gregulate8

December 7, 2012

DDS (Ver_2012-11-05.02)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/12/2011 4:39:28 PM

System Uptime: 12/5/2012 12:03:37 PM (31 hours ago)

.

Motherboard: Alienware | | 046MHW

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 269.535 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 223 GiB total, 48.449 GiB free.

F: is FIXED (NTFS) - 10 GiB total, 5.962 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP108: 12/5/2012 3:13:48 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

20Dollars2Surf 1.1

Ad-Aware Antivirus

Ad-Aware Browsing Protection

Ad-Aware Security Toolbar

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin 64-bit

Adobe Reader XI

AlienAutopsy

AlienRespawn

AlienRespawn - Support Software

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Article Submit Pro 1.4

Aurora-R3 Manual

Battlefield 3™

Battlelog Web Plugins

Bonjour

Command Center

D3DX10

Dell InHome Service Agreement

DirectX 9 Runtime

DivX Setup

Easy Submit Website 1.0

Entropia Universe

ESN Sonar

Google Chrome

Google Talk Plugin

Heroes of Newerth

HiJackThis

iCloud

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Java™ 6 Update 27 (64-bit)

Java™ 6 Update 35

League of Legends

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Controller Driver 295.73

NVIDIA 3D Vision Driver 295.73

NVIDIA Control Panel 295.73

NVIDIA Graphics Driver 295.73

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0209

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.7.11

NVIDIA Update Components

Origin

Pando Media Booster

PhotoShowExpress

PunkBuster Services

QuickTime

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 6.0

Snagit 10.0.1

Sonic CinePlayer Decoder Pack

Star Wars: The Old Republic

STOPzilla

System Requirements Lab

TeamSpeak 3 Client

THX TruStudio PC

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.11 (64-bit)

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/5/2012 12:12:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

12/5/2012 12:11:42 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/5/2012 12:04:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

12/5/2012 12:04:02 PM, Error: Service Control Manager [7000] - The STOPzilla Service service failed to start due to the following error: The system cannot find the file specified.

12/5/2012 12:02:37 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

12/5/2012 11:19:58 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

12/3/2012 5:36:57 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: A device attached to the system is not functioning.

12/3/2012 5:34:04 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/3/2012 5:33:48 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/3/2012 5:30:19 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

12/2/2012 6:16:51 PM, Error: Service Control Manager [7034] - The WajamUpdater service terminated unexpectedly. It has done this 1 time(s).

12/2/2012 6:16:22 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).

12/2/2012 6:16:22 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.

12/2/2012 12:31:44 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 2 time(s).

12/2/2012 1:41:44 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 3 time(s).

12/1/2012 9:27:40 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).

12/1/2012 8:51:12 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.

12/1/2012 7:54:54 PM, Error: iaStor [5] - A parity error was detected on \Device\Ide\iaStor0.

12/1/2012 7:02:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv

12/1/2012 7:00:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/1/2012 6:49:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

12/1/2012 6:03:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/1/2012 6:03:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/1/2012 6:03:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/1/2012 6:03:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/1/2012 6:03:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/1/2012 6:03:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

12/1/2012 12:51:35 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847

.

==== End Of File ===========================

December 7, 2012

DDS (Ver_2012-11-05.02) - NTFS_AMD64

Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_35

Run by gregulate at 19:37:07 on 2012-12-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.3487 [GMT -8:00]

.

AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

C:\Program Files (x86)\AlienRespawn\sftservice.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Program Files (x86)\AlienRespawn\TOASTER.EXE

C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Alienware\Command Center\ThermalController.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Users\gregulate\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://AlienwareArena.com

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{62D913F8-F20D-4A1A-BAF1-47D45D8993B7} : DHCPNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\gregulate\AppData\Roaming\Mozilla\Firefox\Profiles\fchawfvu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\gregulate\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\gregulate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\gregulate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-14 08:57; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-12-01 12:50; {0153E448-190B-4987-BDE1-F256CADA672F}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-8 55856]

R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-18 253528]

R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-18 94296]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-5-2 15296]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-8 13336]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-12-8 32544]

R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]

R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-5-11 72280]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-12-8 1692480]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-12-8 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-12-8 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-8 347680]

R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-18 84568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-8 48416]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-8 29472]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-18 84568]

S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-18 60504]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-8 48416]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-8 29472]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-13 1255736]

.

=============== Created Last 30 ================

.

2012-12-05 16:21:05 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-03 13:35:08 -------- d-----w- C:\$RECYCLE.BIN

2012-12-03 13:33:57 94208 ----a-w- C:\Windows\System32\drivers\Serial.sys

2012-12-03 13:30:28 98816 ----a-w- C:\Windows\sed.exe

2012-12-03 13:30:28 256000 ----a-w- C:\Windows\PEV.exe

2012-12-03 13:30:28 208896 ----a-w- C:\Windows\MBR.exe

2012-12-03 02:29:17 -------- d-----w- C:\Users\gregulate\AppData\Roaming\Malwarebytes

2012-12-03 02:28:37 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-03 02:28:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-03 02:28:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-02 02:49:15 -------- d-----w- C:\Users\gregulate\AppData\Roaming\SpeedyPC Software

2012-12-02 02:49:15 -------- d-----w- C:\Users\gregulate\AppData\Roaming\DriverCure

2012-12-02 02:48:57 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-11-30 06:26:39 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2012-11-30 04:52:23 -------- d-----w- C:\ProgramData\Battle.net

2012-11-30 04:49:12 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-11-30 04:48:45 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-11-30 04:48:13 -------- d--h--w- C:\ProgramData\Common Files

2012-11-22 18:34:38 5885632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-24 16:16:38 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll

2012-10-24 16:16:26 681848 ----a-r- C:\Windows\SysWow64\SZComp5.dll

2012-10-24 16:16:22 509816 ----a-r- C:\Windows\SysWow64\SZBase5.dll

2012-10-15 22:23:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-10-15 22:23:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-10-14 15:57:15 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-10-14 15:57:15 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-11 17:06:36 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll

2012-10-11 17:06:36 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll

2012-10-11 17:06:34 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll

2012-10-11 17:06:32 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll

2012-10-11 17:06:26 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll

2012-10-11 17:06:26 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll

2012-10-11 17:06:24 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll

2012-10-11 17:06:24 460664 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll

2012-10-11 17:06:22 817016 ----a-r- C:\Windows\SysWow64\IS3Base5.dll

2012-09-29 02:27:00 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-09-29 02:27:00 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-09-29 02:26:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-09-17 23:34:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 19:37:17.70 ===============

December 6, 2012

links are not working.

December 5, 2012

the threats were quarantined. Is that good enough

December 5, 2012

I have completed everything you requested. Is there anything I can do to make sure that my registry is free of any more problems? I don't want to do any banking or input any passwords until I am certain that any keyloggers or other trojans spyware malware etc are completely gone.

December 5, 2012

The TFC links do not exist. can you please repost them

December 4, 2012

I will try and post the logs again by typing them out if you need that. can't figure out why copy and paste is behaving this way.

December 4, 2012

I didn't tell you before but the reason I thought I was infected was because I had the isearch.avg.com browser highjacker on my computer. I had restored to before that happened but don't know how bad that virus can be.

December 4, 2012

<div>Results of screen317's Security Check version 0.99.56 </div>

<div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div>

<div> Internet Explorer 9 </div>

<div>``````````````Antivirus/Firewall Check:`````````````` </div>

<div> Windows Firewall Enabled! </div>

<div> Windows Firewall Disabled! </div>

<div>Lavasoft Ad-Aware </div>

<div> Antivirus out of date! </div>

<div>`````````Anti-malware/Other Utilities Check:````````` </div>

<div> Ad-Aware </div>

<div> Malwarebytes Anti-Malware version 1.65.1.1000 </div>

<div> Java 6 Update 35 </div>

<div> Java version out of Date! </div>

<div> Adobe Flash Player 11.1.102.62 Flash Player out of Date! </div>

<div> Adobe Reader 10.1.4 Adobe Reader out of Date! </div>

<div> Mozilla Firefox 12.0 Firefox out of Date! </div>

<div> Google Chrome 21.0.1180.83 </div>

<div> Google Chrome 21.0.1180.89 </div>

<div> Google Chrome 22.0.1229.79 </div>

<div> Google Chrome 22.0.1229.92 </div>

<div> Google Chrome 22.0.1229.94 </div>

<div> Google Chrome 23.0.1271.64 </div>

<div> Google Chrome 23.0.1271.95 </div>

<div>````````Process Check: objlist.exe by Laurent```````` </div>

<div> Ad-Aware AAWService.exe is disabled! </div>

<div> Ad-Aware AAWTray.exe is disabled! </div>

<div> Ad-Aware Antivirus AdAwareService.exe </div>

<div> Ad-Aware Antivirus Engine SBAMSvc.exe </div>

<div> Alienware Command Center ThermalController.exe </div>

<div>`````````````````System Health check````````````````` </div>

<div> Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)</div>

December 4, 2012

I don't get it but each time I paste it comes up normal until I post it.

December 4, 2012

<p>sorry it happened again and I don't know why. here it is again.</p>

<div>C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div>

<div>C:\Program Files (x86)\AlienRespawn\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div>

<div>C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application</div>

<div>C:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div>

<div>C:\Users\gregulate\Downloads\SoftonicDownloader_for_warcraft-iii-the-frozen-throne.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/SoftonicDownloader.D application</div>

<div>C:\Users\gregulate\Music\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div>

<div>E:\Program Files\20Dollars2Surf\20dollars2surf.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div>

<div>E:\Users\gregulate\AppData\Local\Temp\jar_cache4783387934846929165.tmp<span class="Apple-tab-span" style="white-space:pre"> </span>Java/Exploit.CVE-2010-0842.I trojan</div>

<div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>E:\Users\gregulate\AppData\Local\Temp\ICReinstall\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>E:\Users\gregulate\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div>

<div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div>

<div>E:\Users\gregulate\AppData\Local\Temp\plugtmp-10\plugin-data-1<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Exploit.Pdfka.POS trojan</div>

<div>E:\Users\gregulate\Desktop\ps3video9-504-setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div>

<div>E:\Users\gregulate\Desktop\SoftonicDownloader_for_teamspeak.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/SoftonicDownloader.A application</div>

<div>E:\Users\gregulate\Downloads\cnet_MediaFixer_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>E:\Users\gregulate\Downloads\cnet_Pazera_Free_FLV_to_AVI_Converter_zip.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>E:\Users\gregulate\Downloads\setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/D2Surf.A application</div>

<div>E:\Users\gregulate\Shared\Jane's Addiction - Then She Did.mp3<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of WMA/TrojanDownloader.GetCodec.gen trojan</div>

December 4, 2012