Possible Malware Infection

**Alecsull** · 2012-01-25, 19:46

And the Extras.txt:

OTL Extras logfile created on: 1/25/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alec\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 40.06% Memory free
7.67 Gb Paging File | 4.49 Gb Available in Paging File | 58.49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 118.73 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.42 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: ALEC-PC | User Name: Alec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FF B9 2E 29 8A 25 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe" = C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla
"C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe" = C:\Users\Alec\Desktop\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla
"C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe" = C:\Users\Alec\Desktop\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFFCC1F-D85A-4B88-8D43-5430F9198876}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BB1EDA0-17E7-4F47-89BC-41751EECA6CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14975F7F-3DD9-4F27-95C0-D691C4F750C8}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{19DD0E1E-007A-4506-8258-5362C1688280}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1B333FA5-BBB3-46B0-922A-D6F54ECD969B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F71443D-6F32-4592-A47D-BF997E6AFA5C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{22D24727-C4B3-4972-9D89-FC1208F59849}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A6F6476-2A7F-456B-BE1A-F103855E93EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32EC78F2-4289-409E-AD1D-D1D9362DA566}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39AB9139-5410-49C4-B262-DF42B38FF9F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C941CA8-074A-4BFB-8A0B-FB6A5829210A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D6CC10C-02A7-40CA-89D3-891EA44F6A6E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{4A136E0A-F584-48EB-B7A8-7574A2F66469}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4B5A3C8A-017E-470A-AE17-0C15D18CFEC1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5243E453-F191-47B7-9161-B0C6F7B017D2}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{580E3000-6604-4026-A83D-C7EE4CF1678B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5B13C962-5FF0-4731-9C68-D92CDD74D1C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{60573153-B1EB-4371-9C04-34E48DB509CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CAE9C9D-22DA-4F48-8B0C-BBE157B73B93}" = rport=139 | protocol=6 | dir=out | app=system |
"{8A595736-AC08-4290-B7EA-CAE5B88AA8EB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{96C242B1-DB53-4D21-9EBA-AB6DB14B6B4A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{9A1D7427-35AB-4D13-9C48-6B34BB85D533}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FE1D0A9-8DD2-4351-AE7B-A965C53D5D44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A427DC98-68BB-47B8-A4F7-ACE104BE055C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6BD8C94-D743-4C28-9509-9ED007D20A85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A948FFCC-570B-4360-94BA-689EFD9721C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{B35CF728-A0BF-49DC-B216-656A2EBEE265}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B747113E-BABC-4E4E-9FFD-0DB588E1228E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE9F6B9C-BB82-4530-BAB5-A224E55EFE4F}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{BEDF25A2-9F7B-4396-9A2D-B1C17FEB819D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1CDDDEB-A070-4E31-87C9-DA9FC8C2A1C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{C20A7279-A561-4646-A068-149BA04FC011}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5377CF2-2A9B-444E-B623-AD17CF790F55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D08E3FB9-E718-4911-B2D9-BC8D34863D95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5F91BDD-6E0D-49DA-A0B4-2535FC8F9AC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D6894447-99E3-4480-97CC-8933C8FA44DA}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{DE4569CB-ECD0-4078-AB73-6E79A0387BC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{E558EF20-37F4-4C95-8E34-90E6EE09733C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{E7196F57-1214-45D3-A988-AD37208A4CF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E963BBB2-25B6-40A0-AB1C-2134203F8B53}" = rport=138 | protocol=17 | dir=out | app=system |
"{F050A93B-FB03-4879-BEBD-562A8DE22E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F0FE687D-DC5C-4B26-9AC5-7F4C93471692}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F73A3952-B5DD-4B52-BBDC-E20DFFDEA157}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03916C04-3F0C-4BF0-9382-3C8385CE1D61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0567882B-653C-4757-A6EF-44DA3FB5CA36}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{0701C2B4-FC04-48AE-A3E3-F6DB0F59779B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{08B4D964-702A-4106-967D-E16CF33D953F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{0AF15574-AEF7-4575-B218-3EE24321D441}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0CF0798C-BF9B-44FF-8D56-DF6C3F20315F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{0F4AEE4F-DCF1-4122-A9B4-3EDC441D0D09}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{107376A7-1864-4555-8140-4611E94F3553}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11C3D709-FDF8-4CB9-BF35-BCCED7B1EC5B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{16B9584E-D394-4A2E-8258-412C27E756F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1879A49F-C021-4E2E-A06C-50982FEA785C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{1D4B77F2-05B6-422A-85BF-125FF343BDF6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FE68A3D-42E4-4C0D-B3E8-E1D7E9B58749}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{23C45CF6-349B-4359-9347-AE11EC1AED3A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{2A7E78EF-40BC-421C-8B6E-FF189ED7F085}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B1F71EC-304E-4C51-81F7-048326C2571C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33A5FE97-6157-4061-A8B2-0EDDC305DB2A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{35B5D969-D8A6-43FD-944E-087136DC10D6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{3697B810-2C74-481E-A1C7-C697E958F853}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{36AE5A6E-C0D7-4DA0-B010-BCBAD025B59D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{36D70D2A-3740-4C43-99F0-5319316542E1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{3C273F56-80C8-443B-88CF-FE19A22B03CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D40B245-A1DA-43FF-95FD-14326B38B0A1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{4196B761-FEEF-4A90-8E72-DB9B6EEFA29A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{43957F82-E588-4CE2-AB1A-DB49D7F39E18}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45D75CAB-4A47-4CB2-B396-0040C4FB069D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\snac64.exe |
