Jump to content

gregulate8

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by gregulate8

  1. DDS (Ver_2012-11-05.02) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/12/2011 4:39:28 PM System Uptime: 12/5/2012 12:03:37 PM (31 hours ago) . Motherboard: Alienware | | 046MHW Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/400mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 269.535 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 223 GiB total, 48.449 GiB free. F: is FIXED (NTFS) - 10 GiB total, 5.962 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . RP108: 12/5/2012 3:13:48 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 20Dollars2Surf 1.1 Ad-Aware Antivirus Ad-Aware Browsing Protection Ad-Aware Security Toolbar Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin 64-bit Adobe Reader XI AlienAutopsy AlienRespawn AlienRespawn - Support Software Apple Application Support Apple Mobile Device Support Apple Software Update Article Submit Pro 1.4 Aurora-R3 Manual Battlefield 3™ Battlelog Web Plugins Bonjour Command Center D3DX10 Dell InHome Service Agreement DirectX 9 Runtime DivX Setup Easy Submit Website 1.0 Entropia Universe ESN Sonar Google Chrome Google Talk Plugin Heroes of Newerth HiJackThis iCloud Intel® Rapid Storage Technology iTunes Java Auto Updater Java™ 6 Update 27 (64-bit) Java™ 6 Update 35 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver 295.73 NVIDIA 3D Vision Driver 295.73 NVIDIA Control Panel 295.73 NVIDIA Graphics Driver 295.73 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0209 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.7.11 NVIDIA Update Components Origin Pando Media Booster PhotoShowExpress PunkBuster Services QuickTime RBVirtualFolder64Inst RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver RealUpgrade 1.1 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Click to Call Skype™ 6.0 Snagit 10.0.1 Sonic CinePlayer Decoder Pack Star Wars: The Old Republic STOPzilla System Requirements Lab TeamSpeak 3 Client THX TruStudio PC Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.11 (64-bit) Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 12/5/2012 12:12:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 12/5/2012 12:11:42 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 12/5/2012 12:04:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 12/5/2012 12:04:02 PM, Error: Service Control Manager [7000] - The STOPzilla Service service failed to start due to the following error: The system cannot find the file specified. 12/5/2012 12:02:37 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 12/5/2012 11:19:58 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 12/3/2012 5:36:57 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: A device attached to the system is not functioning. 12/3/2012 5:34:04 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/3/2012 5:33:48 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 12/3/2012 5:30:19 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 12/2/2012 6:16:51 PM, Error: Service Control Manager [7034] - The WajamUpdater service terminated unexpectedly. It has done this 1 time(s). 12/2/2012 6:16:22 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s). 12/2/2012 6:16:22 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service. 12/2/2012 12:31:44 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 2 time(s). 12/2/2012 1:41:44 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 3 time(s). 12/1/2012 9:27:40 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s). 12/1/2012 8:51:12 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified. 12/1/2012 7:54:54 PM, Error: iaStor [5] - A parity error was detected on \Device\Ide\iaStor0. 12/1/2012 7:02:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv 12/1/2012 7:00:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/1/2012 6:49:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 12/1/2012 6:03:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/1/2012 6:03:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/1/2012 6:03:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/1/2012 6:03:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/1/2012 6:03:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/1/2012 6:03:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 12/1/2012 12:51:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847 . ==== End Of File ===========================
  2. DDS (Ver_2012-11-05.02) - NTFS_AMD64 Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_35 Run by gregulate at 19:37:07 on 2012-12-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.3487 [GMT -8:00] . AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\AlienRespawn\TOASTER.EXE C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\ThermalController.exe C:\Windows\system32\taskeng.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://AlienwareArena.com BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{62D913F8-F20D-4A1A-BAF1-47D45D8993B7} : DHCPNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\gregulate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\gregulate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\gregulate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-14 08:57; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-12-01 12:50; {0153E448-190B-4987-BDE1-F256CADA672F}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-8 55856] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-18 253528] R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-18 94296] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-5-2 15296] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-8 13336] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-12-8 32544] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-12-8 1692480] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-8 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-8 184968] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-8 347680] R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-18 84568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-8 48416] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-8 29472] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-18 84568] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-18 60504] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-8 48416] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-8 29472] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-13 1255736] . =============== Created Last 30 ================ . 2012-12-05 16:21:05 -------- d-----w- C:\Program Files (x86)\ESET 2012-12-03 13:35:08 -------- d-----w- C:\$RECYCLE.BIN 2012-12-03 13:33:57 94208 ----a-w- C:\Windows\System32\drivers\Serial.sys 2012-12-03 13:30:28 98816 ----a-w- C:\Windows\sed.exe 2012-12-03 13:30:28 256000 ----a-w- C:\Windows\PEV.exe 2012-12-03 13:30:28 208896 ----a-w- C:\Windows\MBR.exe 2012-12-03 02:29:17 -------- d-----w- C:\Users\gregulate\AppData\Roaming\Malwarebytes 2012-12-03 02:28:37 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-03 02:28:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-03 02:28:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-02 02:49:15 -------- d-----w- C:\Users\gregulate\AppData\Roaming\SpeedyPC Software 2012-12-02 02:49:15 -------- d-----w- C:\Users\gregulate\AppData\Roaming\DriverCure 2012-12-02 02:48:57 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-11-30 06:26:39 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2012-11-30 04:52:23 -------- d-----w- C:\ProgramData\Battle.net 2012-11-30 04:49:12 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-30 04:48:45 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-11-30 04:48:13 -------- d--h--w- C:\ProgramData\Common Files 2012-11-22 18:34:38 5885632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-24 16:16:38 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll 2012-10-24 16:16:26 681848 ----a-r- C:\Windows\SysWow64\SZComp5.dll 2012-10-24 16:16:22 509816 ----a-r- C:\Windows\SysWow64\SZBase5.dll 2012-10-15 22:23:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-10-15 22:23:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-10-14 15:57:15 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-10-14 15:57:15 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-11 17:06:36 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll 2012-10-11 17:06:36 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll 2012-10-11 17:06:34 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll 2012-10-11 17:06:32 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll 2012-10-11 17:06:26 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll 2012-10-11 17:06:26 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll 2012-10-11 17:06:24 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll 2012-10-11 17:06:24 460664 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll 2012-10-11 17:06:22 817016 ----a-r- C:\Windows\SysWow64\IS3Base5.dll 2012-09-29 02:27:00 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-09-29 02:27:00 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-09-29 02:26:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-09-17 23:34:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe . ============= FINISH: 19:37:17.70 ===============
  3. the threats were quarantined. Is that good enough
  4. I have completed everything you requested. Is there anything I can do to make sure that my registry is free of any more problems? I don't want to do any banking or input any passwords until I am certain that any keyloggers or other trojans spyware malware etc are completely gone.
  5. The TFC links do not exist. can you please repost them
  6. I will try and post the logs again by typing them out if you need that. can't figure out why copy and paste is behaving this way.
  7. I didn't tell you before but the reason I thought I was infected was because I had the isearch.avg.com browser highjacker on my computer. I had restored to before that happened but don't know how bad that virus can be.
  8. <p> </p> <div>Results of screen317's Security Check version 0.99.56 </div> <div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div> Windows Firewall Disabled! </div> <div>Lavasoft Ad-Aware </div> <div> Antivirus out of date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Ad-Aware </div> <div> Malwarebytes Anti-Malware version 1.65.1.1000 </div> <div> Java 6 Update 35 </div> <div> Java version out of Date! </div> <div> Adobe Flash Player 11.1.102.62 Flash Player out of Date! </div> <div> Adobe Reader 10.1.4 Adobe Reader out of Date! </div> <div> Mozilla Firefox 12.0 Firefox out of Date! </div> <div> Google Chrome 21.0.1180.83 </div> <div> Google Chrome 21.0.1180.89 </div> <div> Google Chrome 22.0.1229.79 </div> <div> Google Chrome 22.0.1229.92 </div> <div> Google Chrome 22.0.1229.94 </div> <div> Google Chrome 23.0.1271.64 </div> <div> Google Chrome 23.0.1271.95 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> Ad-Aware AAWService.exe is disabled! </div> <div> Ad-Aware AAWTray.exe is disabled! </div> <div> Ad-Aware Antivirus AdAwareService.exe </div> <div> Ad-Aware Antivirus Engine SBAMSvc.exe </div> <div> Alienware Command Center ThermalController.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)</div> <div>````````````````````End of Log``````````````````````</div>
