-
Possible Malware Infection
A couple weeks ago my computer (Dell Studio XPS 1340 running 64 bit Vista) started running slowly, like a process was taking up all the CPU. Sure enough, something was. I checked task manager, and after I clicked "show processes from all users", it revealed a process that I tracked to this - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 - I looked it up, and found a posting on this website which had the same process mentioned - http://forums.spybot.info/showthread.php?t=63149 - Now, I am ashamed to admit that I read the whole thread and decided to use Combofix. I did so carefully, following all warnings except the most important one... To not do it. Unfortunately I was impatient and did not even read enough on here to run ERUNT or take any precautions like that to get a "lay of the land" of my computer as it was, which I know now will make it tougher to target if something is wrong. However, I ran CF very carefully and it did not seem to have any effect on my machine. It was running pretty well. I have the log, and I still haven't uninstalled the program because I started to read more about this whole process on a different computer during my Combofix run. However, after another restart of the system, that same "File Repository" process started doin' its thang again (there was also another one taking up a big amount, which seemed to be Symantec - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin.) After that, I decided to try to make amends for my stupidity and impatience by doing this whole process properly (although I understand there is a huge possibility that I already screwed it up). After another restart, my system seems like its running normally and that process has yet to show up again, but I just wanna make sure in case it does. Please let me know what I should do! And I sincerely apologize for being an idiot before. I just don't wanna be one right now. Please remember that the following results were found AFTER my renegade CF run, the log of which I can provide if needed. Thank you so much for ANY help!
Here's the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_30
Run by Alec at 18:26:48 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1499 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Facebook Update] "C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FAStartup]
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEMU~1.LNK - C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B} : DhcpNameServer = 192.168.1.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FAStartup]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys [2012-1-12 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys [2012-1-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [?]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-8 636144]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-2-26 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-11 138360]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-13 04:38:27 -------- d-----w- C:\Program Files\Symantec
2012-01-13 04:36:39 -------- d-----w- C:\ProgramData\regid.1992_12.com.symantec
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8
2012-01-13 02:34:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-12 22:07:23 98816 ----a-w- C:\Windows\sed.exe
2012-01-12 22:07:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-12 22:07:23 256000 ----a-w- C:\Windows\PEV.exe
2012-01-12 22:07:23 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 16:35:30 451072 ----a-w- C:\Windows\System32\winsrv.dll
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02:03 95744 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-01-08 18:02:03 7680 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-01-08 18:02:03 49664 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-01-08 18:02:03 275456 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-01-08 18:02:03 262144 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-01-08 18:02:03 24576 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-01-08 17:55:10 40448 ----a-w- C:\Windows\System32\drivers\watchdog.sys
2012-01-05 07:36:50 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
2012-01-05 07:36:50 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys
2012-01-05 07:36:50 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys
2012-01-05 07:36:50 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
2012-01-05 07:36:49 -------- d-----w- C:\Program Files\SAMSUNG
2012-01-05 07:36:29 -------- d-----w- C:\ProgramData\Samsung
2012-01-05 07:36:09 53248 ----a-r- C:\Users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36:09 -------- d-----w- C:\Users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41:48 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2012-01-05 06:41:47 81840 ----a-w- C:\Windows\System32\FwsVpn.dll
2012-01-05 06:41:47 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll
2012-01-05 06:41:47 118768 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2012-01-05 06:41:47 11184 ----a-w- C:\Windows\System32\sysferThunk.dll
2012-01-05 06:41:47 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
2012-01-05 06:41:46 512944 ----a-w- C:\Windows\System32\sysfer.dll
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP
2011-12-16 18:18:19 -------- d-----w- C:\Program Files\iPod
2011-12-16 18:18:17 -------- d-----w- C:\Program Files\iTunes
2011-12-16 18:18:17 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-01-13 23:05:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-01-13 23:05:49 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\System32\snacnp.dll
2012-01-13 06:19:35 288176 ----a-w- C:\Windows\System32\SymVPN.dll
2012-01-13 04:38:27 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-13 04:02:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-26 19:01:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-26 19:00:38 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-12-04 21:33:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-10-31 00:24:02 931448 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys
2011-10-31 00:24:02 678008 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys
2011-10-31 00:24:02 62672 ----a-w- C:\Windows\System32\drivers\Teefer.sys
2011-10-31 00:24:02 451192 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys
2011-10-31 00:24:02 433272 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symtdiv.sys
2011-10-31 00:24:02 39032 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys
2011-10-31 00:24:02 171128 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:29:38.74 ===============
Here's the S&D list:
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-01-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2012-01-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-01-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-01-02 Includes\TrojansC-02.sbi (*)
2012-01-09 Includes\TrojansC-03.sbi (*)
2012-01-10 Includes\TrojansC-04.sbi (*)
2012-01-02 Includes\TrojansC-05.sbi (*)
2012-01-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
-
Why dont you go ahead and post the Combofix log and lets see what it removed and we can decide if we need to look further
-
Sounds good. Here it is!
ComboFix 12-01-12.04 - Alec 01/12/2012 17:13:37.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1573 [GMT -5:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alec\AppData\Roaming\FFSJ
c:\users\Alec\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Alec\lame_enc_en.dll
c:\users\Alec\lametritonus_en.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
c:\windows\SysWow64\odbcad32.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 16:35 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:34 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02 . 2009-11-06 11:05 275456 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-08 18:02 . 2009-11-06 11:05 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-08 18:02 . 2009-11-06 11:05 262144 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-08 18:02 . 2009-11-06 11:05 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-08 18:02 . 2009-11-06 11:05 24576 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-08 18:02 . 2009-11-06 11:05 7680 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-08 17:55 . 2009-07-18 09:38 40448 ----a-w- c:\windows\system32\drivers\watchdog.sys
2012-01-05 07:36 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-01-05 07:36 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-01-05 07:36 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2012-01-05 07:36 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\program files\SAMSUNG
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\programdata\Samsung
2012-01-05 07:36 . 2012-01-05 07:36 53248 ----a-r- c:\users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41 . 2012-01-05 06:41 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2012-01-05 06:41 . 2012-01-05 06:41 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
2012-01-05 06:41 . 2012-01-05 06:41 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-01-05 06:41 . 2012-01-05 06:41 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2012-01-05 06:41 . 2012-01-05 06:41 513456 ----a-w- c:\windows\system32\sysfer.dll
2012-01-05 00:22 . 2012-01-05 00:22 -------- d-----w- c:\windows\system32\drivers\SEP
2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\program files\iPod
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files\iTunes
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 02:32 . 2009-07-26 01:55 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-13 02:32 . 2009-07-26 01:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-01-05 06:41 . 2011-05-01 16:39 287152 ----a-w- c:\windows\system32\SymVPN.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ------w- c:\windows\SysWow64\snacnp.dll
2012-01-05 00:30 . 2009-08-27 18:12 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-26 19:01 . 2009-07-26 01:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-12-26 19:00 . 2009-07-26 01:55 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-12-04 21:33 . 2011-06-17 16:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-14 02:20 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-10-25 16:09 . 2011-12-14 02:22 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-14 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
Free Music Zilla.lnk - c:\users\Alec\Desktop\Free Music Zilla\FMZilla.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2010-8-7 537968]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 20:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-28 82464]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-MMTray - c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-CamStudio - c:\users\Alec\Desktop\CamStudio\uninstall.exe
AddRemove-DVD Shrink_is1 - c:\users\Alec\Desktop\DVD Shrink\unins000.exe
AddRemove-Free RAR Extract Frog - c:\users\Alec\Desktop\Free RAR Extract Frog\uninstall.exe
AddRemove-SolveigMM AVI Trimmer - c:\users\Alec\Desktop\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-01-12 21:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 02:44
.
Pre-Run: 151,725,871,104 bytes free
Post-Run: 155,454,177,280 bytes free
.
- - End Of File - - 69CE5FBE6728822255ACD14272430523
-
Hows your system running, and browser redirects ?
Lets clean you up a bit more
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
-
My system seems to be running pretty well, although that process that sucks up all the CPU has come back a few times this past week. Not sure what you mean by browser redirects, but I haven't noticed anything suspicious about my online experience. Malwarebytes said it found no malicious content! Thanks a ton for the help. Anything else I should do? Here's the log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.24.01
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19019
Alec :: ALEC-PC [administrator]
Protection: Enabled
1/23/2012 7:56:53 PM
mbam-log-2012-01-23 (19-56-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200282
Time elapsed: 11 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Oh, and I just remembered that I have tried to download and install updates with Windows Updater and it works until I restart my computer. After it is restarted it says that all of the updates (22 of them) failed. Any ideas?
-
-
No browser redirects, but I forgot to mention another weird thing. When I increase or decrease the volume or brightness on my computer, it works but the meter does not show up on the screen. Here's the ESET log:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application
C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application
C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application
C:\ProgramData\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
C:\Users\Alec\AppData\RoamingaZjcdj.exe Win32/Injector.JDE trojan
C:\Users\Alec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5553b092-516ca534 Win32/Injector.JDE trojan
C:\Users\All Users\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
D:\Windows\System32\autochk.exe probably a variant of Win32/Agent.TKD trojan
-
Not sure whats going on with your monitor, this may not be malware related.
Lets do a few things
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Here's the OTL.txt:
OTL logfile created on: 1/25/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alec\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 40.06% Memory free
7.67 Gb Paging File | 4.49 Gb Available in Paging File | 58.49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 118.73 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
Computer Name: ALEC-PC | User Name: Alec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Alec\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe (Symantec Corporation)
SRV - (SepMasterService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SysPlant) -- C:\Windows\SysNative\Drivers\SysPlant.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIV) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\DRIVERS\Teefer.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\DRIVERS\avc.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\DRIVERS\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\DRIVERS\mstape.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\DRIVERS\61883.sys (Microsoft Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\DRIVERS\msdv.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys (Symantec Corporation)
DRV - (SyDvCtrl) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys (Symantec Corporation)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/01/13 18:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 11:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 01:19:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Alec\AppData\Roaming\Move Networks [2009/09/16 21:36:03 | 000,000,000 | ---D | M]
[2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions
[2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/08/28 12:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions
[2010/05/11 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/31 15:42:37 | 000,000,000 | ---D | M] (Ustream Publisher) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\ustreampublisher@ustream.tv
[2012/01/18 11:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012/01/18 11:36:49 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 23:02:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/18 11:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/18 11:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2012/01/12 21:33:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Facebook Update] C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
O8:64bit: - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
O8:64bit: - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/25 13:28:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
[2012/01/24 10:38:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Piano
[2012/01/24 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/24 10:19:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 19:56:15 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Malwarebytes
[2012/01/23 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/23 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/23 19:56:02 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/23 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/23 19:55:12 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/22 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Temple Spring 2012
[2012/01/13 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/13 18:36:52 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
[2012/01/13 18:26:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
[2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/13 18:23:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
[2012/01/12 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/12 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992_12.com.symantec
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105
[2012/01/12 23:03:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/12 22:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/12 22:43:38 | 000,765,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
[2012/01/12 21:34:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 21:28:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/12 17:07:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/12 17:07:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/12 17:07:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/12 17:07:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/12 16:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/12 16:42:45 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
[2012/01/11 11:35:30 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/08 13:02:03 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/01/08 13:02:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/01/08 12:55:10 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2012/01/05 02:36:50 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/01/05 02:36:50 | 000,141,384 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdserd.sys
[2012/01/05 02:36:50 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/01/05 02:36:50 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/01/05 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/01/05 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/01/05 02:36:09 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Verizon
[2012/01/05 01:41:48 | 000,042,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2012/01/05 01:41:47 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2012/01/05 01:41:47 | 000,118,768 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2012/01/05 01:41:47 | 000,081,840 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/01/05 01:41:47 | 000,011,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2012/01/05 01:41:47 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2012/01/05 01:41:46 | 000,512,944 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F
[2009/07/27 22:44:54 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Alec\AppData\Roaming\DataSafeDotNet.exe
========== Files - Modified Within 30 Days ==========
[2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
[2012/01/25 13:35:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
[2012/01/25 13:28:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
[2012/01/25 13:23:54 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/25 13:23:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 13:23:53 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
[2012/01/25 13:23:34 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/01/25 13:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 10:19:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 20:15:13 | 000,227,840 | ---- | M] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/23 19:56:04 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 19:55:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/20 12:06:08 | 839,272,448 | ---- | M] () -- C:\Users\Alec\Desktop\Rarities.VOB
[2012/01/19 12:07:24 | 000,715,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:07:24 | 000,613,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:07:24 | 000,108,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/19 12:01:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/01/19 11:59:44 | 4024,811,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 02:18:59 | 734,535,680 | ---- | M] () -- C:\Users\Alec\Desktop\The Thing.avi
[2012/01/13 20:06:15 | 000,006,944 | ---- | M] () -- C:\Users\Alec\Desktop\Attach.zip
[2012/01/13 18:41:45 | 000,001,099 | ---- | M] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
[2012/01/13 18:37:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
[2012/01/13 18:26:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
[2012/01/13 18:25:24 | 000,000,945 | ---- | M] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/13 18:24:50 | 000,000,746 | ---- | M] () -- C:\Users\Alec\Desktop\ERUNT.lnk
[2012/01/13 18:23:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
[2012/01/13 18:10:48 | 002,970,864 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
[2012/01/13 01:19:35 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2012/01/13 01:19:35 | 000,288,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012/01/13 01:19:35 | 000,118,768 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2012/01/13 01:19:35 | 000,081,840 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012/01/13 01:19:35 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2012/01/13 01:19:35 | 000,011,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2012/01/13 01:19:35 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2012/01/13 01:19:34 | 000,512,944 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2012/01/12 23:38:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/12 23:38:27 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/12 23:38:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/12 23:37:01 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
[2012/01/12 23:02:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/12 23:02:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/12 22:43:38 | 000,765,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
[2012/01/12 21:33:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/12 16:43:26 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
[2012/01/11 11:35:05 | 002,973,356 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2012/01/07 00:44:32 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/04 19:29:40 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2012/01/02 10:42:35 | 004,059,677 | ---- | M] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
[2012/01/02 10:15:12 | 000,007,592 | ---- | M] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
[2011/12/27 09:42:04 | 002,022,965 | ---- | M] () -- C:\Users\Alec\Desktop\gut death.mp3
[2011/12/26 14:01:19 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/12/26 14:00:38 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
========== Files Created - No Company Name ==========
[2012/01/23 20:14:05 | 734,535,680 | ---- | C] () -- C:\Users\Alec\Desktop\The Thing.avi
[2012/01/23 19:56:04 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 11:59:45 | 839,272,448 | ---- | C] () -- C:\Users\Alec\Desktop\Rarities.VOB
[2012/01/13 20:06:15 | 000,006,944 | ---- | C] () -- C:\Users\Alec\Desktop\Attach.zip
[2012/01/13 18:41:45 | 000,001,099 | ---- | C] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
[2012/01/13 18:25:24 | 000,000,945 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/13 18:24:50 | 000,000,746 | ---- | C] () -- C:\Users\Alec\Desktop\ERUNT.lnk
[2012/01/13 01:19:38 | 002,970,864 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
[2012/01/12 23:37:01 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
[2012/01/12 22:56:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 17:07:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/12 17:07:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/12 17:07:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/12 17:07:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/12 17:07:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/05 01:41:49 | 002,973,356 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2012/01/04 19:29:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2012/01/02 10:42:32 | 004,059,677 | ---- | C] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
[2011/12/27 09:33:19 | 002,022,965 | ---- | C] () -- C:\Users\Alec\Desktop\gut death.mp3
[2011/09/16 08:39:25 | 000,000,389 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.producer.xml
[2011/06/21 15:07:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/21 15:07:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/16 23:05:31 | 000,000,283 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2010/03/21 21:48:43 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010/03/21 21:48:43 | 000,004,149 | ---- | C] () -- C:\Windows\unins000.dat
[2010/01/22 17:04:16 | 000,000,689 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2009/12/08 00:01:07 | 000,007,592 | ---- | C] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
[2009/10/05 00:02:57 | 000,027,528 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\UserTile.png
[2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/30 16:25:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/22 15:31:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/22 15:30:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/22 15:29:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/11 18:41:08 | 000,023,348 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\wklnhst.dat
[2009/07/25 20:56:27 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/07/25 20:55:02 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009/07/23 18:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2009/07/15 00:23:21 | 000,227,840 | ---- | C] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 05:43:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/08 05:16:33 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/08 05:06:10 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/24 15:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/06/24 15:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/24 15:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/05/14 12:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/02 13:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/06/13 12:58:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2002/06/13 12:58:44 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/06/13 12:58:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2002/06/13 12:58:24 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
========== LOP Check ==========
[2010/02/05 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Amazon
[2010/05/12 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\AnvSoft
[2011/12/26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Audacity
[2010/08/22 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\CVS
[2010/06/13 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Facebook
[2010/07/27 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\FMZilla
[2009/09/29 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Free Download Manager
[2011/09/17 09:12:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GetRightToGo
[2011/07/10 20:54:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\go
[2010/07/25 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GrabPro
[2011/10/20 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Greyfirst
[2011/09/27 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\gtk-2.0
[2011/05/27 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ImgBurn
[2011/03/01 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\OpenOffice.org
[2011/10/11 23:40:46 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Orbit
[2011/01/06 12:02:12 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PCDr
[2009/10/05 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PeerNetworking
[2010/07/25 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ProgSense
[2009/08/09 13:05:13 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Publish Providers
[2011/05/29 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony
[2011/11/20 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software
[2010/09/07 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software Inc
[2009/08/11 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Template
[2011/09/16 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Ustream Producer
[2010/07/16 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Vara Software
[2009/09/29 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\VistaCodecs
[2009/12/28 22:04:30 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western Digital
[2010/04/28 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western DigitalTemp
[2010/07/18 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Wirecast
[2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
[2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
[2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/19 11:45:01 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25990C16
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules