Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Possible Malware Infection

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default Possible Malware Infection

    A couple weeks ago my computer (Dell Studio XPS 1340 running 64 bit Vista) started running slowly, like a process was taking up all the CPU. Sure enough, something was. I checked task manager, and after I clicked "show processes from all users", it revealed a process that I tracked to this - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 - I looked it up, and found a posting on this website which had the same process mentioned - http://forums.spybot.info/showthread.php?t=63149 - Now, I am ashamed to admit that I read the whole thread and decided to use Combofix. I did so carefully, following all warnings except the most important one... To not do it. Unfortunately I was impatient and did not even read enough on here to run ERUNT or take any precautions like that to get a "lay of the land" of my computer as it was, which I know now will make it tougher to target if something is wrong. However, I ran CF very carefully and it did not seem to have any effect on my machine. It was running pretty well. I have the log, and I still haven't uninstalled the program because I started to read more about this whole process on a different computer during my Combofix run. However, after another restart of the system, that same "File Repository" process started doin' its thang again (there was also another one taking up a big amount, which seemed to be Symantec - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin.) After that, I decided to try to make amends for my stupidity and impatience by doing this whole process properly (although I understand there is a huge possibility that I already screwed it up). After another restart, my system seems like its running normally and that process has yet to show up again, but I just wanna make sure in case it does. Please let me know what I should do! And I sincerely apologize for being an idiot before. I just don't wanna be one right now. Please remember that the following results were found AFTER my renegade CF run, the log of which I can provide if needed. Thank you so much for ANY help!

    Here's the DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_30
    Run by Alec at 18:26:48 on 2012-01-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1499 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [Facebook Update] "C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [FAStartup]
    StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEMU~1.LNK - C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B} : DhcpNameServer = 192.168.1.1
    Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
    BHO-X64: btorbit.com - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO-X64: FAIESSO Helper Object - No File
    BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [FAStartup]
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys [2012-1-12 1157240]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys [2012-1-12 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [?]
    R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
    R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
    R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
    R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
    R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-8 636144]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-2-26 130048]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-11 138360]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
    R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-01-13 04:38:27 -------- d-----w- C:\Program Files\Symantec
    2012-01-13 04:36:39 -------- d-----w- C:\ProgramData\regid.1992_12.com.symantec
    2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64
    2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105
    2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8
    2012-01-13 02:34:09 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-01-12 22:07:23 98816 ----a-w- C:\Windows\sed.exe
    2012-01-12 22:07:23 518144 ----a-w- C:\Windows\SWREG.exe
    2012-01-12 22:07:23 256000 ----a-w- C:\Windows\PEV.exe
    2012-01-12 22:07:23 208896 ----a-w- C:\Windows\MBR.exe
    2012-01-11 16:35:30 451072 ----a-w- C:\Windows\System32\winsrv.dll
    2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2012-01-08 18:02:03 95744 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-01-08 18:02:03 7680 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-01-08 18:02:03 49664 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-01-08 18:02:03 275456 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-01-08 18:02:03 262144 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-01-08 18:02:03 24576 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-01-08 17:55:10 40448 ----a-w- C:\Windows\System32\drivers\watchdog.sys
    2012-01-05 07:36:50 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
    2012-01-05 07:36:50 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
    2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
    2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys
    2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
    2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys
    2012-01-05 07:36:50 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys
    2012-01-05 07:36:50 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
    2012-01-05 07:36:49 -------- d-----w- C:\Program Files\SAMSUNG
    2012-01-05 07:36:29 -------- d-----w- C:\ProgramData\Samsung
    2012-01-05 07:36:09 53248 ----a-r- C:\Users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
    2012-01-05 07:36:09 -------- d-----w- C:\Users\Alec\AppData\Roaming\Verizon
    2012-01-05 06:41:48 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
    2012-01-05 06:41:47 81840 ----a-w- C:\Windows\System32\FwsVpn.dll
    2012-01-05 06:41:47 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll
    2012-01-05 06:41:47 118768 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
    2012-01-05 06:41:47 11184 ----a-w- C:\Windows\System32\sysferThunk.dll
    2012-01-05 06:41:47 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
    2012-01-05 06:41:46 512944 ----a-w- C:\Windows\System32\sysfer.dll
    2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64
    2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
    2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F
    2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP
    2011-12-16 18:18:19 -------- d-----w- C:\Program Files\iPod
    2011-12-16 18:18:17 -------- d-----w- C:\Program Files\iTunes
    2011-12-16 18:18:17 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-01-13 23:05:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2012-01-13 23:05:49 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2012-01-13 06:19:35 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
    2012-01-13 06:19:35 58288 ----a-w- C:\Windows\System32\snacnp.dll
    2012-01-13 06:19:35 288176 ----a-w- C:\Windows\System32\SymVPN.dll
    2012-01-13 04:38:27 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-01-13 04:02:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-26 19:01:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2011-12-26 19:00:38 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2011-12-04 21:33:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-31 00:24:02 931448 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys
    2011-10-31 00:24:02 678008 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys
    2011-10-31 00:24:02 62672 ----a-w- C:\Windows\System32\drivers\Teefer.sys
    2011-10-31 00:24:02 451192 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys
    2011-10-31 00:24:02 433272 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symtdiv.sys
    2011-10-31 00:24:02 39032 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys
    2011-10-31 00:24:02 171128 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys
    2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 18:29:38.74 ===============

    Here's the S&D list:

    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2012-01-13 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2012-01-09 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-09-27 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2012-01-10 Includes\Malware.sbi (*)
    2012-01-10 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-12-27 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-10-18 Includes\Spyware.sbi (*)
    2011-10-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2012-01-02 Includes\TrojansC-02.sbi (*)
    2012-01-09 Includes\TrojansC-03.sbi (*)
    2012-01-10 Includes\TrojansC-04.sbi (*)
    2012-01-02 Includes\TrojansC-05.sbi (*)
    2012-01-02 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Why dont you go ahead and post the Combofix log and lets see what it removed and we can decide if we need to look further
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default

    Sounds good. Here it is!

    ComboFix 12-01-12.04 - Alec 01/12/2012 17:13:37.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1573 [GMT -5:00]
    Running from: c:\users\Alec\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Alec\AppData\Roaming\FFSJ
    c:\users\Alec\AppData\Roaming\FFSJ\FFSJ.cfg
    c:\users\Alec\lame_enc_en.dll
    c:\users\Alec\lametritonus_en.dll
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\java.exe
    c:\windows\SysWow64\odbcad32.exe
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
    2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-11 16:35 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 16:34 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-11 16:34 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2012-01-08 18:02 . 2009-11-06 11:05 275456 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2012-01-08 18:02 . 2009-11-06 11:05 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2012-01-08 18:02 . 2009-11-06 11:05 262144 ----a-w- c:\windows\system32\drivers\usbport.sys
    2012-01-08 18:02 . 2009-11-06 11:05 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-01-08 18:02 . 2009-11-06 11:05 24576 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2012-01-08 18:02 . 2009-11-06 11:05 7680 ----a-w- c:\windows\system32\drivers\usbd.sys
    2012-01-08 17:55 . 2009-07-18 09:38 40448 ----a-w- c:\windows\system32\drivers\watchdog.sys
    2012-01-05 07:36 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
    2012-01-05 07:36 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
    2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
    2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
    2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
    2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
    2012-01-05 07:36 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys
    2012-01-05 07:36 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
    2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\program files\SAMSUNG
    2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\programdata\Samsung
    2012-01-05 07:36 . 2012-01-05 07:36 53248 ----a-r- c:\users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
    2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Alec\AppData\Roaming\Verizon
    2012-01-05 06:41 . 2012-01-05 06:41 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
    2012-01-05 06:41 . 2012-01-05 06:41 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
    2012-01-05 06:41 . 2012-01-05 06:41 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
    2012-01-05 06:41 . 2012-01-05 06:41 11184 ----a-w- c:\windows\system32\sysferThunk.dll
    2012-01-05 06:41 . 2012-01-05 06:41 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
    2012-01-05 06:41 . 2012-01-05 06:41 102832 ----a-w- c:\windows\system32\FwsVpn.dll
    2012-01-05 06:41 . 2012-01-05 06:41 513456 ----a-w- c:\windows\system32\sysfer.dll
    2012-01-05 00:22 . 2012-01-05 00:22 -------- d-----w- c:\windows\system32\drivers\SEP
    2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\program files\iPod
    2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files\iTunes
    2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files (x86)\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-13 02:32 . 2009-07-26 01:55 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-01-13 02:32 . 2009-07-26 01:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2012-01-05 06:41 . 2011-05-01 16:39 58288 ----a-w- c:\windows\system32\snacnp.dll