  9. I don't get it but each time I paste it comes up normal until I post it.
  10. <p>sorry it happened again and I don't know why. here it is again.</p> <p> </p> <p> </p> <div>C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>C:\Program Files (x86)\AlienRespawn\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div> <div>C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div> <div>C:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>C:\Users\gregulate\Downloads\SoftonicDownloader_for_warcraft-iii-the-frozen-throne.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/SoftonicDownloader.D application</div> <div>C:\Users\gregulate\Music\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div> <div>E:\Program Files\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>E:\Users\gregulate\AppData\Local\Temp\jar_cache4783387934846929165.tmp<span class="Apple-tab-span" style="white-space:pre"> </span>Java/Exploit.CVE-2010-0842.I trojan</div> <div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div> <div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data-1<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div> <div>E:\Users\gregulate\Desktop\ps3video9-504-setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>E:\Users\gregulate\Desktop\SoftonicDownloader_for_teamspeak.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/SoftonicDownloader.A application</div> <div>E:\Users\gregulate\Downloads\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\Downloads\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>E:\Users\gregulate\Shared\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div>
  11. <p> </p> <div>C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>C:\Program Files (x86)\AlienRespawn\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div> <div>C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div> <div>C:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>C:\Users\gregulate\Downloads\SoftonicDownloader_for_warcraft-iii-the-frozen-throne.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/SoftonicDownloader.D application</div> <div>C:\Users\gregulate\Music\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div> <div>E:\Program Files\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>E:\Users\gregulate\AppData\Local\Temp\jar_cache4783387934846929165.tmp<span class="Apple-tab-span" style="white-space:pre"> </span>Java/Exploit.CVE-2010-0842.I trojan</div> <div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div> <div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data-1<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div> <div>E:\Users\gregulate\Desktop\ps3video9-504-setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>E:\Users\gregulate\Desktop\SoftonicDownloader_for_teamspeak.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/SoftonicDownloader.A application</div> <div>E:\Users\gregulate\Downloads\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\Downloads\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>E:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div> <div>E:\Users\gregulate\Shared\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div> <div> </div>
  12. Sorry I don't know how that happened in the previous post. I thought I just did a copy paste. I didn't look at it after I posted. Thanks for all your help so far.
  13. ComboFix 12-12-02.01 - gregulate 12/03/2012 5:31.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.4399 [GMT -8:00] Running from: c:\users\gregulate\Desktop\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll c:\users\gregulate\AppData\Local\assembly\tmp c:\users\gregulate\AppData\Roaming\uninstaller.exe . c:\windows\system32\drivers\Serial.sys was missing Restored copy from - c:\windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 02:29 . 2012-12-03 02:29 -------- d-----w- c:\users\gregulate\AppData\Roaming\Malwarebytes 2012-12-03 02:28 . 2012-12-03 02:28 -------- d-----w- c:\programdata\Malwarebytes 2012-12-03 02:28 . 2012-12-03 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-03 02:28 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 02:26 . 2012-12-03 02:26 -------- d-----w- c:\users\TEMP 2012-12-02 16:58 . 2012-12-02 16:58 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-12-02 02:49 . 2012-12-02 02:49 -------- d-----w- c:\users\gregulate\AppData\Roaming\SpeedyPC Software 2012-12-02 02:49 . 2012-12-02 02:49 -------- d-----w- c:\users\gregulate\AppData\Roaming\DriverCure 2012-12-02 02:48 . 2012-12-02 03:54 -------- d-----w- c:\programdata\SpeedyPC Software 2012-11-30 06:26 . 2012-12-01 20:50 -------- d-----w- c:\program files (x86)\World of Warcraft 2012-11-30 04:52 . 2012-11-30 04:52 -------- d-----w- c:\programdata\Battle.net 2012-11-30 04:49 . 2012-12-01 20:50 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-11-30 04:48 . 2012-11-30 04:57 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-11-30 04:48 . 2012-11-30 04:48 -------- d--h--w- c:\programdata\Common Files 2012-11-22 18:34 . 2012-11-22 18:34 5885632 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-11-06 01:23 . 2012-11-06 01:23 -------- d-----w- c:\users\gregulate\AppData\Roaming\NVIDIA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-24 16:16 . 2012-10-24 16:16 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll 2012-10-24 16:16 . 2012-10-24 16:16 681848 ----a-r- c:\windows\SysWow64\SZComp5.dll 2012-10-24 16:16 . 2012-10-24 16:16 509816 ----a-r- c:\windows\SysWow64\SZBase5.dll 2012-10-15 22:23 . 2003-03-19 02:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-10-15 22:23 . 2003-02-21 10:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-10-14 15:57 . 2012-10-14 15:57 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-14 15:57 . 2011-12-08 21:44 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-11 17:06 . 2012-10-11 17:06 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll 2012-10-11 17:06 . 2012-10-11 17:06 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll 2012-10-11 17:06 . 2012-10-11 17:06 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll 2012-10-11 17:06 . 2012-10-11 17:06 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll 2012-10-11 17:06 . 2012-10-11 17:06 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll 2012-10-11 17:06 . 2012-10-11 17:06 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll 2012-10-11 17:06 . 2012-10-11 17:06 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll 2012-10-11 17:06 . 2012-10-11 17:06 460664 ----a-r- c:\windows\SysWow64\IS3DBA5.dll 2012-10-11 17:06 . 2012-10-11 17:06 817016 ----a-r- c:\windows\SysWow64\IS3Base5.dll 2012-09-29 02:27 . 2012-09-15 19:43 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-09-29 02:27 . 2012-09-15 06:53 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-09-29 02:26 . 2012-09-15 06:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-09-17 23:34 . 2012-09-15 06:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-02 3492504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-15 296096] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ 20Dollars2Surf.lnk - c:\program files (x86)\20Dollars2Surf\20dollars2surf.exe [2012-6-6 89088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304] R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568] R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-06 60504] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2010-01-15 29472] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-06 253528] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-06 94296] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680] S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568] . . Contents of the 'Scheduled Tasks' folder . 2012-12-02 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982522583-986826979-1863606407-1000Core.job - c:\users\gregulate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:02] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982522583-986826979-1863606407-1000UA.job - c:\users\gregulate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128] "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-05-02 13256] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://AlienwareArena.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - ExtSQL: 2012-10-14 08:57; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-12-01 12:50; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) AddRemove-Article Submit Pro 1.4 - c:\windows\system32\ss2uinst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe c:\program files (x86)\AlienRespawn\TOASTER.EXE c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE . ************************************************************************** . Completion time: 2012-12-03 05:36:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-03 13:36 . Pre-Run: 278,235,832,320 bytes free Post-Run: 278,059,761,664 bytes free . - - End Of File - - 6AE47042D04EDFCF2D08626659DCC826
  14. <p> </p> <div>ComboFix 12-12-02.01 - gregulate 12/03/2012 5:31.1.4 - x64</div> <div>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.4399 [GMT -8:00]</div> <div>Running from: c:\users\gregulate\Desktop\ComboFix.exe</div> <div>AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}</div> <div>FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}</div> <div>SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll</div> <div>c:\users\gregulate\AppData\Local\assembly\tmp</div> <div>c:\users\gregulate\AppData\Roaming\uninstaller.exe</div> <div>.</div> <div>c:\windows\system32\drivers\Serial.sys was missing </div> <div>Restored copy from - c:\windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-12-03 02:29 . 2012-12-03 02:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\gregulate\AppData\Roaming\Malwarebytes</div> <div>2012-12-03 02:28 . 2012-12-03 02:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-12-03 02:28 . 2012-12-03 02:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Malwarebytes' Anti-Malware</div> <div>2012-12-03 02:28 . 2012-09-30 03:54<span class="Apple-tab-span" style="white-space:pre"> </span>25928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-12-03 02:26 . 2012-12-03 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\TEMP</div> <div>2012-12-02 16:58 . 2012-12-02 16:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Skype</div> <div>2012-12-02 02:49 . 2012-12-02 02:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\gregulate\AppData\Roaming\SpeedyPC Software</div> <div>2012-12-02 02:49 . 2012-12-02 02:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\gregulate\AppData\Roaming\DriverCure</div> <div>2012-12-02 02:48 . 2012-12-02 03:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SpeedyPC Software</div> <div>2012-11-30 06:26 . 2012-12-01 20:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\World of Warcraft</div> <div>2012-11-30 04:52 . 2012-11-30 04:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Battle.net</div> <div>2012-11-30 04:49 . 2012-12-01 20:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Blizzard Entertainment</div> <div>2012-11-30 04:48 . 2012-11-30 04:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Blizzard Entertainment</div> <div>2012-11-30 04:48 . 2012-11-30 04:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2012-11-22 18:34 . 2012-11-22 18:34<span class="Apple-tab-span" style="white-space:pre"> </span>5885632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll</div> <div>2012-11-06 01:23 . 2012-11-06 01:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\gregulate\AppData\Roaming\NVIDIA</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-10-25 11:12 . 2012-10-25 11:12<span class="Apple-tab-span" style="white-space:pre"> </span>94208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTimeVR.qtx</div> <div>2012-10-25 11:12 . 2012-10-25 11:12<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTime.qts</div> <div>2012-10-24 16:16 . 2012-10-24 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>23416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\SZIO5.dll</div> <div>2012-10-24 16:16 . 2012-10-24 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>681848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\SZComp5.dll</div> <div>2012-10-24 16:16 . 2012-10-24 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>509816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\SZBase5.dll</div> <div>2012-10-15 22:23 . 2003-03-19 02:14<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\msvcp71.dll</div> <div>2012-10-15 22:23 . 2003-02-21 10:42<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\msvcr71.dll</div> <div>2012-10-14 15:57 . 2012-10-14 15:57<span class="Apple-tab-span" style="white-space:pre"> </span>477168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npdeployJava1.dll</div> <div>2012-10-14 15:57 . 2011-12-08 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>473072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>29048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3XDat5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>231288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3Win325.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>391032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3UI5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>100216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3Svc5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>132984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3HTUI5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>104312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3Inet5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>67448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3Hks5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>460664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3DBA5.dll</div> <div>2012-10-11 17:06 . 2012-10-11 17:06<span class="Apple-tab-span" style="white-space:pre"> </span>817016<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\IS3Base5.dll</div> <div>2012-09-29 02:27 . 2012-09-15 19:43<span class="Apple-tab-span" style="white-space:pre"> </span>281520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.xtr</div> <div>2012-09-29 02:27 . 2012-09-15 06:53<span class="Apple-tab-span" style="white-space:pre"> </span>281520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.exe</div> <div>2012-09-29 02:26 . 2012-09-15 06:53<span class="Apple-tab-span" style="white-space:pre"> </span>280904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.ex0</div> <div>2012-09-17 23:34 . 2012-09-15 06:53<span class="Apple-tab-span" style="white-space:pre"> </span>76888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrA.exe</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]</div> <div>2012-03-06 19:16<span class="Apple-tab-span" style="white-space:pre"> </span>87440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\adawaretb\adawareDx.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</div> <div>"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-02 3492504]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]</div> <div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]</div> <div>"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]</div> <div>"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]</div> <div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]</div> <div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div> <div>"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]</div> <div>"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]</div> <div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]</div> <div>"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]</div> <div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]</div> <div>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]</div> <div>"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-15 296096]</div> <div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div> <div>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]</div> <div>.</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>20Dollars2Surf.lnk - c:\program files (x86)\20Dollars2Surf\20dollars2surf.exe [2012-6-6 89088]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux6"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]</div> <div>@="Ad-Aware Service"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div> <div>@="Service"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]</div> <div>@="Service"</div> <div>.</div> <div>R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]</div> <div>R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296]</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]</div> <div>R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]</div> <div>R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]</div> <div>R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]</div> <div>R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]</div> <div>R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]</div> <div>R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472]</div> <div>R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]</div> <div>R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-06 60504]</div> <div>R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]</div> <div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]</div> <div>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div> <div>R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2010-01-15 29472]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736]</div> <div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]</div> <div>S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-06 253528]</div> <div>S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-06 94296]</div> <div>S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]</div> <div>S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544]</div> <div>S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]</div> <div>S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]</div> <div>S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480]</div> <div>S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]</div> <div>S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]</div> <div>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]</div> <div>S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 83080]</div> <div>S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 184968]</div> <div>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]</div> <div>S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]</div> <div>.</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-12-02 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job</div> <div>- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 19:44]</div> <div>.</div> <div>2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982522583-986826979-1863606407-1000Core.job</div> <div>- c:\users\gregulate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:02]</div> <div>.</div> <div>2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982522583-986826979-1863606407-1000UA.job</div> <div>- c:\users\gregulate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:02]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]</div> <div>"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-05-02 13256]</div> <div>"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]</div> <div>"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>uStart Page = hxxp://AlienwareArena.com</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>TCP: DhcpNameServer = 192.168.1.254</div> <div>FF - ProfilePath - c:\users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/</div> <div>FF - ExtSQL: 2012-10-14 08:57; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}</div> <div>FF - ExtSQL: 2012-12-01 12:50; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-Locked - (no file)</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>Toolbar-Locked - (no file)</div> <div>AddRemove-Article Submit Pro 1.4 - c:\windows\system32\ss2uinst.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.10"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker4"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>------------------------ Other Running Processes ------------------------</div> <div>.</div> <div>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>c:\windows\SysWOW64\PnkBstrA.exe</div> <div>c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe</div> <div>c:\program files (x86)\AlienRespawn\TOASTER.EXE</div> <div>c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>Completion time: 2012-12-03 05:36:56 - machine was rebooted</div> <div>ComboFix-quarantined-files.txt 2012-12-03 13:36</div> <div>.</div> <div>Pre-Run: 278,235,832,320 bytes free</div> <div>Post-Run: 278,059,761,664 bytes free</div> <div>.</div> <div>- - End Of File - - 6AE47042D04EDFCF2D08626659DCC826</div> <div> </div>
  15. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 gregulate :: GREGULATE-PC [administrator] 12/2/2012 6:30:14 PM mbam-log-2012-12-02 (18-30-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241939 Time elapsed: 2 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  16. # AdwCleaner v2.011 - Logfile created 12/02/2012 at 18:23:00 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : gregulate - GREGULATE-PC # Boot Mode : Normal # Running from : C:\Users\gregulate\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\gregulate\AppData\Local\APN Folder Deleted : C:\Users\gregulate\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\gregulate\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16448 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (en-US) Profile name : default File : C:\Users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\prefs.js C:\Users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\gregulate\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [6401 octets] - [02/12/2012 18:23:00] ########## EOF - C:\AdwCleaner[s1].txt - [6461 octets] ##########
  17. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:30:53 PM, on 6/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\AlienRespawn\TOASTER.EXE C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot O4 - HKCU\..\Run: [Google Update] "C:\Users\gregulate\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2982522583-986826979-1863606407-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2982522583-986826979-1863606407-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: 20Dollars2Surf.lnk = C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13904 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.