Possible Malware Infection

**Alecsull** · 2012-01-14, 02:12

A couple weeks ago my computer (Dell Studio XPS 1340 running 64 bit Vista) started running slowly, like a process was taking up all the CPU. Sure enough, something was. I checked task manager, and after I clicked "show processes from all users", it revealed a process that I tracked to this - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 - I looked it up, and found a posting on this website which had the same process mentioned - http://forums.spybot.info/showthread.php?t=63149 - Now, I am ashamed to admit that I read the whole thread and decided to use Combofix. I did so carefully, following all warnings except the most important one... To not do it. Unfortunately I was impatient and did not even read enough on here to run ERUNT or take any precautions like that to get a "lay of the land" of my computer as it was, which I know now will make it tougher to target if something is wrong. However, I ran CF very carefully and it did not seem to have any effect on my machine. It was running pretty well. I have the log, and I still haven't uninstalled the program because I started to read more about this whole process on a different computer during my Combofix run. However, after another restart of the system, that same "File Repository" process started doin' its thang again (there was also another one taking up a big amount, which seemed to be Symantec - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin.) After that, I decided to try to make amends for my stupidity and impatience by doing this whole process properly (although I understand there is a huge possibility that I already screwed it up). After another restart, my system seems like its running normally and that process has yet to show up again, but I just wanna make sure in case it does. Please let me know what I should do! And I sincerely apologize for being an idiot before. I just don't wanna be one right now. Please remember that the following results were found AFTER my renegade CF run, the log of which I can provide if needed. Thank you so much for ANY help!

Here's the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_30
Run by Alec at 18:26:48 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1499 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Facebook Update] "C:\Users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FAStartup]
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Alec\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEMU~1.LNK - C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2DA9E90C-50F2-4DF6-A95E-113C5D75096B} : DhcpNameServer = 192.168.1.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\Alec\Desktop\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\Alec\Desktop\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FAStartup]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alec\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Alec\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120106.011\BHDrvx64.sys [2012-1-12 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120112.002\IDSviA64.sys [2012-1-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [?]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-8 636144]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-2-26 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-11 138360]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-10 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-13 04:38:27 -------- d-----w- C:\Program Files\Symantec
2012-01-13 04:36:39 -------- d-----w- C:\ProgramData\regid.1992_12.com.symantec
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105
2012-01-13 04:36:32 -------- d-----w- C:\Windows\System32\drivers\SEP\0C0103E8
2012-01-13 02:34:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-12 22:07:23 98816 ----a-w- C:\Windows\sed.exe
2012-01-12 22:07:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-12 22:07:23 256000 ----a-w- C:\Windows\PEV.exe
2012-01-12 22:07:23 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 16:35:30 451072 ----a-w- C:\Windows\System32\winsrv.dll
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34:52 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02:03 95744 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-01-08 18:02:03 7680 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-01-08 18:02:03 49664 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-01-08 18:02:03 275456 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-01-08 18:02:03 262144 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-01-08 18:02:03 24576 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-01-08 17:55:10 40448 ----a-w- C:\Windows\System32\drivers\watchdog.sys
2012-01-05 07:36:50 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
2012-01-05 07:36:50 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
2012-01-05 07:36:50 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
2012-01-05 07:36:50 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys
2012-01-05 07:36:50 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys
2012-01-05 07:36:50 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
2012-01-05 07:36:49 -------- d-----w- C:\Program Files\SAMSUNG
2012-01-05 07:36:29 -------- d-----w- C:\ProgramData\Samsung
2012-01-05 07:36:09 53248 ----a-r- C:\Users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36:09 -------- d-----w- C:\Users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41:48 42632 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2012-01-05 06:41:47 81840 ----a-w- C:\Windows\System32\FwsVpn.dll
2012-01-05 06:41:47 374704 ----a-w- C:\Windows\SysWow64\sysfer.dll
2012-01-05 06:41:47 118768 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2012-01-05 06:41:47 11184 ----a-w- C:\Windows\System32\sysferThunk.dll
2012-01-05 06:41:47 10672 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
2012-01-05 06:41:46 512944 ----a-w- C:\Windows\System32\sysfer.dll
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP\0C01029F
2012-01-05 00:22:59 -------- d-----w- C:\Windows\System32\drivers\SEP
2011-12-16 18:18:19 -------- d-----w- C:\Program Files\iPod
2011-12-16 18:18:17 -------- d-----w- C:\Program Files\iTunes
2011-12-16 18:18:17 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-01-13 23:05:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-01-13 23:05:49 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\SysWow64\snacnp.dll
2012-01-13 06:19:35 58288 ----a-w- C:\Windows\System32\snacnp.dll
2012-01-13 06:19:35 288176 ----a-w- C:\Windows\System32\SymVPN.dll
2012-01-13 04:38:27 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-13 04:02:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-26 19:01:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-26 19:00:38 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-12-04 21:33:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-10-31 00:24:02 931448 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys
2011-10-31 00:24:02 678008 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys
2011-10-31 00:24:02 62672 ----a-w- C:\Windows\System32\drivers\Teefer.sys
2011-10-31 00:24:02 451192 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys
2011-10-31 00:24:02 433272 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symtdiv.sys
2011-10-31 00:24:02 39032 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys
2011-10-31 00:24:02 171128 ----a-w- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:29:38.74 ===============

Here's the S&D list:

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-01-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2012-01-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-01-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-01-02 Includes\TrojansC-02.sbi (*)
2012-01-09 Includes\TrojansC-03.sbi (*)
2012-01-10 Includes\TrojansC-04.sbi (*)
2012-01-02 Includes\TrojansC-05.sbi (*)
2012-01-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

**ken545** · 2012-01-24, 01:19

Why dont you go ahead and post the Combofix log and lets see what it removed and we can decide if we need to look further

**Alecsull** · 2012-01-24, 01:27

Sounds good. Here it is!

ComboFix 12-01-12.04 - Alec 01/12/2012 17:13:37.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1573 [GMT -5:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alec\AppData\Roaming\FFSJ
c:\users\Alec\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Alec\lame_enc_en.dll
c:\users\Alec\lametritonus_en.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
c:\windows\SysWow64\odbcad32.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-01-13 02:28 . 2012-01-13 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 16:35 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:34 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:34 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-08 18:02 . 2009-11-06 11:05 275456 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-08 18:02 . 2009-11-06 11:05 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-08 18:02 . 2009-11-06 11:05 262144 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-08 18:02 . 2009-11-06 11:05 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-08 18:02 . 2009-11-06 11:05 24576 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-08 18:02 . 2009-11-06 11:05 7680 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-08 17:55 . 2009-07-18 09:38 40448 ----a-w- c:\windows\system32\drivers\watchdog.sys
2012-01-05 07:36 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-01-05 07:36 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-01-05 07:36 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-01-05 07:36 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2012-01-05 07:36 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\program files\SAMSUNG
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\programdata\Samsung
2012-01-05 07:36 . 2012-01-05 07:36 53248 ----a-r- c:\users\Alec\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Alec\AppData\Roaming\Verizon
2012-01-05 06:41 . 2012-01-05 06:41 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2012-01-05 06:41 . 2012-01-05 06:41 374704 ----a-w- c:\windows\SysWow64\sysfer.dll
2012-01-05 06:41 . 2012-01-05 06:41 147632 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-01-05 06:41 . 2012-01-05 06:41 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
2012-01-05 06:41 . 2012-01-05 06:41 102832 ----a-w- c:\windows\system32\FwsVpn.dll
2012-01-05 06:41 . 2012-01-05 06:41 513456 ----a-w- c:\windows\system32\sysfer.dll
2012-01-05 00:22 . 2012-01-05 00:22 -------- d-----w- c:\windows\system32\drivers\SEP
2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\program files\iPod
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files\iTunes
2011-12-16 18:18 . 2011-12-16 18:19 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 02:32 . 2009-07-26 01:55 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-13 02:32 . 2009-07-26 01:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-01-05 06:41 . 2011-05-01 16:39 287152 ----a-w- c:\windows\system32\SymVPN.dll
2012-01-05 06:41 . 2011-05-01 16:39 58288 ------w- c:\windows\SysWow64\snacnp.dll
2012-01-05 00:30 . 2009-08-27 18:12 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-26 19:01 . 2009-07-26 01:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-12-26 19:00 . 2009-07-26 01:55 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-12-04 21:33 . 2011-06-17 16:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-14 02:20 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-10-25 16:09 . 2011-12-14 02:22 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-14 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
Free Music Zilla.lnk - c:\users\Alec\Desktop\Free Music Zilla\FMZilla.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2010-8-7 537968]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-2-26 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-2-26 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 20:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000Core.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3692140733-1139751130-3127336351-1000UA.job
- c:\users\Alec\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 01:52]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-11 00:40]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{E4D83E8B-C455-41A2-A0E8-28EC473B02EC}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-28 82464]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\users\Alec\Desktop\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\users\Alec\Desktop\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\wxusyy7q.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-MMTray - c:\program files (x86)\Morgan\m3jpegV3\MMTray.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-CamStudio - c:\users\Alec\Desktop\CamStudio\uninstall.exe
AddRemove-DVD Shrink_is1 - c:\users\Alec\Desktop\DVD Shrink\unins000.exe
AddRemove-Free RAR Extract Frog - c:\users\Alec\Desktop\Free RAR Extract Frog\uninstall.exe
AddRemove-SolveigMM AVI Trimmer - c:\users\Alec\Desktop\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-01-12 21:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 02:44
.
Pre-Run: 151,725,871,104 bytes free
Post-Run: 155,454,177,280 bytes free
.
- - End Of File - - 69CE5FBE6728822255ACD14272430523

**ken545** · 2012-01-24, 01:45

Hows your system running, and browser redirects ?

Lets clean you up a bit more

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**Alecsull** · 2012-01-24, 02:10

My system seems to be running pretty well, although that process that sucks up all the CPU has come back a few times this past week. Not sure what you mean by browser redirects, but I haven't noticed anything suspicious about my online experience. Malwarebytes said it found no malicious content! Thanks a ton for the help. Anything else I should do? Here's the log:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19019
Alec :: ALEC-PC [administrator]

Protection: Enabled

1/23/2012 7:56:53 PM
mbam-log-2012-01-23 (19-56-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200282
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**Alecsull** · 2012-01-24, 02:12

Oh, and I just remembered that I have tried to download and install updates with Windows Updater and it works until I restart my computer. After it is restarted it says that all of the updates (22 of them) failed. Any ideas?

Thread: Possible Malware Infection

Thread Tools

Display

Hybrid View

Possible Malware Infection

Posting Permissions