:44 -------- d-----w- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
      2012-07-07 10:36:34 -------- d-----w- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
      2012-07-05 06:49:14 -------- d-----w- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
      2012-07-05 06:49:03 -------- d-----w- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
      2012-07-04 07:23:10 -------- d-----w- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
      2012-07-04 07:22:59 -------- d-----w- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
      2012-07-03 06:59:32 -------- d-----w- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
      2012-07-02 07:32:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
      2012-07-02 07:31:54 -------- d-----w- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
      2012-07-01 14:29:50 -------- d-----w- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
      2012-07-01 14:29:32 -------- d-----w- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
      2012-07-10 06:57:02 -------- d-----w- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
      2012-07-10 06:56:47 -------- d-----w- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
      2012-07-11 07:04:44 -------- d-----w- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
      2012-07-11 07:04:32 -------- d-----w- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
      2012-07-13 07:40:53 -------- d-----w- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
      2012-07-13 07:40:38 -------- d-----w- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
      2012-07-12 10:33:31 711240 ----a-w- C:\Windows\isRS-000.tmp
      2012-07-12 07:32:58 -------- d-----w- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
      2012-07-12 07:32:41 -------- d-----w- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}

      :commands
      [reboot]
      [emptytemp]
    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Then, press Quick Scan. A log will launch eventually, please post that in your next reply.
    • Close OTL.exe
     
  11. Christian Ellis

    Christian Ellis TS Member Topic Starter

    OTL Run:


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chris
    ->Temp folder emptied: 19660001 bytes
    ->Temporary Internet Files folder emptied: 618135191 bytes
    ->Java cache emptied: 429305 bytes
    ->FireFox cache emptied: 52673172 bytes
    ->Google Chrome cache emptied: 91045877 bytes
    ->Flash cache emptied: 471410346 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119649847 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,310.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07142012_131447

    Files\Folders moved on Reboot...
    C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\startupCache\startupCache.4.little moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\urlclassifier3.sqlite moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\startupCache\startupCache.4.little not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_001_ not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_002_ not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_003_ not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\Cache\_CACHE_MAP_ not found!
    File C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\q3jrwl1c.default\urlclassifier3.sqlite not found!
    [2012/07/14 13:23:59 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  12. Christian Ellis

    Christian Ellis TS Member Topic Starter

    OTL Quick Scan:
    OTL logfile created on: 14/07/2012 13:28:58 - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Chris\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 44.99% Memory free
    8.00 Gb Paging File | 5.51 Gb Available in Paging File | 68.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 488.89 Gb Total Space | 352.83 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
    Drive D: | 488.99 Gb Total Space | 404.40 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
    Drive E: | 885.03 Gb Total Space | 657.73 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
    Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/14 13:13:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
    PRC - [2012/07/12 09:56:27 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/06/27 17:31:18 | 001,192,664 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/06/20 08:17:14 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/05/20 09:01:15 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/05/19 19:36:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/05/08 12:12:42 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012/05/08 12:12:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012/05/08 12:12:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2012/04/21 02:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

    ========== Modules (No Company Name) ==========

    MOD - [2012/07/12 09:56:26 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    MOD - [2012/06/27 17:31:18 | 001,192,664 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012/06/20 08:17:14 | 020,313,384 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/20 08:17:11 | 001,099,576 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/20 08:17:11 | 000,895,312 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/20 08:17:11 | 000,190,776 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/20 08:17:11 | 000,123,192 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2012/04/21 02:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/12 09:56:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/06/20 08:17:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/19 19:36:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/05/08 12:12:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012/05/08 12:12:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/05/08 12:12:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2012/05/08 12:12:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/11 15:00:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2011/09/04 07:07:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/04/19 15:42:30 | 000,233,472 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
    DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV:64bit: - [2010/04/19 15:42:30 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV:64bit: - [2010/04/19 15:42:28 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/14 02:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2007/04/03 13:57:38 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
    DRV:64bit: - [2007/04/03 13:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
    DRV:64bit: - [2007/04/03 13:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
    DRV:64bit: - [2007/04/03 13:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
    DRV - [2010/10/07 19:55:57 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2003/07/04 08:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2003/07/04 08:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 9D 04 2F 9F F7 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.64.2
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/11 10:50:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 11:36:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 08:09:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 08:32:52 | 000,000,000 | ---D | M]

    [2010/10/08 17:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
    [2012/03/06 20:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\extensions
    [2011/09/24 18:10:33 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3jrwl1c.default\extensions\battlefieldplay4free@ea.com
    [2012/07/09 08:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/25 14:08:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/07/09 08:32:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/07/10 11:36:19 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  13. Christian Ellis

    Christian Ellis TS Member Topic Starter

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2010/10/22 13:24:32 | 000,423,309 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14590 more lines...
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [Desura] D:\Program Files (x86)\Desura\Desura.exe -autostart File not found
    O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork File not found
    O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found
    O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = D:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: tradedoubler.com ([www] https in Trusted sites)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4962F81B-6789-4BF6-923B-44908F0623BF}: NameServer = 10.203.129.68 10.203.129.68
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00078E4-61A7-4279-AF55-7A4A51448C6A}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/10/11 18:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
    O33 - MountPoints2\{4f14f4cd-d6bc-11e0-832e-485b395a8334}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f14f4cd-d6bc-11e0-832e-485b395a8334}\Shell\AutoRun\command - "" = G:\SETUP.EXE -autorun
    O33 - MountPoints2\{874049fc-d225-11df-a319-485b395a8334}\Shell - "" = AutoRun
    O33 - MountPoints2\{874049fc-d225-11df-a319-485b395a8334}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{aaeb8dcb-ccae-11df-9fd0-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{aaeb8dcb-ccae-11df-9fd0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/11/15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/14 13:14:47 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/14 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{88553B0D-0295-4E84-86D7-7C6A8DF94A13}
    [2012/07/14 08:24:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0534AB49-29DF-4D92-8123-409C90C0DA88}
    [2012/07/13 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B6700693-1297-43F4-925E-F7700DB76ED9}
    [2012/07/13 08:40:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C7ABEB2-30C1-4205-A23F-FD30DC28CBDE}
    [2012/07/12 08:32:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EE9FA78C-B78C-478F-8E5A-64244DABC615}
    [2012/07/12 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6E647367-3A4D-4671-83CB-4209C7CE8C69}
    [2012/07/11 09:25:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
    [2012/07/11 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/11 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/11 09:25:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/11 08:04:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{915C7216-E5D4-4311-B302-CE8AFC722357}
    [2012/07/11 08:04:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A244C444-6879-4EAA-892E-2A232F0805CF}
    [2012/07/10 11:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/10 11:36:45 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/10 11:36:45 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/10 11:36:42 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/10 11:36:41 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/10 11:36:40 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/10 11:36:37 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/10 11:36:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/10 11:36:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/10 11:36:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/10 11:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/10 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/07/10 07:57:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4BFDD976-EDD0-429C-9B3C-5ECC4883747A}
    [2012/07/10 07:56:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{701E078A-CB4E-49E1-80E3-BCA4C12C49A3}
    [2012/07/09 08:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/07/09 08:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/09 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F430564C-918F-4A40-9B3D-290C959382D5}
    [2012/07/09 08:23:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{055446DE-D74F-4C6E-A92D-6C0E7E958B52}
    [2012/07/08 16:33:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3EDC17FA-72D0-4571-B733-582DD2EAB737}
    [2012/07/08 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{8D510BD4-60CA-43B8-9C3C-679D9C31CF27}
    [2012/07/07 11:36:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DE5275DB-1BA4-4FBA-9F5E-EAD0F75618B5}
    [2012/07/07 11:36:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FEED1FEB-474E-4487-B394-D7722DB74274}
    [2012/07/05 07:49:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{17A43A2A-4F5C-415C-A9EC-13C15B678613}
    [2012/07/05 07:49:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{28108600-4008-4375-8C14-DECE011DDB01}
    [2012/07/04 08:23:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9C6B8D93-5C73-43E5-9051-EF8816228270}
    [2012/07/04 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{98BB496B-4A79-4930-AADD-DA2B84D70DB9}
    [2012/07/03 07:59:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D49A9596-4CB5-473A-9968-9E0195F7003C}
    [2012/07/02 08:32:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5EF27C68-9F8E-4408-B20A-F085805F6ADC}
    [2012/07/02 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C34D9449-1CDE-49C6-A757-8297656C1652}
    [2012/07/01 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{417A0DB7-090F-456C-9B16-5B6814FE864F}
    [2012/07/01 15:29:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{04A73727-86DA-4451-B2B9-429E780D6625}
    [2012/06/30 11:17:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Chromium
    [2012/06/30 11:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
    [2012/06/30 11:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
    [2012/06/29 07:43:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6D341DA0-129F-4BB1-9C48-050692EE12BD}
    [2012/06/29 07:43:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{67FF3A29-7738-482F-A906-F2CD00CD78CE}
    [2012/06/27 08:39:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{04757828-77BC-4E56-9368-E281A3433724}
    [2012/06/26 09:09:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{90502E1B-F676-461E-AFDC-FA313C89C848}
    [2012/06/25 09:01:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C3256933-60ED-424A-B2D1-6E8AFA96DAB3}
    [2012/06/25 09:01:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D820BBD3-B55E-40C9-8C26-A3BC12D193F0}
    [2012/06/24 11:44:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{34BB2C00-8D87-4858-B269-7C90B043D8DF}
    [2012/06/24 11:43:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D6E738C3-9A62-4562-9361-7D2BA56A9A5D}
    [2012/06/23 21:11:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4CF90CF3-FC88-4373-BC12-151608C68130}
    [2012/06/23 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9D614C1F-C379-49D8-928B-5643805E39B8}
    [2012/06/23 05:40:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{507A6580-9B95-4689-A639-E6C92A6E826F}
    [2012/06/23 05:39:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{49D293DF-F5C1-4E9C-87C0-3908493B0185}
    [2012/06/22 08:02:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3CC50479-7732-4961-9C03-A98170ADEEDD}
    [2012/06/22 08:02:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DC698B76-5882-4F24-B3DA-C2D10DD87431}
    [2012/06/21 08:19:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EA0D0844-0CCD-420B-82B8-B8CFF25FECBE}
    [2012/06/21 08:19:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{D45518D8-5AC1-45F3-AE1A-BBF96227F2DC}
    [2012/06/20 08:18:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{251D4090-3407-4B42-AA4F-629BFA21D8FA}
    [2012/06/20 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A41FB7A5-15A6-401F-934D-107A0C894572}
    [2012/06/19 16:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/19 16:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/19 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/19 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/06/19 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{C9B1F012-4F50-4504-BC0D-D62B92E758FF}
    [2012/06/19 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6553E594-8E01-48FC-A97B-07FABEE6E0AF}
    [2012/06/18 09:07:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{844EB276-51F5-4F2E-B66B-DB04507E8CD6}
    [2012/06/17 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A8ABB1E3-0F7E-4E4A-B823-52830C5B6156}
    [2012/06/16 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{848A1EFE-B918-405E-8BE8-3218D29EF1A8}
    [2012/06/16 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{ECF2D59F-FE7A-49D6-8C33-C9E83091CD46}
    [2012/06/15 07:48:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CBAECBD8-E5F9-4968-83D3-DDBEBBD38507}

    ========== Files - Modified Within 30 Days ==========

    [2012/07/14 13:31:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/14 13:31:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/14 13:23:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/14 13:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/14 13:23:40 | 3220,566,016 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/14 13:20:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/14 12:56:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/14 12:39:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292920716-1066258704-1708500095-1000UA.job
    [2012/07/14 08:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292920716-1066258704-1708500095-1000Core.job
    [2012/07/12 18:41:14 | 000,002,401 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
    [2012/07/12 11:33:31 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/12 08:30:08 | 000,403,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/10 11:36:46 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/10 11:36:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/10 11:03:21 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
    [2012/07/04 19:09:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/07/04 19:09:21 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/07/04 19:09:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/01 20:47:13 | 000,744,006 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/01 20:47:13 | 000,640,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/01 20:47:13 | 000,115,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/19 16:59:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/11 09:25:05 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/10 11:36:46 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/10 11:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/10 11:03:21 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
    [2012/06/19 16:59:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2012/01/20 17:07:32 | 000,386,560 | R--- | C] () -- C:\Windows\mss32.dll
    [2012/01/20 17:06:55 | 000,194,560 | R--- | C] () -- C:\Windows\binkw32.dll
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/05 16:37:00 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
    [2011/08/09 11:27:45 | 000,748,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/09 11:09:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/06/10 19:21:50 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
    [2011/06/10 19:21:50 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
    [2011/06/10 19:21:49 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
    [2011/03/08 00:58:45 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/01/03 11:41:41 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2010/12/27 16:47:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
    [2010/12/27 16:47:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
    [2010/11/14 14:18:07 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2010/10/25 14:13:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/19 17:06:26 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
    [2010/10/07 19:57:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2010/10/07 19:55:00 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
    [2010/10/07 19:31:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/10/07 19:31:37 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/10/07 19:31:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/10/01 10:50:35 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
    [2010/09/30 14:11:45 | 000,020,933 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2010/09/30 14:11:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/30 14:11:08 | 000,015,861 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== LOP Check ==========

    [2012/04/29 20:32:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
    [2011/12/14 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitTorrent
    [2011/08/17 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2011/09/04 07:12:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
    [2012/02/19 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DarknessII
    [2011/12/13 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
    [2012/04/29 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
    [2011/08/03 10:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Need for Speed World
    [2011/11/14 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
    [2011/01/03 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Red Alert 3
    [2012/05/02 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\six-updater
    [2012/02/20 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\six-zsync
    [2012/07/14 12:43:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
    [2012/01/04 14:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
    [2011/07/18 17:16:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tropico 3
    [2012/02/20 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
    [2012/05/20 09:08:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
    [2011/09/10 13:05:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
    [2010/10/07 16:49:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vodafone
    [2012/02/28 17:13:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Youtube Downloader HD
    [2012/04/15 08:09:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    ========== Purity Check ==========
    < End of report >
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Well that fix half functioned. Oh brother. Well like I said, they're probably all empty anyway.

    One more scan, then I think we can call it clean 99% sure...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  15. Christian Ellis

    Christian Ellis TS Member Topic Starter

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=d9b441feabcb90449df820805232bc7f
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-07-16 04:01:20
    # local_time=2012-07-16 05:01:20 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1792 16777215 100 0 23349653 23349653 0 0
    # compatibility_mode=5893 16776573 100 94 11591 94913082 0 0
    # compatibility_mode=8192 67108863 100 0 165 165 0 0
    # scanned=403566
    # found=0
    # cleaned=0
    # scan_time=6448
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  17. Christian Ellis

    Christian Ellis TS Member Topic Starter

    I have done all the checks and I can see no threats on the system.

    Security Check:

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 33
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Antivirus Overkill

    I notice that you are using more than one antivirus program.
    • AVAST Antivirus
    • Avira Desktop
    This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
    It is important that only ONE antivirus program is running realtime protection.
    I strongly suggest you either (1) uninstall all but one antivirus program through Control Panel->Add or remove Programs,
    OR (2) keep the programs, but leave all but one of them disabled most of the time.
    You can still use them for scanning your computer.

    Program Updates

    Update Firefox

    Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox. It will either have a button that says Check for Updates or Apply Update. Please click that button.

    Update Java

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  19. Christian Ellis

    Christian Ellis TS Member Topic Starter

    Ok thank you very much for taking the time to help me in this situation I really appreciate it. I have the avast as the realtime virus program and the avira as just a scanner. I will get the updates for firefox and java done asap. Thanks again.
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    You're welcome! Marked as solved. :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...