    2012-01-05 06:41 . 2011-05-01 16:39 287152 ----a-w- c:\windows\system32\SymVPN.dll
    2012-01-05 06:41 . 2011-05-01 16:39 58288 ------w- c:\windows\SysWow64\snacnp.dll
    2012-01-05 00:30 . 2009-08-27 18:12 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-12-26 19:01 . 2009-07-26 01:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2011-12-26 19:00 . 2009-07-26 01:55 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2011-12-04 21:33 . 2011-06-17 16:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-23 13:57 . 2011-12-14 02:20 2764800 ----a-w- c:\windows\system32\win32k.sys
    2011-10-25 16:09 . 2011-12-14 02:22 85504 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Facebook Update"="c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-14 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
    "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    Free Music Zilla.lnk - c:\users\Alec\Desktop\Free Music Zilla\FMZilla.exe [N/A]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2010-8-7 537968]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2119488]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2009-06-24 20:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
    - c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
    .
    2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
    - c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
    .
    2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
    .
    2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
    .
    2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-13 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 15871520]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-28 82464]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Download by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Wow6432Node-HKLM-Run-MMTray - c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe
    Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
    SafeBoot-ccEvtMgr
    SafeBoot-ccSetMgr
    SafeBoot-Symantec Antivirus
    SafeBoot-Symantec Antvirus
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
    AddRemove-CamStudio - c:\users\Alec\Desktop\CamStudio\uninstall.exe
    AddRemove-DVD Shrink_is1 - c:\users\Alec\Desktop\DVD Shrink\unins000.exe
    AddRemove-Free RAR Extract Frog - c:\users\Alec\Desktop\Free RAR Extract Frog\uninstall.exe
    AddRemove-SolveigMM AVI Trimmer - c:\users\Alec\Desktop\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
    "ImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    c:\windows\SysWOW64\rpcnet.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    c:\program files (x86)\Internet Explorer\IELowutil.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-12 21:44:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-13 02:44
    .
    Pre-Run: 151,725,871,104 bytes free
    Post-Run: 155,454,177,280 bytes free
    .
    - - End Of File - - 69CE5FBE6728822255ACD14272430523

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hows your system running, and browser redirects ?

    Lets clean you up a bit more


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default

    My system seems to be running pretty well, although that process that sucks up all the CPU has come back a few times this past week. Not sure what you mean by browser redirects, but I haven't noticed anything suspicious about my online experience. Malwarebytes said it found no malicious content! Thanks a ton for the help. Anything else I should do? Here's the log:
    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.24.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19019
    Alec :: ALEC-PC [administrator]

    Protection: Enabled

    1/23/2012 7:56:53 PM
    mbam-log-2012-01-23 (19-56-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200282
    Time elapsed: 11 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. #6
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default

    Oh, and I just remembered that I have tried to download and install updates with Windows Updater and it works until I restart my computer. After it is restarted it says that all of the updates (22 of them) failed. Any ideas?

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Those updates are a windows thing and when were done I can direct you to a good site that can help you with that.

    What I meant by browser redirects is when you click on a link to a site you want to go to, does your browser take you there or to someplace else ?

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default

    No browser redirects, but I forgot to mention another weird thing. When I increase or decrease the volume or brightness on my computer, it works but the meter does not show up on the screen. Here's the ESET log:
    C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application
    C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application
    C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application
    C:\ProgramData\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
    C:\Users\Alec\AppData\RoamingaZjcdj.exe Win32/Injector.JDE trojan
    C:\Users\Alec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5553b092-516ca534 Win32/Injector.JDE trojan
    C:\Users\All Users\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
    D:\Windows\System32\autochk.exe probably a variant of Win32/Agent.TKD trojan

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not sure whats going on with your monitor, this may not be malware related.

    Lets do a few things


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Jan 2012
    Posts
    15

    Default

    Here's the OTL.txt:

    OTL logfile created on: 1/25/2012 1:30:02 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alec\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 40.06% Memory free
    7.67 Gb Paging File | 4.49 Gb Available in Paging File | 58.49% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 118.73 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

    Computer Name: ALEC-PC | User Name: Alec | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Alec\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
    PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
    PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
    PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
    PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
    PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
    MOD - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll ()
    MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
    MOD - C:\Windows\SysWOW64\FAib.dll ()
    MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
    MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
    MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
    MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()
    MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
    MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe (Symantec Corporation)
    SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe (Symantec Corporation)
    SRV - (SepMasterService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
    SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
    SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
    SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SysPlant) -- C:\Windows\SysNative\Drivers\SysPlant.sys (Symantec Corporation)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS (Symantec Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS (Symantec Corporation)
    DRV:64bit: - (SYMTDIV) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS (Symantec Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS (Symantec Corporation)
    DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\DRIVERS\Teefer.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS (Symantec Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
    DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
    DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
    DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
    DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
    DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
    DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
    DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
    DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
    DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
    DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
    DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
    DRV:64bit: - (Avc) -- C:\Windows\SysNative\DRIVERS\avc.sys (Microsoft Corporation)
    DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\DRIVERS\avcstrm.sys (Microsoft Corporation)
    DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\DRIVERS\mstape.sys (Microsoft Corporation)
    DRV:64bit: - (61883) -- C:\Windows\SysNative\DRIVERS\61883.sys (Microsoft Corporation)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (MSDV) -- C:\Windows\SysNative\DRIVERS\msdv.sys (Microsoft Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV - (BHDrvx64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys (Symantec Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\EX64.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\ENG64.SYS (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys (Symantec Corporation)
    DRV - (SyDvCtrl) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys (Symantec Corporation)
    DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
    FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
    FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
    FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/01/13 18:10:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 11:36:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 01:19:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Alec\AppData\Roaming\Move Networks [2009/09/16 21:36:03 | 000,000,000 | ---D | M]

    [2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions
    [2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2011/08/28 12:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions
    [2010/05/11 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/31 15:42:37 | 000,000,000 | ---D | M] (Ustream Publisher) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\ustreampublisher@ustream.tv
    [2012/01/18 11:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
    [2011/10/19 12:32:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
    [2011/10/19 12:32:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
    [2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
    [2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
    [2012/01/18 11:36:49 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/12 23:02:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/18 11:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/18 11:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Gmail = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/12 21:33:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Facebook Update] C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
    O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
    O8:64bit: - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
    O8:64bit: - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
    O8:64bit: - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/25 13:28:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
    [2012/01/24 10:38:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Piano
    [2012/01/24 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/01/24 10:19:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
    [2012/01/23 19:56:15 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Malwarebytes
    [2012/01/23 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/23 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/23 19:56:02 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/23 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/23 19:55:12 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/22 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Temple Spring 2012
    [2012/01/13 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/01/13 18:36:52 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
    [2012/01/13 18:26:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
    [2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/01/13 18:23:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
    [2012/01/12 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/01/12 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992_12.com.symantec
    [2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64
    [2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8
    [2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105
    [2012/01/12 23:03:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/01/12 22:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/01/12 22:43:38 | 000,765,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
    [2012/01/12 21:34:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/12 21:28:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/12 17:07:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/12 17:07:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/12 17:07:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/12 17:07:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/12 16:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/12 16:42:45 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
    [2012/01/11 11:35:30 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/01/08 13:02:03 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2012/01/08 13:02:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2012/01/08 12:55:10 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
    [2012/01/05 02:36:50 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
    [2012/01/05 02:36:50 | 000,141,384 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdserd.sys
    [2012/01/05 02:36:50 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
    [2012/01/05 02:36:50 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
    [2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
    [2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
    [2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
    [2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
    [2012/01/05 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
    [2012/01/05 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2012/01/05 02:36:09 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Verizon
    [2012/01/05 01:41:48 | 000,042,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
    [2012/01/05 01:41:47 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
    [2012/01/05 01:41:47 | 000,118,768 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
    [2012/01/05 01:41:47 | 000,081,840 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
    [2012/01/05 01:41:47 | 000,011,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
    [2012/01/05 01:41:47 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
    [2012/01/05 01:41:46 | 000,512,944 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
    [2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64
    [2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
    [2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105
    [2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F
    [2009/07/27 22:44:54 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Alec\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
    [2012/01/25 13:35:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
    [2012/01/25 13:28:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
    [2012/01/25 13:23:54 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/01/25 13:23:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/25 13:23:53 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
    [2012/01/25 13:23:34 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2012/01/25 13:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/24 10:19:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
    [2012/01/23 20:15:13 | 000,227,840 | ---- | M] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/23 19:56:04 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/23 19:55:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/20 12:06:08 | 839,272,448 | ---- | M] () -- C:\Users\Alec\Desktop\Rarities.VOB
    [2012/01/19 12:07:24 | 000,715,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/19 12:07:24 | 000,613,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/19 12:07:24 | 000,108,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/19 12:01:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2012/01/19 11:59:44 | 4024,811,520 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/18 02:18:59 | 734,535,680 | ---- | M] () -- C:\Users\Alec\Desktop\The Thing.avi
    [2012/01/13 20:06:15 | 000,006,944 | ---- | M] () -- C:\Users\Alec\Desktop\Attach.zip
    [2012/01/13 18:41:45 | 000,001,099 | ---- | M] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
    [2012/01/13 18:37:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
    [2012/01/13 18:26:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
    [2012/01/13 18:25:24 | 000,000,945 | ---- | M] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/01/13 18:24:50 | 000,000,746 | ---- | M] () -- C:\Users\Alec\Desktop\ERUNT.lnk
    [2012/01/13 18:23:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
    [2012/01/13 18:10:48 | 002,970,864 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
    [2012/01/13 01:19:35 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
    [2012/01/13 01:19:35 | 000,288,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
    [2012/01/13 01:19:35 | 000,118,768 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
    [2012/01/13 01:19:35 | 000,081,840 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
    [2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
    [2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
    [2012/01/13 01:19:35 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
    [2012/01/13 01:19:35 | 000,011,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
    [2012/01/13 01:19:35 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
    [2012/01/13 01:19:34 | 000,512,944 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
    [2012/01/12 23:38:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/01/12 23:38:27 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/01/12 23:38:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/01/12 23:37:01 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
    [2012/01/12 23:02:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012/01/12 23:02:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/01/12 22:43:38 | 000,765,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
    [2012/01/12 21:33:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/12 16:43:26 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
    [2012/01/11 11:35:05 | 002,973,356 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
    [2012/01/07 00:44:32 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/01/04 19:29:40 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
    [2012/01/02 10:42:35 | 004,059,677 | ---- | M] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
    [2012/01/02 10:15:12 | 000,007,592 | ---- | M] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
    [2011/12/27 09:42:04 | 002,022,965 | ---- | M] () -- C:\Users\Alec\Desktop\gut death.mp3
    [2011/12/26 14:01:19 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2011/12/26 14:00:38 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

    ========== Files Created - No Company Name ==========

    [2012/01/23 20:14:05 | 734,535,680 | ---- | C] () -- C:\Users\Alec\Desktop\The Thing.avi
    [2012/01/23 19:56:04 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/20 11:59:45 | 839,272,448 | ---- | C] () -- C:\Users\Alec\Desktop\Rarities.VOB
    [2012/01/13 20:06:15 | 000,006,944 | ---- | C] () -- C:\Users\Alec\Desktop\Attach.zip
    [2012/01/13 18:41:45 | 000,001,099 | ---- | C] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
    [2012/01/13 18:25:24 | 000,000,945 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/01/13 18:24:50 | 000,000,746 | ---- | C] () -- C:\Users\Alec\Desktop\ERUNT.lnk
    [2012/01/13 01:19:38 | 002,970,864 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
    [2012/01/12 23:37:01 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
    [2012/01/12 22:56:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/01/12 17:07:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/12 17:07:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/12 17:07:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/12 17:07:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/12 17:07:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/05 01:41:49 | 002,973,356 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
    [2012/01/04 19:29:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
    [2012/01/02 10:42:32 | 004,059,677 | ---- | C] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
    [2011/12/27 09:33:19 | 002,022,965 | ---- | C] () -- C:\Users\Alec\Desktop\gut death.mp3
    [2011/09/16 08:39:25 | 000,000,389 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.producer.xml
    [2011/06/21 15:07:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/06/21 15:07:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/07/16 23:05:31 | 000,000,283 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
    [2010/03/21 21:48:43 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
    [2010/03/21 21:48:43 | 000,004,149 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/01/22 17:04:16 | 000,000,689 | ---- | C] () -- C:\Windows\m3jpeg.ini
    [2009/12/08 00:01:07 | 000,007,592 | ---- | C] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
    [2009/10/05 00:02:57 | 000,027,528 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\UserTile.png
    [2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/08/30 16:25:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/08/22 15:31:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/22 15:30:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/08/22 15:29:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/08/11 18:41:08 | 000,023,348 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\wklnhst.dat
    [2009/07/25 20:56:27 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2009/07/25 20:55:02 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2009/07/23 18:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
    [2009/07/15 00:23:21 | 000,227,840 | ---- | C] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/08 05:43:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2009/07/08 05:16:33 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/07/08 05:06:10 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/06/24 15:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2009/06/24 15:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2009/06/24 15:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2009/05/14 12:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
    [2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/10/02 13:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2002/06/13 12:58:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
    [2002/06/13 12:58:44 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
    [2002/06/13 12:58:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
    [2002/06/13 12:58:24 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

    ========== LOP Check ==========

    [2010/02/05 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Amazon
    [2010/05/12 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\AnvSoft
    [2011/12/26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Audacity
    [2010/08/22 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\CVS
    [2010/06/13 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Facebook
    [2010/07/27 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\FMZilla
    [2009/09/29 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Free Download Manager
    [2011/09/17 09:12:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GetRightToGo
    [2011/07/10 20:54:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\go
    [2010/07/25 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GrabPro
    [2011/10/20 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Greyfirst
    [2011/09/27 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\gtk-2.0
    [2011/05/27 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ImgBurn
    [2011/03/01 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\OpenOffice.org
    [2011/10/11 23:40:46 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Orbit
    [2011/01/06 12:02:12 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PCDr
    [2009/10/05 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PeerNetworking
    [2010/07/25 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ProgSense
    [2009/08/09 13:05:13 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Publish Providers
    [2011/05/29 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony
    [2011/11/20 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software
    [2010/09/07 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software Inc
    [2009/08/11 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Template
    [2011/09/16 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Ustream Producer
    [2010/07/16 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Vara Software
    [2009/09/29 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\VistaCodecs
    [2009/12/28 22:04:30 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western Digital
    [2010/04/28 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western DigitalTemp
    [2010/07/18 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Wirecast
    [2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
    [2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
    [2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/01/19 11:45:01 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
    [2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25990C16

    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •