May be infected - really worried

Selvaria · July 20, 2012

Hello, please pardon my spelling or mistakes because I'm freaking out over this. My friend sent me a download link to a program called Hamachi that we were going to use to play a game. In his wisdom, he sent me the program from a 3rd party download site. Lo and behold, it had PUP.BundleInstaller.IB in it.

I ran malwarebytes and avast all throughout the mornings, twice each, and deleted the 3 files that came up. Now it shows nothing infected on the scan. However, I decided now would be a good time to start my malwarebytes trial, and one of the first messages I see is:

IP-BLOCK 109.163.226.198 (Type: outgoing, Port: 49902, Process: avastsvc.exe)

109.163.226.198 (Type: outgoing, Port: 49904, Process: avastsvc.exe)

This computer means the world to me, so any help would be greatly appreciated. Here are my DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Tony at 9:40:00 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6219 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\TiltWheelMouse.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe

C:\Windows\V0230Mon.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Akamai NetSession Interface] "C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe"

uRun: [PlayNC Launcher]

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

mRun: [V0230Mon.exe] C:\Windows\V0230Mon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 71.252.0.12 68.237.161.12

TCP: Interfaces\{CE54720C-79E0-428A-A20A-6E94744A2A2B} : DhcpNameServer = 71.252.0.12 68.237.161.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [V0230Mon.exe] C:\Windows\V0230Mon.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kkhjfy9r.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kkhjfy9r.default\extensions\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-7 44808]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-2 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-2 1262400]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-12-14 25832]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-2-9 137728]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\system32\DRIVERS\t_mouse.sys --> C:\Windows\system32\DRIVERS\t_mouse.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys --> C:\Windows\system32\DRIVERS\V0230Vfx.sys [?]

S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys --> C:\Windows\system32\DRIVERS\V0230VID.sys [?]

S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-2-16 670816]

.

=============== Created Last 30 ================

.

2012-07-20 13:29:15 -------- d-----w- C:\Program Files\CCleaner

2012-07-20 13:14:44 -------- d-----w- C:\Users\Tony\AppData\Local\{116E7E9E-037F-4DC6-8FD6-731952AAC6A3}

2012-07-20 13:14:19 -------- d-----w- C:\Users\Tony\AppData\Local\{3B3EC911-BC98-4C87-8DF3-0E787E3B67E8}

2012-07-20 10:12:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6964CD5C-4F56-4F7E-AAA1-7AA7147B0BCD}\mpengine.dll

2012-07-20 01:26:38 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-07-20 01:26:36 -------- d-----w- C:\Users\Tony\AppData\Roaming\PerformerSoft

2012-07-20 01:26:35 19000 ----a-w- C:\Windows\System32\roboot64.exe

2012-07-20 01:26:28 -------- d-----w- C:\Users\Tony\AppData\Local\Conduit

2012-07-20 01:25:25 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2012-07-20 00:21:54 -------- d-----w- C:\Users\Tony\AppData\Local\{9D9F8AD3-D537-4745-8B87-6CF09CF0306D}

2012-07-20 00:21:32 -------- d-----w- C:\Users\Tony\AppData\Local\{34F7AF3C-3653-42FC-A6C8-E76C25E009AA}

2012-07-19 23:40:23 -------- d-----w- C:\Users\Tony\AppData\Roaming\DarkBlood ServiceNa

2012-07-19 23:13:44 -------- d-----w- C:\Users\Tony\AppData\Roaming\The Longest Journey

2012-07-19 12:21:04 -------- d-----w- C:\Users\Tony\AppData\Local\{89498EA6-27AC-47CE-85C2-03AFD58939DF}

2012-07-19 12:20:50 -------- d-----w- C:\Users\Tony\AppData\Local\{C7B70C2A-508C-45F9-922A-1CF12CD9ADEF}

2012-07-18 23:45:55 -------- d-----w- C:\Users\Tony\AppData\Local\{980BB19C-0834-4455-B9A0-4812CD1928FC}

2012-07-18 23:45:33 -------- d-----w- C:\Users\Tony\AppData\Local\{64A0AB89-3148-4CBC-95EC-46846AC138FE}

2012-07-18 11:45:04 -------- d-----w- C:\Users\Tony\AppData\Local\{1503B39A-21F3-4E48-BAFA-4FE75FE1DDD2}

2012-07-18 11:44:50 -------- d-----w- C:\Users\Tony\AppData\Local\{BF9D981D-10AA-45A1-9000-95E401A1C3BF}

2012-07-17 23:34:58 -------- d-----w- C:\Users\Tony\AppData\Local\{CE2A3ABC-0F19-4899-B82F-D39304FDFC93}

2012-07-17 23:34:37 -------- d-----w- C:\Users\Tony\AppData\Local\{218E794A-9DEF-4D65-9444-749BA48CA2FC}

2012-07-17 11:34:10 -------- d-----w- C:\Users\Tony\AppData\Local\{405DA706-EAD5-46F1-AE5B-E0BD940DCA96}

2012-07-17 11:33:49 -------- d-----w- C:\Users\Tony\AppData\Local\{F737BB5B-66CF-4D41-BB36-1732158D6C5F}

2012-07-16 23:33:20 -------- d-----w- C:\Users\Tony\AppData\Local\{7EB75211-5E7C-4844-B87B-1A1ECC481CD1}

2012-07-16 23:33:06 -------- d-----w- C:\Users\Tony\AppData\Local\{3C8E0274-D489-4488-B052-D22637B1D9DA}

2012-07-16 11:06:07 -------- d-----w- C:\Users\Tony\AppData\Local\{6814C45F-BB7F-4129-95AD-85911DA34402}

2012-07-16 11:05:45 -------- d-----w- C:\Users\Tony\AppData\Local\{B318BA21-70A8-4A78-8671-FC717CDF243E}

2012-07-15 23:05:19 -------- d-----w- C:\Users\Tony\AppData\Local\{B48A91A0-B5BC-49BD-A506-DCCB9937C136}

2012-07-15 23:04:57 -------- d-----w- C:\Users\Tony\AppData\Local\{8DF2A8F3-4510-452E-8F87-D189888ECE12}

2012-07-15 11:04:30 -------- d-----w- C:\Users\Tony\AppData\Local\{3FD57636-688C-4BE1-B071-95E129A04A8A}

2012-07-15 11:04:09 -------- d-----w- C:\Users\Tony\AppData\Local\{6A9B86F4-8642-4A14-8420-2D899FCFF388}

2012-07-14 23:03:44 -------- d-----w- C:\Users\Tony\AppData\Local\{A2453E45-4E57-4288-980A-5CE7BD6AEA16}

2012-07-14 23:03:30 -------- d-----w- C:\Users\Tony\AppData\Local\{D44ED022-9115-41AF-8ED7-47FA0D092B81}

2012-07-14 10:28:41 -------- d-----w- C:\Users\Tony\AppData\Local\{DCAA5869-E4C0-4622-A50E-0A75B293DC64}

2012-07-14 10:28:27 -------- d-----w- C:\Users\Tony\AppData\Local\{FD76842D-4787-4F5A-8F65-A6910873ECDA}

2012-07-13 18:16:01 -------- d-----w- C:\Users\Tony\AppData\Local\{12BED4AC-DC1C-47CC-B6DC-7EC43498485A}

2012-07-13 18:15:40 -------- d-----w- C:\Users\Tony\AppData\Local\{24EBE26B-C9FF-470C-ADBB-D0C9897800B1}

2012-07-13 06:15:12 -------- d-----w- C:\Users\Tony\AppData\Local\{50E6BF8C-4193-453C-9C34-270F97D04CEE}

2012-07-13 06:15:01 -------- d-----w- C:\Users\Tony\AppData\Local\{DF55CCBE-8A89-4B36-B1B0-DA28BA9BE515}

2012-07-13 05:35:32 -------- d-----w- C:\Users\Tony\AppData\Local\The Witcher 2

2012-07-12 18:14:47 -------- d-----w- C:\Users\Tony\AppData\Local\{7EA7B2C8-D9E2-4DC6-8933-BEB929A6AE92}

2012-07-12 18:14:35 -------- d-----w- C:\Users\Tony\AppData\Local\{BD05DAA8-BD04-4568-8839-112D4813A603}

2012-07-12 05:07:03 -------- d-----w- C:\Users\Tony\AppData\Local\{EE32AD8F-8326-4884-BBA6-4028274D1524}

2012-07-12 05:06:50 -------- d-----w- C:\Users\Tony\AppData\Local\{9BC0FB43-7A8E-4834-9A97-579EE30ED92E}

2012-07-11 09:00:19 -------- d-----w- C:\Users\Tony\AppData\Local\{228D6466-BD90-4768-A444-296EB51C9B10}

2012-07-11 08:59:57 -------- d-----w- C:\Users\Tony\AppData\Local\{9F6DF3F8-9428-46BE-824E-E1400B84BFDE}

2012-07-11 07:03:48 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 07:01:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-11 07:01:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-07-11 07:01:00 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2012-07-11 07:01:00 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2012-07-11 07:01:00 174200 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-07-11 07:01:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-07-11 05:02:48 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-10 20:59:29 -------- d-----w- C:\Users\Tony\AppData\Local\{DF84BA96-3FF1-4A9D-A9CF-AEA3D4C18D11}

2012-07-10 20:59:14 -------- d-----w- C:\Users\Tony\AppData\Local\{05F0DCFA-74AE-437C-A88D-65552354EC66}

2012-07-10 06:20:08 -------- d-----w- C:\Users\Tony\AppData\Local\{E4ED4F13-6D06-453A-8F7A-5D5AD21BAB3F}

2012-07-10 06:19:54 -------- d-----w- C:\Users\Tony\AppData\Local\{36E92CC4-DE22-4BEB-8435-BFAAD7E9B29E}

2012-07-09 03:16:08 -------- d-----w- C:\Users\Tony\AppData\Local\{897E9C4D-BEEC-449A-836D-DE50B95C40A1}

2012-07-09 03:15:54 -------- d-----w- C:\Users\Tony\AppData\Local\{D1FB75ED-EDF7-412E-9A35-7BC41CBE5AFD}

2012-07-08 02:47:45 -------- d-----w- C:\Users\Tony\AppData\Local\{13C2E156-E5A7-44F8-AA91-3E771D707C29}

2012-07-08 02:47:30 -------- d-----w- C:\Users\Tony\AppData\Local\{44A302C9-22E9-4626-8D31-AB1B2F49F3B7}

2012-07-07 06:27:17 -------- d-----w- C:\Users\Tony\AppData\Local\{3649EE66-CC41-4499-8FA4-29086DEC95B3}

2012-07-07 06:27:04 -------- d-----w- C:\Users\Tony\AppData\Local\{4047E082-FDF7-44DB-9981-B76458BE46CA}

2012-07-06 14:17:39 -------- d-----w- C:\Users\Tony\AppData\Local\{A8ED024C-57A9-40F3-A2B3-C2A09E5AF7CD}

2012-07-06 14:17:25 -------- d-----w- C:\Users\Tony\AppData\Local\{C06DE5BC-92C2-487E-871A-8B5EB3610523}

2012-07-06 00:13:16 -------- d-----w- C:\Users\Tony\AppData\Local\{8B566AAF-B066-4D34-95DD-AF223C7AED3B}

2012-07-06 00:12:54 -------- d-----w- C:\Users\Tony\AppData\Local\{EE9111EC-182C-4B1F-9FCF-F4AC63022E2F}

2012-07-05 12:12:27 -------- d-----w- C:\Users\Tony\AppData\Local\{E47C12B4-DC8D-4EBA-AE9D-EBD48BB8B763}

2012-07-05 12:12:15 -------- d-----w- C:\Users\Tony\AppData\Local\{334CFD69-DE6D-4F18-A36B-CB1167FD1134}

2012-07-05 00:03:08 -------- d-----w- C:\Users\Tony\AppData\Local\{44558F05-7575-494E-AEE1-3E00E85DFB45}

2012-07-05 00:02:56 -------- d-----w- C:\Users\Tony\AppData\Local\{0CE083C2-4C79-46B6-8BCE-892F09E911A1}

2012-07-04 11:26:38 -------- d-----w- C:\Users\Tony\AppData\Local\{12940342-24EC-49A1-8E6E-2252A2BDED81}

2012-07-04 11:26:27 -------- d-----w- C:\Users\Tony\AppData\Local\{1829BF3F-DF49-4C8C-8D3B-1B3E6E3FF229}

2012-07-03 23:26:13 -------- d-----w- C:\Users\Tony\AppData\Local\{391607C5-7B15-4BAE-9E0F-B7E49619FC36}

2012-07-03 23:26:02 -------- d-----w- C:\Users\Tony\AppData\Local\{41A71E11-8AD4-469F-8FE7-E05860E569BE}

2012-07-03 00:12:28 -------- d-----w- C:\Users\Tony\AppData\Local\{1089A5E7-506A-4C4B-A489-AAC122F3B8FC}

2012-07-03 00:12:06 -------- d-----w- C:\Users\Tony\AppData\Local\{580E2F9A-DB41-4D89-B7FF-280F6FD81713}

2012-07-02 12:11:39 -------- d-----w- C:\Users\Tony\AppData\Local\{0CFBAB93-CA6B-42E5-A16C-A09EB12780EE}

2012-07-02 12:11:28 -------- d-----w- C:\Users\Tony\AppData\Local\{EB9BBA69-50C3-47F6-AB68-813214A0C657}

2012-07-01 23:35:20 -------- d-----w- C:\Users\Tony\AppData\Local\{2C62C2B4-F487-4BF4-A060-10873FBE3D86}

2012-07-01 23:35:09 -------- d-----w- C:\Users\Tony\AppData\Local\{B5C992D2-61C9-4C04-B427-AB6D61A4FEB1}

2012-07-01 10:23:22 -------- d-----w- C:\Users\Tony\AppData\Local\{4241E990-1E52-4D38-A8B4-653DCA34AAFE}

2012-07-01 10:23:11 -------- d-----w- C:\Users\Tony\AppData\Local\{7E6712E8-E79C-4EA4-AAD1-B2B38E543673}

2012-06-30 22:22:57 -------- d-----w- C:\Users\Tony\AppData\Local\{692675A0-4AC7-482E-A3CC-FBD76AB7ADC1}

2012-06-30 22:22:35 -------- d-----w- C:\Users\Tony\AppData\Local\{7B480F52-4F9D-45FB-80D1-21E3F3CD89E8}

2012-06-30 10:22:08 -------- d-----w- C:\Users\Tony\AppData\Local\{6FD12361-2475-4161-A377-52FCBDAEAA40}

2012-06-30 10:21:47 -------- d-----w- C:\Users\Tony\AppData\Local\{AB2DF52B-0532-497E-8321-A3CCB426FADB}

2012-06-29 22:21:08 -------- d-----w- C:\Users\Tony\AppData\Local\{CC516D86-18BD-440E-B8E9-BAF64365AF08}

2012-06-29 22:20:57 -------- d-----w- C:\Users\Tony\AppData\Local\{AF9E203A-7661-4D11-9C5F-4939C00D84FF}

2012-06-29 10:10:38 -------- d-----w- C:\Users\Tony\AppData\Local\{4EFF5F8A-691A-4E3F-BF46-F6BAAED850EE}

2012-06-29 10:10:16 -------- d-----w- C:\Users\Tony\AppData\Local\{0A45F6E2-A985-43C6-B76C-25FCF89ADFFE}

2012-06-28 22:09:49 -------- d-----w- C:\Users\Tony\AppData\Local\{2CD42968-21E1-486D-AF46-77C5A7A63DA4}

2012-06-28 22:09:28 -------- d-----w- C:\Users\Tony\AppData\Local\{27D2CD79-8F68-49AA-873D-E4F18D8155FB}

2012-06-28 10:08:57 -------- d-----w- C:\Users\Tony\AppData\Local\{389ACBAC-F534-472B-BDE2-B6C6F7BCBA9B}

2012-06-28 10:08:45 -------- d-----w- C:\Users\Tony\AppData\Local\{5D9A934A-E6B5-4524-84B8-21DD1D54AF7B}

2012-06-28 08:20:13 -------- d-----w- C:\Riot Games

2012-06-27 22:08:31 -------- d-----w- C:\Users\Tony\AppData\Local\{B9EE826B-1889-463F-BE16-22B8BED75569}

2012-06-27 22:08:20 -------- d-----w- C:\Users\Tony\AppData\Local\{38D22F36-3B25-48E3-8827-65AE1E4B4D4F}

2012-06-27 09:32:42 -------- d-----w- C:\Users\Tony\AppData\Local\{01ABFF10-98FE-4714-ADE4-284F1EA7D393}

2012-06-27 09:32:31 -------- d-----w- C:\Users\Tony\AppData\Local\{9483900A-5FBA-49B7-A87C-2DC5D0BD9C45}

2012-06-26 21:32:06 -------- d-----w- C:\Users\Tony\AppData\Local\{E21F0852-B0BA-4FAE-A9FD-B1A78FB5C7A6}

2012-06-26 21:31:55 -------- d-----w- C:\Users\Tony\AppData\Local\{C9186796-BEE9-4FF8-8FBE-BC83FC382ED7}

2012-06-26 01:45:21 -------- d-----w- C:\Program Files (x86)\Overwolf

2012-06-26 01:44:07 -------- d-----w- C:\Users\Tony\AppData\Local\Overwolf

2012-06-26 00:57:40 -------- d-----w- C:\Crash

2012-06-25 23:38:35 -------- d-----w- C:\Users\Tony\AppData\Local\{3BEDC289-1D71-4712-AEF6-BA732F42A078}

2012-06-25 23:38:24 -------- d-----w- C:\Users\Tony\AppData\Local\{DA0A1890-BE56-4D9D-83AE-F72322F85339}

2012-06-25 10:04:40 -------- d-----w- C:\Users\Tony\AppData\Local\{E0D7777D-672C-47C0-B172-825E9859ED85}

2012-06-25 10:04:29 -------- d-----w- C:\Users\Tony\AppData\Local\{95258123-82BE-4B29-8A23-D53787D68605}

2012-06-24 22:04:14 -------- d-----w- C:\Users\Tony\AppData\Local\{9FEF8B95-941A-4E3B-A9EA-D1EED14AEB24}

2012-06-24 22:03:52 -------- d-----w- C:\Users\Tony\AppData\Local\{E418C0AE-9F42-49C0-8769-AE3159019060}

2012-06-24 10:03:26 -------- d-----w- C:\Users\Tony\AppData\Local\{A15CDE81-EC01-432D-B17C-2C7A0415494A}

2012-06-24 10:03:04 -------- d-----w- C:\Users\Tony\AppData\Local\{50D32FEF-FB35-4BBA-B1C5-0A0EDDC12BB6}

2012-06-23 22:02:37 -------- d-----w- C:\Users\Tony\AppData\Local\{9D40A00F-726F-4EFB-AC4F-3EC123FC6DC5}

2012-06-23 22:02:26 -------- d-----w- C:\Users\Tony\AppData\Local\{654138BB-A460-4F2F-84DF-27342B85E1EA}

2012-06-23 08:41:37 -------- d-----w- C:\Users\Tony\AppData\Local\{BB73F0FF-1C5B-4468-89C0-66D7821A31F4}

2012-06-23 08:41:21 -------- d-----w- C:\Users\Tony\AppData\Local\{F3F7CA6C-9272-4F83-AB1C-BEF8BDD18B28}

2012-06-22 19:42:49 -------- d-----w- C:\Users\Tony\AppData\Local\{4668AF11-7CFE-4CEF-8BF2-50325A0030CD}

2012-06-22 19:42:38 -------- d-----w- C:\Users\Tony\AppData\Local\{B9010A6E-C94F-45F0-AA9C-3DFCF38D4CB1}

2012-06-22 07:08:12 -------- d-----w- C:\Users\Tony\AppData\Local\{51998428-77DF-4D21-96CB-BBA9DC3315A9}

2012-06-22 07:07:50 -------- d-----w- C:\Users\Tony\AppData\Local\{99C99B1F-B3A9-41B6-986F-5ECFFB4CE4EB}

2012-06-21 20:16:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 20:16:20 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 20:16:07 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 20:16:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 19:07:23 -------- d-----w- C:\Users\Tony\AppData\Local\{1CAEC517-8DE6-4980-A0DE-FA5A1577B114}

2012-06-21 19:07:01 -------- d-----w- C:\Users\Tony\AppData\Local\{17F774D2-DB41-4CE2-A8CC-FE8DDED54D37}

2012-06-21 07:06:34 -------- d-----w- C:\Users\Tony\AppData\Local\{16B36269-10D0-4226-B6BC-E9B722BA3FEF}

2012-06-21 07:06:13 -------- d-----w- C:\Users\Tony\AppData\Local\{90010EB7-51AE-42FA-97A2-5A3504944AAF}

2012-06-20 19:05:42 -------- d-----w- C:\Users\Tony\AppData\Local\{CD3105A5-1DCE-4E9E-9229-22B1F9EB76F9}

2012-06-20 19:05:30 -------- d-----w- C:\Users\Tony\AppData\Local\{7FBD17BD-6229-46E4-8462-7F9C64C01652}

.

==================== Find3M ====================

.

2012-07-18 17:16:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 17:16:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-06-20 15:28:03 4145600 ----a-w- C:\Windows\SysWow64\GameMon.des

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-30 18:54:27 670816 ----a-w- C:\Windows\SysWow64\xsherlock.xem

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 9:41:50.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/2/2011 4:04:38 PM

System Uptime: 7/20/2012 9:12:39 AM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | M68MT-S2

Processor: AMD Phenom II X6 1100T Processor | Socket M2 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 546.828 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP182: 7/17/2012 5:41:15 AM - Windows Update

RP183: 7/19/2012 7:34:09 PM - Installed DarkBloodOnline

RP184: 7/19/2012 9:24:21 PM - Installed LogMeIn Hamachi

RP185: 7/19/2012 9:33:13 PM - Removed LogMeIn Hamachi

RP186: 7/19/2012 9:35:45 PM - Removed DarkBloodOnline

RP187: 7/20/2012 6:12:11 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Aion

Akamai NetSession Interface

Alien Swarm

Amnesia - The Dark Descent

Amnesia: The Dark Descent

Apple Application Support

avast! Free Antivirus

Baldur's Gate

Baldur's Gate Tutu

Baldur's Gate II - Throne of Bhaal

Bandisoft MPEG-1 Decoder

Bastion

Batman: Arkham Asylum GOTY Edition

Bing Bar

BioShock

BioShock 2

Borderlands

Braid

Braid (Version 1.015)

Breath of Death VII

Cthulhu Saves the World

D3DX10

DC Universe Online Live

Deus Ex: Human Revolution

Dotfuscator and Analytics Community Edition

Dragon Age Redesigned©

Dragon Age: Origins

Dungeon Defenders

E.Y.E: Divine Cybermancy

EA Installer

EA Shared Game Component: Activation

Fable - The Lost Chapters

Fallout

Fallout 2

Fallout 3 - Game of the Year Edition

Fallout 3 - The Garden of Eden Creation Kit

Fallout 3 - Unofficial Fallout 3 Patch

Fallout Mod Manager 0.13.21

FINAL FANTASY XI

FINAL FANTASY XI: Chains of Promathia

FINAL FANTASY XI: Rise of the Zilart

FINAL FANTASY XI: Treasures of Aht Urhgan

FINAL FANTASY XI: Wings of the Goddess

FINAL FANTASY XIV

Fraps

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

IIS 7.5 Express

ImgBurn

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

League of Legends

Left 4 Dead 2

LIMBO

LocalESPC

LocalESPCui for en-us

Lone Survivor

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack

Microsoft .NET Framework 4.5 Beta SDK

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update

Microsoft ASP.NET MVC 4

Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - Visual Studio 11 Tools

Microsoft ASP.NET Web Pages 2

Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools

Microsoft Blend for Visual Studio

Microsoft Blend for Visual Studio ENU resources

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 2.0 Beta

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Portable Library Multi-Targeting Pack

Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

Microsoft Report Viewer Add-On for Visual Studio 11 - Beta

Microsoft Silverlight 4 SDK

Microsoft Silverlight 5 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Management Objects RC0

Microsoft SQL Server 2012 T-SQL Language Service RC0

Microsoft SQL Server Data Tools Build Utilities Mar 2012

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft System CLR Types for SQL Server 2012 RC0

Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214

Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214

Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50214

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ Compilers 11

Microsoft Visual C++ Compilers 11 - ENU Resources

Microsoft Visual C++ Core Libraries 11

Microsoft Visual C++ Extended Libraries 11

Microsoft Visual C++ Microsoft Foundation Class Libraries 11

Microsoft Visual Studio 11 Beta Tools for .Net 3.5

Microsoft Visual Studio 11 Developer Preview Language Pack - ENU

Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool

Microsoft Visual Studio 11 LightSwitch Beta Core

Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU

Microsoft Visual Studio 11 Professional Beta

Microsoft Visual Studio 11 Professional Beta - ENU

Microsoft Visual Studio 11 SharePoint Developer Tools Beta

Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack

Microsoft Visual Studio 11 Tools for SQL Server Compact 4.0 SP1 Beta ENU

Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer Core

Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources

Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer

Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU

Microsoft Web Deploy dbSqlPackage Provider Nov 2011

Microsoft Web Tooling Extensions - Visual Studio 11

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft® SQL Server Data Tools, RC0 - enu

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

NCsoft Launcher

Nexon Game Manager

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

PCSX2 - Playstation 2 Emulator

PHANTASY STAR ONLINE 2

Planescape Torment

PlayOnline Viewer & Tetra Master

Portal

Portal 2

PreEmptive Analytics Visual Studio Components

Prerequisites for SSDT RC0

professional_finalizer

Psychonauts

PunkBuster Services

QuickTime

Realtek High Definition Audio Driver

Sanctum

Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)

Skype™ 4.2

SpeedFan (remove only)

SQL Server Data Framework Tools

Star Wars: Knights of the Old Republic

Steam

Super Meat Boy

Super Meat Boy Editor

Super Meat Boy v1.5

Superbrothers: Sword & Sworcery EP

System Requirements Lab

Team Fortress 2

Team Fortress 2 Beta

The Elder Scrolls IV: Oblivion

The Longest Journey

The Witcher 2: Assassins of Kings Enhanced Edition

The Witcher: Enhanced Edition

Visual Studio 2008 x64 Redistributables

Visual Studio Extensions for Windows Library for JavaScript

vs_devenv

vs_devenvLP

vs_minshellcore

vs_minshellinterop

vs_minshellres

vslp_finalizer

WCF RIA Services V1.0 SP2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Runtime Intellisense Content - English

Windows Software Development Kit

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Metro style Apps

Windows Software Development Kit for Metro style Apps DirectX x86 Remote

Windows Software Development Kit Redistributables

WinRAR 4.01 (32-bit)

Ys Origin

Ys: The Oath in Felghana

.