"{484897D7-0EF3-4B35-9827-F1C11D6C4AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4B728AAE-F38B-4F26-A0AC-2D59DECA7B6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CAB486C-CEB2-4579-9CCE-CC14BCF1F239}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{4D74056F-8BC3-4A52-BB7A-85D0B431065A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54A8957D-5895-43B1-9987-95C6590CD0CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{54F3D432-AA0F-408E-A9AC-D63D465D6DD3}" = protocol=6 | dir=out | app=system |
"{55E38F47-D3A2-40E5-9D42-04FBA0554652}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{5B637EE0-F859-480B-AAEA-885AE663AE68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{613FB321-B6C5-41FB-AAD3-2FDA6F5FA04D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63EF285A-AA33-4ABF-93F3-7927B0C183F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9B0B66-9D9C-412F-9850-6614313EAE7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D0A41CA-DE1C-44BC-B315-1C902CF4B7F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{802BF914-D1DF-4EFE-9CF8-3D3A3C1E0CF5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8610B80F-E40A-4D41-9EC2-4328EC8440C7}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{868635DA-CF85-4D24-B1B6-BEC0B7476094}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{87C61BAA-ACD1-4396-8A60-DED822D11928}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DB6E83E-D704-4574-8D18-D8E0552ADC1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98E5D57E-22D9-496C-BA07-F409F6890A8C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{9B618CF2-7A3B-44FF-92FB-A2397CA0482B}" = dir=in | app=c:\users\alec\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9C4AC971-2D38-41AA-B6C2-FD6ED1669988}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{A1036AF7-9B50-4920-8862-48BC38C4BC9D}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{A2691A64-7FFE-4EAB-9A1F-DC33AE99EFFF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{A303C1F3-286F-487E-9F43-626017AA8B8C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{A6A3D02C-EE30-48B8-BE6D-D9D49DBD02B6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{A79F6E4A-2746-454B-A020-9F4B84E8698E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{AE2DE169-A4D8-4FE8-AA8D-050B63966BE4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B96391FE-2421-4396-889E-CF05C3E55955}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCBA150E-8E28-4CA9-B719-A35B6FB2FD2F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{BD9067AE-45D3-403D-83AE-1F1204023AA4}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{BFCFA5A7-F897-4BEE-961C-F3715B485E9C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{C59CC646-5044-47C3-BD75-D950D44AF0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C651CD77-5A62-432A-8157-B2D52C1260D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C874F3D3-238C-4136-A2BE-7A412D9FCB43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C4DE0F-7CF7-4A93-820B-DC0A753D971A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4E6D3F1-110E-4508-BA9C-9E734C4FAD63}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D6430C69-F05E-460F-9DBC-3B07E5F9259E}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{D7CB0BEC-3C6C-4CC4-AF37-47CEA2E6B546}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96BE438-B9FF-44E5-AB70-3BDA15144FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{D99E4FAC-3DA3-41E7-A861-22254B188168}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA43B707-7992-404A-84DD-2C26F48B03E1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DA540B08-5683-455C-A585-3DF98E3F6A7E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{DA640B2F-ED6B-4A7A-869C-25CC1AD446B0}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{DD14AC8D-9C2D-4AB2-B611-F225BBD46A74}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1000.157.105\bin64\smc.exe |
"{E0B038DF-6EEF-41FE-907E-B87D6DD1EFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{E67200B3-3E9C-4B6B-9925-A389DA043AAB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{EAF8BAE1-3DA1-4E50-8705-5EBF9CE35F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFE08815-15FC-41A2-9DC7-4CA56C44A4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F32F7896-C4AB-4F72-B11B-DC6F1F415BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{FBB282DF-B3B3-431B-8E24-E9D7A531B34D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19B62EDC-C108-4393-B3F1-8A813096CC8E}" = Symantec Endpoint Protection
"{35C2BB76-B80A-4E3B-A9BE-CF7F23651F33}" = WD SmartWare
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F7A9C3D-4A5A-4C56-B156-364F2CB418F0}" = Ustream Producer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Celtx (2.9.1)" = Celtx (2.9.1)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"ImgBurn" = ImgBurn
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"InstallShield_{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library
"JEOPARDY!®" = JEOPARDY!®
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Orbit_is1" = Orbit Downloader
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Steam App 440" = Team Fortress 2
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3692140733-1139751130-3127336351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2011 10:35:14 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15163

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16193

Error - 11/17/2011 10:35:15 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16193

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17191

Error - 11/17/2011 10:35:16 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17191

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18190

Error - 11/17/2011 10:35:17 AM | Computer Name = Alec-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18190

[ Broadcom Wireless LAN Events ]
Error - 11/20/2011 6:51:14 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 17:51:14, Sun, Nov 20, 11 Error - Unable to gain access to user store

Error - 11/21/2011 3:02:30 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 14:02:30, Mon, Nov 21, 11 Error - Unable to gain access to user store

Error - 12/16/2011 2:28:39 PM | Computer Name = Alec-PC | Source = WLAN-Tray | ID = 0
Description = 13:28:39, Fri, Dec 16, 11 Error - Unable to gain access to user store

[ System Events ]
Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 1/19/2012 12:44:35 PM | Computer Name = Alec-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/19/2012 1:01:21 PM | Computer Name = Alec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/22/2012 12:18:54 AM | Computer Name = Alec-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.19 for the Network Card with network
address 00242C5B50B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

**ken545** · 2012-01-25, 23:40

What I would do is run ESET again and this time have it remove what it finds

In case you need it

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes

box located at the bottom of OTL

Code:

:processes
killallprocesses


:OTL
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25990C16


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**Alecsull** · 2012-01-26, 19:16

Here's the ESET log:

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Program Files (x86)\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined
C:\Program Files (x86)\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Users\Alec\AppData\RoamingaZjcdj.exe Win32/Injector.JDE trojan cleaned by deleting - quarantined
C:\Users\Alec\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5553b092-516ca534 Win32/Injector.JDE trojan cleaned by deleting - quarantined
D:\Windows\System32\autochk.exe probably a variant of Win32/Agent.TKD trojan cleaned by deleting - quarantined

And here's the OTL log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
ADS C:\ProgramData\TEMP:25990C16 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alec\Desktop\cmd.bat deleted successfully.
C:\Users\Alec\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Alec
->Temp folder emptied: 5294624 bytes
->Temporary Internet Files folder emptied: 136246130 bytes
->Java cache emptied: 13219359 bytes
->FireFox cache emptied: 1180820453 bytes
->Google Chrome cache emptied: 336988236 bytes
->Flash cache emptied: 11636012 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2319784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 243 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,608.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_122839

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

**ken545** · 2012-01-26, 19:23

Great, how are things running now, any issues ?

**Alecsull** · 2012-01-27, 07:56

It's running pretty well! Fairly normal, other than those random problems with the volume/brightness and i havent tried updating but its not slowing down at any time, although that program is still taking up a bunch of CPU... C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438 Its in there and its called "stacsv64" Any idea what it is?

**ken545** · 2012-01-27, 14:03

Good morning,

The problem your having looks like its related to a bad HP driver
http://h30434.www3.hp.com/t5/Noteboo.../36882/page/15

Since we just do malware removal on this forum, post here at our sister site and they can help you resolve the volume issue, you can tell them you posted here and link them to this thread so they can see what we have done

http://forums.whatthetech.com/index.php?showforum=119

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**Alecsull** · 2012-01-29, 18:25

So I uninstalled the stuff you told me to and I restarted my comp but now my Internet is extremely slow, mostly unresponsive! What should I do? I'm using my iPod right now cause my comp won't get on the Internet And the CPU is going crazy.

**ken545** · 2012-01-29, 19:33

Try rebooting your system again, removing those tools with OTL should not effect your internet access, thats all it does is remove the tools.

Turn off your router, your cable or dsl modem and shut down your system, wait about 3 or 4 min for everything to close, then start your modem, once its up and running start your router, when its up and running start your computer

**Alecsull** · 2012-01-29, 20:08

Tried it, no difference. My Internet is running fine in general, even on my iPod and my rooommates comps but my computer says it's connected and won't even load google. On the random occasion a website does load, it takes forever. Symantec is saying "traffic has been blocked from this application: Hist Process for Windows Services (svchost.exe)". What do I do?!

**Alecsull** · 2012-01-29, 20:12

Correction: *host process

Thread: Possible Malware Infection

Thread Tools

Display

Posting Permissions