Could someone look at this please? maybe a pc problem...

[chezybezy]

been having a problematic pc - freezing (sometimes requiring a full rebooot) odd mouse behaviour (3 clicks for every one needed) and other times its just perfectly fine. I have read that these problems may be related to my nvidia graphics card drivers, performed another update and its been ok since (less than 24hours). i only mention this in case it might be relevant.

i have just remove AVG and switched to MSE (as it was playing up), again that was last night, and i also have removed my TV Card and its software too.
i thought id run spybot and it has produced some entries, i suspect there all 'harmless' but the Banker one identified has me really worried.
can you help me check if that is a problem and maybe if my pc problems are related to something such as spyware or something please?

Steps-
i can not run ERUNT as i have Windows 7 64bit.

DDS Log
- pasted and zip attached

aswMBR Log
- log file pasted

Spybot - Search & Destroy Log


DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Chez at 19:46:16 on 2013-09-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6143.3409 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chez\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Chez\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\Chez\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 16344b7702aac547d989027811488e94-57818edc46875657c4c0a24f2e912118a3d7e482 --CMPID 0913b
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-UHTVT.exe" /REG /REGSVRMODE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU\OC_GURU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{183A14B8-B822-428B-8294-75B9ED124B02} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{183A14B8-B822-428B-8294-75B9ED124B02}\244584F6D65684572623D2B464D453 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8827EA0F-6CC8-42E2-92BF-C26E8506B21D} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 relog_ap
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chez\AppData\Roaming\Mozilla\Firefox\Profiles\fw6e0p4z.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: C:\Users\Chez\AppData\Roaming\Mozilla\Firefox\Profiles\fw6e0p4z.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Chez\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\Firefox\Profiles\fw6e0p4z.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\Firefox\Profiles\fw6e0p4z.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\Firefox\Profiles\fw6e0p4z.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Chez\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-02-14 23:22; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-18 21992]
R2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-7-7 176408]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-5 14997280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 VMwareHostd;VMware Host Agent;C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe [2009-10-20 57344]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2010-1-13 15896]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-1-13 327576]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-1 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\System32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-6-25 131912]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-5 19456]
S3 SliceDisk5;SliceDisk5;C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [2010-1-15 13824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-5 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-25 1255736]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);C:\Windows\System32\drivers\wfeaglxt.sys [2009-10-21 474240]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-30 18:32:25 712264 ----a-w- C:\Windows\is-UHTVT.exe
2013-09-30 17:32:27 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDCD9D7B-2057-4E07-9061-1D5D08786BE0}\offreg.dll
2013-09-30 16:48:58 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDCD9D7B-2057-4E07-9061-1D5D08786BE0}\mpengine.dll
2013-09-29 23:29:09 -------- d-----w- C:\Users\Chez\AppData\Roaming\Retrovirus
2013-09-29 22:22:08 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EC3BF2F-6E99-49A3-A776-A52D16060579}\gapaengine.dll
2013-09-29 22:22:03 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-29 22:20:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-29 22:20:16 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-09-29 21:16:16 -------- d-----w- C:\Users\Chez\AppData\Local\Avg2013
2013-09-29 00:12:38 -------- d-----w- C:\Users\Chez\AppData\Roaming\tropico 4
2013-09-28 18:19:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-28 18:19:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-28 18:19:01 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-09-28 18:19:01 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-09-28 18:19:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-28 18:19:00 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-09-28 18:19:00 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-09-28 18:19:00 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-09-28 15:36:12 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-28 15:35:58 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-12 00:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-04 00:46:30 -------- d-----w- C:\Users\Chez\AppData\Local\4A Games
2013-09-04 00:46:02 -------- d-----w- C:\Users\Chez\AppData\Roaming\NVIDIA
2013-09-03 22:42:48 -------- d-----w- C:\Users\Chez\AppData\Local\PAYDAY
2013-09-03 22:34:32 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2013-09-03 21:19:38 -------- d-----w- C:\Users\Chez\AppData\Local\Ubisoft Game Launcher
2013-09-03 21:03:12 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-09-03 20:12:43 -------- d-----w- C:\Users\Chez\AppData\Roaming\Origin
2013-09-03 20:12:40 -------- d-----w- C:\Users\Chez\AppData\Local\Origin
2013-09-03 20:07:51 -------- d-----w- C:\ProgramData\Origin
2013-09-03 20:07:50 -------- d-----w- C:\ProgramData\Electronic Arts
2013-09-03 20:07:46 -------- d-----w- C:\Program Files (x86)\Origin
2013-09-01 21:44:14 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-01 21:44:14 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M ====================
.
2013-09-28 16:50:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-28 16:50:48 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-03 17:12:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-08-03 17:12:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-08-03 17:12:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-08-03 17:12:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-08-03 01:31:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-03 01:31:12 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-03 01:31:12 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:47:00.06 ===============





Log File for AswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-30 19:50:20
-----------------------------
19:50:20.151 OS Version: Windows x64 6.1.7601 Service Pack 1
19:50:20.151 Number of processors: 2 586 0xF06
19:50:20.153 ComputerName: DT-SBLACK UserName: Chez
19:50:22.444 Initialize success
19:51:49.930 AVAST engine defs: 13093000
19:52:09.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
19:52:09.179 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
19:52:09.182 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-4
19:52:09.185 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
19:52:09.188 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-5
19:52:09.190 Disk 2 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
19:52:09.209 Disk 0 MBR read successfully
19:52:09.212 Disk 0 MBR scan
19:52:09.219 Disk 0 Windows 7 default MBR code
19:52:09.223 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28827 MB offset 63
19:52:09.260 Disk 0 Partition - 00 05 Extended 925039 MB offset 59038875
19:52:09.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 925008 MB offset 59103198
19:52:09.382 Disk 0 scanning C:\Windows\system32\drivers
19:52:24.207 Service scanning
19:52:56.979 Modules scanning
19:52:56.986 Disk 0 trace - called modules:
19:52:57.008 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80061f82c0]<<spri.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
19:52:57.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800653a060]
19:52:57.019 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8006357520]
19:52:57.027 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8006350060]
19:52:57.033 \Driver\atapi[0xfffffa8006323e70] -> IRP_MJ_CREATE -> 0xfffffa80061f82c0
19:52:59.196 AVAST engine scan C:\Windows
19:53:03.662 AVAST engine scan C:\Windows\system32
19:58:46.731 AVAST engine scan C:\Windows\system32\drivers
19:59:14.576 AVAST engine scan C:\Users\Chez
20:22:05.284 File: C:\Users\Chez\Documents\Backups Devices\Hold4GBforXbox\hold\hold\MsgPlusLive-423.exe **INFECTED** Win32:SwizDrop-BE [Trj]
21:05:31.725 AVAST engine scan C:\ProgramData
21:19:44.499 Scan finished successfully
21:50:46.902 Disk 0 MBR has been saved successfully to "C:\Users\Chez\Desktop\MBR.dat"
21:50:46.952 The log file has been saved successfully to "C:\Users\Chez\Desktop\aswMBR.txt"





SpyBot S&D Log:

CouponBar: [SBI $7A5ACBCB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: [SBI $7B15781E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

IWinGames: [SBI $C7B64946] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\ForseRemove

IWinGames: [SBI $C7B64946] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\ForseRemove

IWinGames: [SBI $8D161E83] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

IWinGames: [SBI $8D161E83] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

IWinGames: [SBI $FF593BF7] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{495874FE-4A82-4AD1-9476-0B957E0B95EB}

IWinGames: [SBI $FF593BF7] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{495874FE-4A82-4AD1-9476-0B957E0B95EB}

IWinGames: [SBI $E8B83F64] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\iWinArcade

IWinGames: [SBI $E8B83F64] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1648949552-559477152-1280756743-1000\Software\iWinArcade

IWinGames: [SBI $E8B83F64] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\iWinArcade

IWinGames: [SBI $3B64B144] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\iWinArcade

IWinGames: [SBI $23600E87] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWinArcade

Banker: [SBI $EBFB4022] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Banker: [SBI $7F6039C1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-11-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-09-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-10 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-09-24 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-09-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-09-05 Includes\TrojansC-03.sbi (*)
2013-09-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[shelf life]

hi chezybezy,

Sorry for the delay. If you still need help simply reply back.

[chezybezy]

hi chezybezy,

Sorry for the delay. If you still need help simply reply back.

no worries, any chance you can have a look and just check if every things ok please?

[shelf life]

hi,

I see one malware item in the log. Can you locate this .exe using explorer, below is the path you might try copying it in explorers search function:

C:\Users\Chez\Documents\Backups Devices\Hold4GBforXbox\hold\hold\MsgPlusLive-423.exe

If you can find it you can go to this website, browse for the .exe on your machine and upload it using the Scan button. When the scan is done you can save and post the URL, only need to do that if any of the scans report it as malware.

you can also do a online scan as another check for malware :

You will need to use Internet Explorer for this scan

http://www.eset.com/onlinescan/

Check the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
Click Scan (This scan can take several hours, so please be patient)
If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
Copy and paste/or attach that log in your next reply.