PDA

View Full Version : Possible Malware Infection



Alecsull
2012-01-14, 03:12
A couple weeks ago my computer (Dell Studio XPS 1340 running 64 bit Vista) started running slowly, like a process was taking up all the CPU. Sure enough, something was. I checked task manager, and after I clicked "show processes from all users", it revealed a process that I tracked to this - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 - I looked it up, and found a posting on this website which had the same process mentioned - http://forums.spybot.info/showthread.php?t=63149 - Now, I am ashamed to admit that I read the whole thread and decided to use Combofix. I did so carefully, following all warnings except the most important one... To not do it. Unfortunately I was impatient and did not even read enough on here to run ERUNT or take any precautions like that to get a "lay of the land" of my computer as it was, which I know now will make it tougher to target if something is wrong. However, I ran CF very carefully and it did not seem to have any effect on my machine. It was running pretty well. I have the log, and I still haven't uninstalled the program because I started to read more about this whole process on a different computer during my Combofix run. However, after another restart of the system, that same "File Repository" process started doin' its thang again (there was also another one taking up a big amount, which seemed to be Symantec - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin.) After that, I decided to try to make amends for my stupidity and impatience by doing this whole process properly (although I understand there is a huge possibility that I already screwed it up). After another restart, my system seems like its running normally and that process has yet to show up again, but I just wanna make sure in case it does. Please let me know what I should do! And I sincerely apologize for being an idiot before. I just don't wanna be one right now. Please remember that the following results were found AFTER my renegade CF run, the log of which I can provide if needed. Thank you so much for ANY help!

Here's the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_30
Run by Alec at 18:26:48 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1499 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Facebook Update] "C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FAStartup]
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEMU~1.LNK - C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B} : DhcpNameServer = 192.168.1.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FAStartup]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys [2012-1-12 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys [2012-1-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [?]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-8 636144]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-2-26 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-11 138360]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-13 04:38:27 -------- d-----w- C:\Program Files\Symantec
2012-01-13 04:36:39 -------- d-----w- C:\ProgramData\regid.1992_12.com.symantec
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8
2012-01-13 02:34:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-12 22:07:23 98816 ----a-w- C:\Windows\sed.exe
2012-01-12 22:07:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-12 22:07:23 256000 ----a-w- C:\Windows\PEV.exe
2012-01-12 22:07:23 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 16:35:30 451072 ----a-w- C:\Windows\System32\winsrv.dll
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02:03 95744 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-01-08 18:02:03 7680 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-01-08 18:02:03 49664 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-01-08 18:02:03 275456 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-01-08 18:02:03 262144 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-01-08 18:02:03 24576 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-01-08 17:55:10 40448 ----a-w- C:\Windows\System32\drivers\watchdog.sys
2012-01-05 07:36:50 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
2012-01-05 07:36:50 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys
2012-01-05 07:36:50 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys
2012-01-05 07:36:50 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
2012-01-05 07:36:49 -------- d-----w- C:\Program Files\SAMSUNG
2012-01-05 07:36:29 -------- d-----w- C:\ProgramData\Samsung
2012-01-05 07:36:09 53248 ----a-r- C:\Users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36:09 -------- d-----w- C:\Users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41:48 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2012-01-05 06:41:47 81840 ----a-w- C:\Windows\System32\FwsVpn.dll
2012-01-05 06:41:47 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll
2012-01-05 06:41:47 118768 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2012-01-05 06:41:47 11184 ----a-w- C:\Windows\System32\sysferThunk.dll
2012-01-05 06:41:47 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
2012-01-05 06:41:46 512944 ----a-w- C:\Windows\System32\sysfer.dll
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP
2011-12-16 18:18:19 -------- d-----w- C:\Program Files\iPod
2011-12-16 18:18:17 -------- d-----w- C:\Program Files\iTunes
2011-12-16 18:18:17 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-01-13 23:05:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-01-13 23:05:49 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\System32\snacnp.dll
2012-01-13 06:19:35 288176 ----a-w- C:\Windows\System32\SymVPN.dll
2012-01-13 04:38:27 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-13 04:02:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-26 19:01:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-26 19:00:38 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-12-04 21:33:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-10-31 00:24:02 931448 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys
2011-10-31 00:24:02 678008 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys
2011-10-31 00:24:02 62672 ----a-w- C:\Windows\System32\drivers\Teefer.sys
2011-10-31 00:24:02 451192 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys
2011-10-31 00:24:02 433272 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symtdiv.sys
2011-10-31 00:24:02 39032 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys
2011-10-31 00:24:02 171128 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:29:38.74 ===============

Here's the S&D list:

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-01-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2012-01-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-01-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-01-02 Includes\TrojansC-02.sbi (*)
2012-01-09 Includes\TrojansC-03.sbi (*)
2012-01-10 Includes\TrojansC-04.sbi (*)
2012-01-02 Includes\TrojansC-05.sbi (*)
2012-01-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

ken545
2012-01-24, 02:19
:welcome:

Why dont you go ahead and post the Combofix log and lets see what it removed and we can decide if we need to look further

Alecsull
2012-01-24, 02:27
Sounds good. Here it is!

ComboFix 12-01-12.04 - Alec 01/12/2012 17:13:37.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1573 [GMT -5:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alec\AppData\Roaming\FFSJ
c:\users\Alec\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Alec\lame_enc_en.dll
c:\users\Alec\lametritonus_en.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
c:\windows\SysWow64\odbcad32.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 16:35 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:34 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02 . 2009-11-06 11:05 275456 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-08 18:02 . 2009-11-06 11:05 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-08 18:02 . 2009-11-06 11:05 262144 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-08 18:02 . 2009-11-06 11:05 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-08 18:02 . 2009-11-06 11:05 24576 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-08 18:02 . 2009-11-06 11:05 7680 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-08 17:55 . 2009-07-18 09:38 40448 ----a-w- c:\windows\system32\drivers\watchdog.sys
2012-01-05 07:36 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-01-05 07:36 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-01-05 07:36 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2012-01-05 07:36 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\program files\SAMSUNG
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\programdata\Samsung
2012-01-05 07:36 . 2012-01-05 07:36 53248 ----a-r- c:\users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41 . 2012-01-05 06:41 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2012-01-05 06:41 . 2012-01-05 06:41 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
2012-01-05 06:41 . 2012-01-05 06:41 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-01-05 06:41 . 2012-01-05 06:41 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2012-01-05 06:41 . 2012-01-05 06:41 513456 ----a-w- c:\windows\system32\sysfer.dll
2012-01-05 00:22 . 2012-01-05 00:22 -------- d-----w- c:\windows\system32\drivers\SEP
2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\program files\iPod
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files\iTunes
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 02:32 . 2009-07-26 01:55 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-13 02:32 . 2009-07-26 01:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-01-05 06:41 . 2011-05-01 16:39 287152 ----a-w- c:\windows\system32\SymVPN.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ------w- c:\windows\SysWow64\snacnp.dll
2012-01-05 00:30 . 2009-08-27 18:12 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-26 19:01 . 2009-07-26 01:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-12-26 19:00 . 2009-07-26 01:55 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-12-04 21:33 . 2011-06-17 16:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-14 02:20 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-10-25 16:09 . 2011-12-14 02:22 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-14 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
Free Music Zilla.lnk - c:\users\Alec\Desktop\Free Music Zilla\FMZilla.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2010-8-7 537968]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 20:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-28 82464]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-MMTray - c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-CamStudio - c:\users\Alec\Desktop\CamStudio\uninstall.exe
AddRemove-DVD Shrink_is1 - c:\users\Alec\Desktop\DVD Shrink\unins000.exe
AddRemove-Free RAR Extract Frog - c:\users\Alec\Desktop\Free RAR Extract Frog\uninstall.exe
AddRemove-SolveigMM AVI Trimmer - c:\users\Alec\Desktop\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-01-12 21:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 02:44
.
Pre-Run: 151,725,871,104 bytes free
Post-Run: 155,454,177,280 bytes free
.
- - End Of File - - 69CE5FBE6728822255ACD14272430523

ken545
2012-01-24, 02:45
Hows your system running, and browser redirects ?

Lets clean you up a bit more


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Alecsull
2012-01-24, 03:10
My system seems to be running pretty well, although that process that sucks up all the CPU has come back a few times this past week. Not sure what you mean by browser redirects, but I haven't noticed anything suspicious about my online experience. Malwarebytes said it found no malicious content! Thanks a ton for the help. Anything else I should do? Here's the log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19019
Alec :: ALEC-PC [administrator]

Protection: Enabled

1/23/2012 7:56:53 PM
mbam-log-2012-01-23 (19-56-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200282
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alecsull
2012-01-24, 03:12
Oh, and I just remembered that I have tried to download and install updates with Windows Updater and it works until I restart my computer. After it is restarted it says that all of the updates (22 of them) failed. Any ideas?

ken545
2012-01-24, 03:17
Those updates are a windows thing and when were done I can direct you to a good site that can help you with that.

What I meant by browser redirects is when you click on a link to a site you want to go to, does your browser take you there or to someplace else ?

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Alecsull
2012-01-25, 03:19
No browser redirects, but I forgot to mention another weird thing. When I increase or decrease the volume or brightness on my computer, it works but the meter does not show up on the screen. Here's the ESET log:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application
C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application
C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application
C:\ProgramData\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
C:\Users\Alec\AppData\RoamingaZjcdj.exe Win32/Injector.JDE trojan
C:\Users\Alec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5553b092-516ca534 Win32/Injector.JDE trojan
C:\Users\All Users\VistaCodecs\{5FBFD3A0-7B9A-4AD3-B522-21CF25B7E8B6}\Vista Codec Package.msi multiple threats
D:\Windows\System32\autochk.exe probably a variant of Win32/Agent.TKD trojan

ken545
2012-01-25, 03:47
Not sure whats going on with your monitor, this may not be malware related.

Lets do a few things


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Alecsull
2012-01-25, 20:45
Here's the OTL.txt:

OTL logfile created on: 1/25/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alec\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 40.06% Memory free
7.67 Gb Paging File | 4.49 Gb Available in Paging File | 58.49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 118.73 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: ALEC-PC | User Name: Alec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alec\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe (Symantec Corporation)
SRV - (SepMasterService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SysPlant) -- C:\Windows\SysNative\Drivers\SysPlant.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIV) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\DRIVERS\Teefer.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\DRIVERS\avc.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\DRIVERS\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\DRIVERS\mstape.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\DRIVERS\61883.sys (Microsoft Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\DRIVERS\msdv.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120113.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys (Symantec Corporation)
DRV - (SyDvCtrl) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys (Symantec Corporation)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/01/13 18:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 11:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 01:19:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Alec\AppData\Roaming\Move Networks [2009/09/16 21:36:03 | 000,000,000 | ---D | M]

[2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions
[2011/10/20 23:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/08/28 12:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions
[2010/05/11 15:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/31 15:42:37 | 000,000,000 | ---D | M] (Ustream Publisher) -- C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\extensions\ustreampublisher@ustream.tv
[2012/01/18 11:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/10/19 12:32:05 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/10/19 12:32:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012/01/18 11:36:49 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 23:02:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/18 11:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/18 11:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/12 21:33:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Facebook Update] C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3692140733-1139751130-3127336351-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
O8:64bit: - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
O8:64bit: - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 13:28:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
[2012/01/24 10:38:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Piano
[2012/01/24 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/24 10:19:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 19:56:15 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Malwarebytes
[2012/01/23 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/23 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/23 19:56:02 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/23 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/23 19:55:12 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/22 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\Documents\Temple Spring 2012
[2012/01/13 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/13 18:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/13 18:36:52 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
[2012/01/13 18:26:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
[2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/13 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/13 18:23:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
[2012/01/12 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/12 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992_12.com.symantec
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8
[2012/01/12 23:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105
[2012/01/12 23:03:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/12 23:03:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/12 22:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/12 22:43:38 | 000,765,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
[2012/01/12 21:34:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 21:28:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/12 17:07:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/12 17:07:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/12 17:07:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/12 17:07:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/12 16:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/12 16:42:45 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
[2012/01/11 11:35:30 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/08 13:02:03 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/01/08 13:02:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/01/08 12:55:10 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2012/01/05 02:36:50 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/01/05 02:36:50 | 000,141,384 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdserd.sys
[2012/01/05 02:36:50 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/01/05 02:36:50 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/01/05 02:36:50 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/01/05 02:36:50 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/01/05 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/01/05 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/01/05 02:36:09 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\Verizon
[2012/01/05 01:41:48 | 000,042,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2012/01/05 01:41:47 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2012/01/05 01:41:47 | 000,118,768 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2012/01/05 01:41:47 | 000,081,840 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/01/05 01:41:47 | 000,011,184 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2012/01/05 01:41:47 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2012/01/05 01:41:46 | 000,512,944 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105
[2012/01/04 19:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C01029F
[2009/07/27 22:44:54 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Alec\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
[2012/01/25 13:35:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
[2012/01/25 13:28:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alec\Desktop\OTL.exe
[2012/01/25 13:23:54 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/25 13:23:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 13:23:53 | 000,291,432 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
[2012/01/25 13:23:34 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/01/25 13:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 20:13:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 10:19:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alec\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 20:15:13 | 000,227,840 | ---- | M] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/23 19:56:04 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 19:55:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alec\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/20 12:06:08 | 839,272,448 | ---- | M] () -- C:\Users\Alec\Desktop\Rarities.VOB
[2012/01/19 12:07:24 | 000,715,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:07:24 | 000,613,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:07:24 | 000,108,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/19 12:01:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/01/19 11:59:44 | 4024,811,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 02:18:59 | 734,535,680 | ---- | M] () -- C:\Users\Alec\Desktop\The Thing.avi
[2012/01/13 20:06:15 | 000,006,944 | ---- | M] () -- C:\Users\Alec\Desktop\Attach.zip
[2012/01/13 18:41:45 | 000,001,099 | ---- | M] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
[2012/01/13 18:37:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Alec\Desktop\spybotsd162.exe
[2012/01/13 18:26:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\dds.scr
[2012/01/13 18:25:24 | 000,000,945 | ---- | M] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/13 18:24:50 | 000,000,746 | ---- | M] () -- C:\Users\Alec\Desktop\ERUNT.lnk
[2012/01/13 18:23:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Alec\Desktop\erunt-setup.exe
[2012/01/13 18:10:48 | 002,970,864 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
[2012/01/13 01:19:35 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2012/01/13 01:19:35 | 000,288,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012/01/13 01:19:35 | 000,118,768 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2012/01/13 01:19:35 | 000,081,840 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2012/01/13 01:19:35 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012/01/13 01:19:35 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2012/01/13 01:19:35 | 000,011,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2012/01/13 01:19:35 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2012/01/13 01:19:34 | 000,512,944 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2012/01/12 23:38:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/12 23:38:27 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/12 23:38:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/12 23:37:01 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
[2012/01/12 23:02:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/12 23:02:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/12 23:02:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/12 22:43:38 | 000,765,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Alec\Desktop\install_reader10_en_air_mssd_aih.exe
[2012/01/12 21:33:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/12 16:43:26 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\Alec\Desktop\ComboFix.exe
[2012/01/11 11:35:05 | 002,973,356 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2012/01/07 00:44:32 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/04 19:29:40 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2012/01/02 10:42:35 | 004,059,677 | ---- | M] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
[2012/01/02 10:15:12 | 000,007,592 | ---- | M] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
[2011/12/27 09:42:04 | 002,022,965 | ---- | M] () -- C:\Users\Alec\Desktop\gut death.mp3
[2011/12/26 14:01:19 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/12/26 14:00:38 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

========== Files Created - No Company Name ==========

[2012/01/23 20:14:05 | 734,535,680 | ---- | C] () -- C:\Users\Alec\Desktop\The Thing.avi
[2012/01/23 19:56:04 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 11:59:45 | 839,272,448 | ---- | C] () -- C:\Users\Alec\Desktop\Rarities.VOB
[2012/01/13 20:06:15 | 000,006,944 | ---- | C] () -- C:\Users\Alec\Desktop\Attach.zip
[2012/01/13 18:41:45 | 000,001,099 | ---- | C] () -- C:\Users\Alec\Desktop\Spybot - Search & Destroy.lnk
[2012/01/13 18:25:24 | 000,000,945 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/13 18:24:50 | 000,000,746 | ---- | C] () -- C:\Users\Alec\Desktop\ERUNT.lnk
[2012/01/13 01:19:38 | 002,970,864 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Cat.DB
[2012/01/12 23:37:01 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\isolate.ini
[2012/01/12 22:56:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/12 17:07:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/12 17:07:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/12 17:07:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/12 17:07:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/12 17:07:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/05 01:41:49 | 002,973,356 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Cat.DB
[2012/01/04 19:29:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\isolate.ini
[2012/01/02 10:42:32 | 004,059,677 | ---- | C] () -- C:\Users\Alec\Desktop\karaoke Backing Tracks - More Than Words - Extreme.mp3
[2011/12/27 09:33:19 | 002,022,965 | ---- | C] () -- C:\Users\Alec\Desktop\gut death.mp3
[2011/09/16 08:39:25 | 000,000,389 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.producer.xml
[2011/06/21 15:07:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/21 15:07:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/16 23:05:31 | 000,000,283 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2010/03/21 21:48:43 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010/03/21 21:48:43 | 000,004,149 | ---- | C] () -- C:\Windows\unins000.dat
[2010/01/22 17:04:16 | 000,000,689 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2009/12/08 00:01:07 | 000,007,592 | ---- | C] () -- C:\Users\Alec\AppData\Local\d3d9caps.dat
[2009/10/05 00:02:57 | 000,027,528 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\UserTile.png
[2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/30 16:25:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/22 15:31:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/22 15:30:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/22 15:29:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/11 18:41:08 | 000,023,348 | ---- | C] () -- C:\Users\Alec\AppData\Roaming\wklnhst.dat
[2009/07/25 20:56:27 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/07/25 20:55:02 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009/07/23 18:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2009/07/15 00:23:21 | 000,227,840 | ---- | C] () -- C:\Users\Alec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 05:43:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/08 05:16:33 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/08 05:06:10 | 000,291,432 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/24 15:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/06/24 15:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/24 15:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/05/14 12:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/10/02 13:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/06/13 12:58:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2002/06/13 12:58:44 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/06/13 12:58:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2002/06/13 12:58:24 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/02/05 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Amazon
[2010/05/12 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\AnvSoft
[2011/12/26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Audacity
[2010/08/22 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\CVS
[2010/06/13 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Facebook
[2010/07/27 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\FMZilla
[2009/09/29 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Free Download Manager
[2011/09/17 09:12:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GetRightToGo
[2011/07/10 20:54:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\go
[2010/07/25 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\GrabPro
[2011/10/20 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Greyfirst
[2011/09/27 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\gtk-2.0
[2011/05/27 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ImgBurn
[2011/03/01 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\OpenOffice.org
[2011/10/11 23:40:46 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Orbit
[2011/01/06 12:02:12 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PCDr
[2009/10/05 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\PeerNetworking
[2010/07/25 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\ProgSense
[2009/08/09 13:05:13 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Publish Providers
[2011/05/29 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony
[2011/11/20 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software
[2010/09/07 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Sony Creative Software Inc
[2009/08/11 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Template
[2011/09/16 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Ustream Producer
[2010/07/16 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Vara Software
[2009/09/29 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\VistaCodecs
[2009/12/28 22:04:30 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western Digital
[2010/04/28 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Western DigitalTemp
[2010/07/18 13:21:45 | 000,000,000 | ---D | M] -- C:\Users\Alec\AppData\Roaming\Wirecast
[2012/01/25 13:28:54 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
[2012/01/25 13:23:50 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
[2012/01/05 01:42:49 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/19 11:45:01 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/25 13:33:30 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2012/01/25 13:39:12 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25990C16

< End of report >

Alecsull
2012-01-25, 20:46
And the Extras.txt:

OTL Extras logfile created on: 1/25/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alec\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 40.06% Memory free
7.67 Gb Paging File | 4.49 Gb Available in Paging File | 58.49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 118.73 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: ALEC-PC | User Name: Alec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FF B9 2E 29 8A 25 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe" = C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla
"C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe" = C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla
"C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFFCC1F-D85A-4B88-8D43-5430F9198876}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BB1EDA0-17E7-4F47-89BC-41751EECA6CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14975F7F-3DD9-4F27-95C0-D691C4F750C8}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{19DD0E1E-007A-4506-8258-5362C1688280}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1B333FA5-BBB3-46B0-922A-D6F54ECD969B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F71443D-6F32-4592-A47D-BF997E6AFA5C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{22D24727-C4B3-4972-9D89-FC1208F59849}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A6F6476-2A7F-456B-BE1A-F103855E93EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32EC78F2-4289-409E-AD1D-D1D9362DA566}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39AB9139-5410-49C4-B262-DF42B38FF9F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C941CA8-074A-4BFB-8A0B-FB6A5829210A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D6CC10C-02A7-40CA-89D3-891EA44F6A6E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{4A136E0A-F584-48EB-B7A8-7574A2F66469}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4B5A3C8A-017E-470A-AE17-0C15D18CFEC1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5243E453-F191-47B7-9161-B0C6F7B017D2}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{580E3000-6604-4026-A83D-C7EE4CF1678B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5B13C962-5FF0-4731-9C68-D92CDD74D1C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{60573153-B1EB-4371-9C04-34E48DB509CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CAE9C9D-22DA-4F48-8B0C-BBE157B73B93}" = rport=139 | protocol=6 | dir=out | app=system |
"{8A595736-AC08-4290-B7EA-CAE5B88AA8EB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{96C242B1-DB53-4D21-9EBA-AB6DB14B6B4A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{9A1D7427-35AB-4D13-9C48-6B34BB85D533}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FE1D0A9-8DD2-4351-AE7B-A965C53D5D44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A427DC98-68BB-47B8-A4F7-ACE104BE055C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6BD8C94-D743-4C28-9509-9ED007D20A85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A948FFCC-570B-4360-94BA-689EFD9721C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{B35CF728-A0BF-49DC-B216-656A2EBEE265}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B747113E-BABC-4E4E-9FFD-0DB588E1228E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE9F6B9C-BB82-4530-BAB5-A224E55EFE4F}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{BEDF25A2-9F7B-4396-9A2D-B1C17FEB819D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1CDDDEB-A070-4E31-87C9-DA9FC8C2A1C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{C20A7279-A561-4646-A068-149BA04FC011}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5377CF2-2A9B-444E-B623-AD17CF790F55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D08E3FB9-E718-4911-B2D9-BC8D34863D95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5F91BDD-6E0D-49DA-A0B4-2535FC8F9AC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D6894447-99E3-4480-97CC-8933C8FA44DA}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{DE4569CB-ECD0-4078-AB73-6E79A0387BC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{E558EF20-37F4-4C95-8E34-90E6EE09733C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{E7196F57-1214-45D3-A988-AD37208A4CF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E963BBB2-25B6-40A0-AB1C-2134203F8B53}" = rport=138 | protocol=17 | dir=out | app=system |
"{F050A93B-FB03-4879-BEBD-562A8DE22E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F0FE687D-DC5C-4B26-9AC5-7F4C93471692}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F73A3952-B5DD-4B52-BBDC-E20DFFDEA157}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03916C04-3F0C-4BF0-9382-3C8385CE1D61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0567882B-653C-4757-A6EF-44DA3FB5CA36}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{0701C2B4-FC04-48AE-A3E3-F6DB0F59779B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{08B4D964-702A-4106-967D-E16CF33D953F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{0AF15574-AEF7-4575-B218-3EE24321D441}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0CF0798C-BF9B-44FF-8D56-DF6C3F20315F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{0F4AEE4F-DCF1-4122-A9B4-3EDC441D0D09}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{107376A7-1864-4555-8140-4611E94F3553}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11C3D709-FDF8-4CB9-BF35-BCCED7B1EC5B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{16B9584E-D394-4A2E-8258-412C27E756F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1879A49F-C021-4E2E-A06C-50982FEA785C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{1D4B77F2-05B6-422A-85BF-125FF343BDF6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FE68A3D-42E4-4C0D-B3E8-E1D7E9B58749}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{23C45CF6-349B-4359-9347-AE11EC1AED3A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{2A7E78EF-40BC-421C-8B6E-FF189ED7F085}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B1F71EC-304E-4C51-81F7-048326C2571C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33A5FE97-6157-4061-A8B2-0EDDC305DB2A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{35B5D969-D8A6-43FD-944E-087136DC10D6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{3697B810-2C74-481E-A1C7-C697E958F853}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{36AE5A6E-C0D7-4DA0-B010-BCBAD025B59D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{36D70D2A-3740-4C43-99F0-5319316542E1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{3C273F56-80C8-443B-88CF-FE19A22B03CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D40B245-A1DA-43FF-95FD-14326B38B0A1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{4196B761-FEEF-4A90-8E72-DB9B6EEFA29A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{43957F82-E588-4CE2-AB1A-DB49D7F39E18}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45D75CAB-4A47-4CB2-B396-0040C4FB069D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{484897D7-0EF3-4B35-9827-F1C11D6C4AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4B728AAE-F38B-4F26-A0AC-2D59DECA7B6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CAB486C-CEB2-4579-9CCE-CC14BCF1F239}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{4D74056F-8BC3-4A52-BB7A-85D0B431065A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54A8957D-5895-43B1-9987-95C6590CD0CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{54F3D432-AA0F-408E-A9AC-D63D465D6DD3}" = protocol=6 | dir=out | app=system |
"{55E38F47-D3A2-40E5-9D42-04FBA0554652}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{5B637EE0-F859-480B-AAEA-885AE663AE68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{613FB321-B6C5-41FB-AAD3-2FDA6F5FA04D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63EF285A-AA33-4ABF-93F3-7927B0C183F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9B0B66-9D9C-412F-9850-6614313EAE7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D0A41CA-DE1C-44BC-B315-1C902CF4B7F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{802BF914-D1DF-4EFE-9CF8-3D3A3C1E0CF5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8610B80F-E40A-4D41-9EC2-4328EC8440C7}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{868635DA-CF85-4D24-B1B6-BEC0B7476094}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{87C61BAA-ACD1-4396-8A60-DED822D11928}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DB6E83E-D704-4574-8D18-D8E0552ADC1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98E5D57E-22D9-496C-BA07-F409F6890A8C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{9B618CF2-7A3B-44FF-92FB-A2397CA0482B}" = dir=in | app=c:\users\alec\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9C4AC971-2D38-41AA-B6C2-FD6ED1669988}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{A1036AF7-9B50-4920-8862-48BC38C4BC9D}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{A2691A64-7FFE-4EAB-9A1F-DC33AE99EFFF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{A303C1F3-286F-487E-9F43-626017AA8B8C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{A6A3D02C-EE30-48B8-BE6D-D9D49DBD02B6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{A79F6E4A-2746-454B-A020-9F4B84E8698E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{AE2DE169-A4D8-4FE8-AA8D-050B63966BE4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B96391FE-2421-4396-889E-CF05C3E55955}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCBA150E-8E28-4CA9-B719-A35B6FB2FD2F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{BD9067AE-45D3-403D-83AE-1F1204023AA4}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{BFCFA5A7-F897-4BEE-961C-F3715B485E9C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{C59CC646-5044-47C3-BD75-D950D44AF0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C651CD77-5A62-432A-8157-B2D52C1260D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C874F3D3-238C-4136-A2BE-7A412D9FCB43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C4DE0F-7CF7-4A93-820B-DC0A753D971A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4E6D3F1-110E-4508-BA9C-9E734C4FAD63}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D6430C69-F05E-460F-9DBC-3B07E5F9259E}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{D7CB0BEC-3C6C-4CC4-AF37-47CEA2E6B546}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96BE438-B9FF-44E5-AB70-3BDA15144FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{D99E4FAC-3DA3-41E7-A861-22254B188168}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA43B707-7992-404A-84DD-2C26F48B03E1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DA540B08-5683-455C-A585-3DF98E3F6A7E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{DA640B2F-ED6B-4A7A-869C-25CC1AD446B0}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{DD14AC8D-9C2D-4AB2-B611-F225BBD46A74}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{E0B038DF-6EEF-41FE-907E-B87D6DD1EFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{E67200B3-3E9C-4B6B-9925-A389DA043AAB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{EAF8BAE1-3DA1-4E50-8705-5EBF9CE35F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFE08815-15FC-41A2-9DC7-4CA56C44A4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F32F7896-C4AB-4F72-B11B-DC6F1F415BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{FBB282DF-B3B3-431B-8E24-E9D7A531B34D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19B62EDC-C108-4393-B3F1-8A813096CC8E}" = Symantec Endpoint Protection
"{35C2BB76-B80A-4E3B-A9BE-CF7F23651F33}" = WD SmartWare
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F7A9C3D-4A5A-4C56-B156-364F2CB418F0}" = Ustream Producer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Celtx (2.9.1)" = Celtx (2.9.1)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"ImgBurn" = ImgBurn
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"JEOPARDY!®" = JEOPARDY!®
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Orbit_is1" = Orbit Downloader
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Steam App 440" = Team Fortress 2
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2011 10:35:14 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15163

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16193

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16193

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17191

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17191

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18190

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18190

[ Broadcom Wireless LAN Events ]
Error - 11/20/2011 6:51:14 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 17:51:14, Sun, Nov 20, 11 Error - Unable to gain access to user store


Error - 11/21/2011 3:02:30 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 14:02:30, Mon, Nov 21, 11 Error - Unable to gain access to user store


Error - 12/16/2011 2:28:39 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 13:28:39, Fri, Dec 16, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/19/2012 1:01:21 PM | Computer Name = Alec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/22/2012 12:18:54 AM | Computer Name = Alec-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.19 for the Network Card with network
address 00242C5B50B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

ken545
2012-01-26, 00:40
What I would do is run ESET again and this time have it remove what it finds

In case you need it


Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic








Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes

box located at the bottom of OTL




:processes
killallprocesses


:OTL
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25990C16


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Alecsull
2012-01-26, 20:16
Here's the ESET log:

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined
C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Users\Alec\AppData\RoamingaZjcdj.exe Win32/Injector.JDE trojan cleaned by deleting - quarantined
C:\Users\Alec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5553b092-516ca534 Win32/Injector.JDE trojan cleaned by deleting - quarantined
D:\Windows\System32\autochk.exe probably a variant of Win32/Agent.TKD trojan cleaned by deleting - quarantined

And here's the OTL log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
ADS C:\ProgramData\TEMP:25990C16 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alec\Desktop\cmd.bat deleted successfully.
C:\Users\Alec\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Alec
->Temp folder emptied: 5294624 bytes
->Temporary Internet Files folder emptied: 136246130 bytes
->Java cache emptied: 13219359 bytes
->FireFox cache emptied: 1180820453 bytes
->Google Chrome cache emptied: 336988236 bytes
->Flash cache emptied: 11636012 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2319784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 243 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,608.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01262012_122839

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ken545
2012-01-26, 20:23
Great, how are things running now, any issues ?

Alecsull
2012-01-27, 08:56
It's running pretty well! Fairly normal, other than those random problems with the volume/brightness and i havent tried updating but its not slowing down at any time, although that program is still taking up a bunch of CPU... C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 Its in there and its called "stacsv64" Any idea what it is?

ken545
2012-01-27, 15:03
Good morning,

The problem your having looks like its related to a bad HP driver
http://h30434.www3.hp.com/t5/Notebook-PC-Sound-and-Audio/STacSV64-exe-IDT-PC-Audio-using-50-of-cpu/td-p/36882/page/15

Since we just do malware removal on this forum, post here at our sister site and they can help you resolve the volume issue, you can tell them you posted here and link them to this thread so they can see what we have done

http://forums.whatthetech.com/index.php?showforum=119



Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Alecsull
2012-01-29, 19:25
So I uninstalled the stuff you told me to and I restarted my comp but now my Internet is extremely slow, mostly unresponsive! What should I do? I'm using my iPod right now cause my comp won't get on the Internet And the CPU is going crazy.

ken545
2012-01-29, 20:33
Try rebooting your system again, removing those tools with OTL should not effect your internet access, thats all it does is remove the tools.

Turn off your router, your cable or dsl modem and shut down your system, wait about 3 or 4 min for everything to close, then start your modem, once its up and running start your router, when its up and running start your computer

Alecsull
2012-01-29, 21:08
Tried it, no difference. My Internet is running fine in general, even on my iPod and my rooommates comps but my computer says it's connected and won't even load google. On the random occasion a website does load, it takes forever. Symantec is saying "traffic has been blocked from this application: Hist Process for Windows Services (svchost.exe)". What do I do?!

Alecsull
2012-01-29, 21:12
Correction: *host process

ken545
2012-01-29, 21:33
Try doing a System Restore prior to using OTL to remove all the tools

Open System Restore by clicking the Start button , clicking All Programs, clicking Accessories, clicking System Tools, and then clicking System Restore.* If you are prompted for an administrator password or confirmation, type the password or provide confirmation. Then chose a restore point prior to this problem

Alecsull
2012-02-01, 09:17
I just got your last response but before that I had been searching for a solution. I could get internet access using safe mode with networking, but I still couldn't get on the web in normal mode. However, I tried uninstalling and reinstalling the WLAN card driver, and since then I have been able to go on the web. However, Symantec wants to update but it still says the same thing as before (traffic is blocked from it), so it can't update. I ran connection diagnostics on my WLAN card and the "Internet IP Ping" test failed. The description read, "The wireless router/AP for your network is working, but your computer is not able to use an IP address to connect to the Internet. You will not be able to connect to the Internet, although you might be able to connect to your local network. Contact your network administrator or wireless router/AP installer for assistance." I am sort of nervous about using system restore because things seem to be working kind of ok right now and I don't want to screw anything up... What are your thoughts on the failed ping test?

ken545
2012-02-01, 11:05
Good Morning Alex,,

Glad your making some progress, why dont you post in our sister site for networking, there more in tune with issues like this. I am really not sure what using OTL for the final clean up as done, been using this tool on over a 1000 threads with other users and never came across this before. All this tool does is remove the tools and there back ups that we may have used cleaning your system.

http://forums.whatthetech.com/index.php?showforum=128


You can link them to this thread if you wish so they can see what we have done, I will keep this thread open for you so post back and let me know if they helped you.

Alecsull
2012-02-01, 17:58
Alright sounds good. Thank you SO much for your help! I really appreciate it!

ken545
2012-02-01, 19:18
Good luck

Ken :)