==== Event Viewer Messages From Past Week ========

.

7/19/2012 9:25:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

7/19/2012 9:25:26 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 9:25:25 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/19/2012 8:30:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

7/19/2012 8:30:55 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

screen317 · July 20, 2012

Hi and welcome to Malwarebytes.

The detection that MBAM showed is a PUP or a potentially unwanted program. These often come bundled with other software but they aren't trojans and more likely than not are not really malicious. You're welcome to remove it, but it's not really a big threat.

Likewise, the message regarding avastsvc is normal for avast users and is not indicative of an infection.

Please let me me know if there's anything else I can do for you.

Selvaria · July 20, 2012

First of all, thank you very much. I just have one question, though I already feel much better about it.

Was there nothing wrong with my DSS that you could tell? Basically, I've been up all night and are looking for a confirmation that I am indeed safe.

(On a side note: is there any place to donate to mods? The service from all of the threads I've read has been fantastic and I'd like to support them!)

Selvaria · July 20, 2012

Sorry, I don't see an edit button and wanted to add something I had forgotten. When I first downloaded the bundle, it auto-installed a few things. One was one of those fake virus scan pop-ups (used task manager to close it) and I believe a toolbar. I uninstalled the toolbar but didn't see what made the fake antivirus run. The 3 infected files were in my program files under an uninstaller folder. MBAM removed the 3 and they haven't returned after ~6 reboots. My PC is running fine and there hasn't been anything out of the ordinary so far, though all I have been doing on it is running scans over and over.

screen317 · July 20, 2012

Give me a couple of minutes to look through your DDS log.

Selvaria · July 20, 2012

Thank you! Please, take all of the time you need.

screen317 · July 20, 2012

Okay I looked through it and didn't really see anything malware related. We can take a deeper look if you'd like to be sure, though.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Selvaria · July 20, 2012

If you don't mind, I would love to triple-check. I'll post again when I have everything, it may take some time since my PC has about 600k files. Regular scans usually take 2 and a half hours. Thank you for all of your help thus far.

Selvaria · July 20, 2012

That didn't take long at all Here are the combofix, DDS, and DDS attach in order:

ComboFix 12-07-20.02 - Tony 07/20/2012 15:45:59.1.6 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5603 [GMT -4:00]

Running from: c:\users\Tony\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Tony\AppData\Local\assembly\tmp

c:\windows\SysWow64\d2d1debug1.dll

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

2012-07-20 13:29 . 2012-07-20 13:29 -------- d-----w- c:\program files\CCleaner

2012-07-20 10:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6964CD5C-4F56-4F7E-AAA1-7AA7147B0BCD}\mpengine.dll

2012-07-20 01:26 . 2012-07-20 01:26 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-20 01:26 . 2012-07-20 01:27 -------- d-----w- c:\users\Tony\AppData\Roaming\PerformerSoft

2012-07-20 01:26 . 2012-03-14 19:47 19000 ----a-w- c:\windows\system32\roboot64.exe

2012-07-20 01:26 . 2012-07-20 01:35 -------- d-----w- c:\users\Tony\AppData\Local\Conduit

2012-07-20 01:25 . 2009-03-18 21:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2012-07-19 23:40 . 2012-07-20 00:11 -------- d-----w- c:\users\Tony\AppData\Roaming\DarkBlood ServiceNa

2012-07-19 23:13 . 2012-07-19 23:14 -------- d-----w- c:\users\Tony\AppData\Roaming\The Longest Journey

2012-07-13 05:35 . 2012-07-13 05:35 -------- d-----w- c:\users\Tony\AppData\Local\The Witcher 2

2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 07:01 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-07-11 07:01 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-11 07:01 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-07-11 07:01 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-07-11 07:01 . 2012-06-02 12:05 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-07-11 07:01 . 2012-06-02 12:04 237056 ----a-w- c:\windows\system32\url.dll

2012-07-11 07:01 . 2012-06-02 12:03 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-07-11 07:01 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-07-11 07:01 . 2012-06-02 08:22 194560 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2012-07-11 05:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-28 08:20 . 2012-06-28 08:20 -------- d-----w- C:\Riot Games

2012-06-26 01:45 . 2012-06-26 01:58 -------- d-----w- c:\program files (x86)\Overwolf

2012-06-26 01:44 . 2012-06-26 01:47 -------- d-----w- c:\users\Tony\AppData\Local\Overwolf

2012-06-26 00:57 . 2012-06-26 00:57 -------- d-----w- C:\Crash

2012-06-21 22:22 . 2012-06-21 22:23 -------- d-----w- c:\users\Tony\AppData\Roaming\ImgBurn

2012-06-21 22:09 . 2012-06-21 22:09 -------- d-----w- c:\program files (x86)\ImgBurn

2012-06-21 20:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 20:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 20:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 20:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 20:16 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 20:16 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 20:16 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 20:16 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 20:16 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 17:16 . 2012-04-03 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-18 17:16 . 2011-12-02 22:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 07:01 . 2011-12-02 21:27 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-12-02 23:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21 . 2012-03-02 13:54 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2012-03-02 13:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-03-02 13:54 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2012-03-02 13:54 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2012-03-02 13:54 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2012-03-02 13:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-03-02 13:53 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2012-03-02 13:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2011-12-02 22:09 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-20 15:28 . 2012-01-29 01:35 4145600 ----a-w- c:\windows\SysWow64\GameMon.des

2012-05-31 16:25 . 2011-12-02 21:08 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 10:48 . 2012-06-18 18:49 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2012-06-18 18:49 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-05-15 10:48 . 2012-06-18 18:49 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 18:49 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-05-15 10:48 . 2012-06-18 18:49 364352 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-15 10:48 . 2012-06-18 18:49 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2012-05-15 10:48 . 2012-06-18 18:49 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 18:49 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2012-06-18 18:49 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 18:49 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-05-15 10:48 . 2012-06-18 18:49 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-05-15 10:48 . 2012-06-18 18:49 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 18:49 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-05-15 10:48 . 2012-06-18 18:49 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-05-15 10:48 . 2012-06-18 18:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2012-06-18 18:49 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-05-15 10:48 . 2012-06-18 18:49 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-05-15 10:48 . 2012-06-18 18:49 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-06-18 18:49 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-05-15 10:48 . 2012-06-18 18:49 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:48 . 2012-03-14 14:24 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-14 14:24 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-12-03 17:09 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-12-03 17:09 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-12-03 00:29 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-10-22 15:01 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 10:48 . 2011-10-22 15:01 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 09:29 . 2011-03-20 22:34 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-10-22 15:02 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-03-20 22:34 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2012-03-02 11:53 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:29 . 2011-03-20 22:33 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-03-20 22:33 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-04 11:06 . 2012-06-13 20:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 20:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 20:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 20:56 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-30 18:54 . 2012-02-16 04:39 670816 ----a-w- c:\windows\SysWow64\xsherlock.xem

2012-04-28 03:55 . 2012-06-13 20:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 20:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 20:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 20:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 20:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 20:55 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 20:55 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 20:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 20:55 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 20:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Tony\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-10 137728]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2006-05-05 10752]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-08-07 595488]

R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-03 1255736]

R3 X6va005;X6va005;c:\users\Tony\AppData\Local\Temp\0053ABE.tmp [x]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-27 12681320]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 71.252.0.12 68.237.161.12

FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kkhjfy9r.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cdf97ee2-ded0-4369-835e-99dd08225fa5} - (no file)

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)

Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

AddRemove-SOE-DC Universe Online Live - c:\dcuo\Uninstaller.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Tony\AppData\Local\Temp\0053ABE.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:30,5e,96,33,3f,53,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,34,2b,86,ef,b2,6e,47,88,77,fc,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,34,2b,86,ef,b2,6e,47,88,77,fc,\

.

[HKEY_USERS\S-1-5-21-3333078809-3029524699-3599334297-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3333078809-3029524699-3599334297-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3333078809-3029524699-3599334297-1001\Software\SecuROM\License information*]

"datasecu"=hex:71,39,dd,9a,1f,32,2f,1b,34,56,cc,e9,4a,30,35,56,83,23,0d,f9,2d,

87,56,9f,75,bf,76,69,cd,87,1c,96,02,b1,60,bf,e3,09,b5,a0,46,dc,8e,dc,7a,37,\

"rkeysecu"=hex:6a,00,dc,63,ac,a7,e6,8c,a0,bd,05,45,70,9a,c6,3a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2012-07-20 16:02:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-20 20:02

.

Pre-Run: 585,121,144,832 bytes free

Post-Run: 589,685,989,376 bytes free

.

- - End Of File - - 656B06E6962262B8E92A13D44423547B

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Tony at 16:03:23 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6511 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe

C:\Windows\V0230Mon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\notepad.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Akamai NetSession Interface] "C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe"

mRun: [V0230Mon.exe] C:\Windows\V0230Mon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 71.252.0.12 68.237.161.12

TCP: Interfaces\{CE54720C-79E0-428A-A20A-6E94744A2A2B} : DhcpNameServer = 71.252.0.12 68.237.161.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll