Jump to content

SVCHOST.EXE (Trojan Agent) Removal Help


Recommended Posts

Hi

When anti-malware starts I keep getting the message. "Malwarebytes' Antimalware has detected a malicious process attempting to start and has blocked the execution attempt. I've tried quarantining it, but it keeps coming back. For awhile, it was trying to connect to external ports, but anti-malware was blocking those connections as well. Any help would be greatly appreciated. Please see attach.txt and dds.txt. Thanks much.

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

It occurs to me that on a forum of this type folks might be a bit cautious about opening attachments, so the following are the results of dds.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Paul at 7:57:13 on 2012-01-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4008 [GMT -6:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Citrix\Secure Access Client\nsload.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\Paul\AppData\Local\Mozilla Firefox\firefox.exe

C:\Users\Paul\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: DownloadHelper Class: {ff2573ae-e1ed-40e1-83ba-f544cb2ee135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [sansaDispatch] C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-M9UTO.exe" /REG /REGSVRMODE

StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files (x86)\Citrix\Secure Access Client\nsload.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9774EFE1-8B36-498D-B0A7-1F6FAA9C7C16} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: DownloadHelper Class: {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-M9UTO.exe" /REG /REGSVRMODE

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8

FF - prefs.js: network.proxy.http - 200.215.47.25

FF - prefs.js: network.proxy.http_port - 4528

FF - prefs.js: network.proxy.type - 2

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll

FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll

FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npagee.dll

FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npagee64.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSviA64.sys [2012-1-6 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2010-8-4 96384]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 366640]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-5-18 130008]

R2 nsverctl;Citrix Secure Access Client Service;C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [2011-5-18 154776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-7 381248]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ctxva51;Citrix Virtual Adapter;C:\Windows\system32\DRIVERS\ctxva51.sys --> C:\Windows\system32\DRIVERS\ctxva51.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-18 2253120]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-30 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-30 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-08 13:34:13 709968 ----a-w- C:\Windows\is-M9UTO.exe

2012-01-04 13:35:36 20480 ----a-w- C:\Windows\svchost.exe

2011-12-19 15:37:28 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-19 15:37:22 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-19 15:37:18 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-19 15:37:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-19 15:37:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-19 15:37:03 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-10 18:06:19 53248 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-10 18:06:01 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-12-10 17:58:03 -------- d-----w- C:\Users\Paul\AppData\Roaming\Logishrd

.

==================== Find3M ====================

.

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-19 21:17:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 00:53:44 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 7:58:18.25 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Thanks. Here's the scan log:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-PC [administrator]

Protection: Enabled

1/11/2012 8:40:31 AM

mbam-log-2012-01-11 (08-28-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214826

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2120 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken

As far as behavior. MBAM is continually blocking access to potentially malicious websites. Multiple ports. I did try to have MBAM remove the infection, but to no avail. I really appreciate your time. Take care.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi and thx again. ComboFix log:

ComboFix 12-01-10.02 - Paul 01/11/2012 18:30:41.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3220 [GMT -6:00]

Running from: c:\users\Paul\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\security\Database\tmp.edb

c:\windows\svchost.exe

c:\windows\SysWow64\drivers\dfg.sys

c:\windows\SysWow64\FirewallInstallHelper.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))

.

.

2012-01-12 01:42 . 2012-01-12 01:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-11 03:00 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-01-11 03:00 . 2012-01-11 03:10 -------- d-----w- c:\program files (x86)\Real Deal UpGrade

2012-01-10 20:12 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 20:12 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 20:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-10 20:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-10 20:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 20:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-10 20:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-10 20:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-10 00:33 . 2012-01-10 00:33 -------- d-----w- c:\users\Paul\tmp

2012-01-09 22:05 . 2012-01-09 22:05 -------- d-----w- c:\program files\CPUID

2012-01-09 22:05 . 2011-09-21 16:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2012-01-04 13:35 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2011-12-19 15:37 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-19 15:37 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 15:37 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-19 15:37 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-19 15:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-19 15:37 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-07 11:51 . 2010-10-16 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-01-07 11:50 . 2011-01-01 12:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-01-07 11:49 . 2011-01-01 12:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-01-07 11:48 . 2010-10-16 16:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-10 21:24 . 2010-04-29 02:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-10 18:06 . 2011-12-10 18:06 53248 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-10 18:06 . 2011-12-10 18:06 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-11-19 21:17 . 2011-05-17 23:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 03:51 . 2011-11-26 04:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-11-08 03:51 . 2011-11-26 04:51 7581504 ----a-w- c:\windows\system32\nvcuda.dll

2011-11-08 03:51 . 2011-11-26 04:51 7042880 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-11-08 03:51 . 2011-11-26 04:51 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-11-08 03:51 . 2011-11-26 04:51 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-11-08 03:51 . 2011-11-26 04:51 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-11-08 03:51 . 2011-11-26 04:51 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-11-08 03:51 . 2011-11-26 04:51 24796992 ----a-w- c:\windows\system32\nvcompiler.dll

2011-11-08 03:51 . 2011-11-26 04:51 24742720 ----a-w- c:\windows\system32\nvoglv64.dll

2011-11-08 03:51 . 2011-11-26 04:51 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-11-08 03:51 . 2011-11-26 04:51 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-11-08 03:51 . 2011-11-26 04:51 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-11-08 03:51 . 2011-11-26 04:51 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-11-08 03:51 . 2011-11-26 04:51 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-11-08 03:51 . 2011-11-26 04:51 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-11-08 03:51 . 2011-11-26 04:51 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-11-08 03:51 . 2011-11-26 04:51 1543488 ----a-w- c:\windows\system32\nvdispco64.dll

2011-11-08 03:51 . 2011-11-26 04:51 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-11-08 03:51 . 2011-11-26 04:51 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-11-08 03:51 . 2011-11-26 04:51 12971328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-11-08 03:51 . 2011-02-27 18:20 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-11-08 03:51 . 2011-02-23 07:38 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-11-08 03:51 . 2011-02-23 07:38 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-11-08 03:51 . 2011-02-23 07:38 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-11-08 03:51 . 2011-02-23 07:38 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-11-08 03:51 . 2011-02-23 07:38 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-11-08 03:51 . 2011-01-08 02:48 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-11-08 03:51 . 2010-10-31 11:01 8792384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-11-08 00:53 . 2011-11-08 00:53 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-04 1242448]

"SansaDispatch"="c:\users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-22 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Impulse Now.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2010-9-15 2042088]

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2011-5-18 1520280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-30 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-30 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Paul\AppData\Local\Temp\GPU-Z.sys [x]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-21 43032]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120110.002\IDSvia64.sys [2011-08-23 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2010-08-04 96384]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2011-05-18 154776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-08 381248]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 13:05]

.

2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 13:05]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8

FF - prefs.js: network.proxy.http - 200.215.47.25

FF - prefs.js: network.proxy.http_port - 4528

FF - prefs.js: network.proxy.type - 2

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3145798524-2891152256-292567754-1000\Software\SecuROM\License information*]

"datasecu"=hex:b8,e3,60,1e,70,47,73,bc,da,44,82,a8,0c,27,c3,fd,64,2e,30,75,75,

17,0e,77,b1,30,bf,60,ad,d1,f1,db,a0,5c,c1,8a,40,74,d1,36,35,cc,64,9b,7f,b5,\

"rkeysecu"=hex:32,ba,2c,e8,e9,f5,97,91,73,0d,6d,f4,d6,81,80,b1

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-01-11 19:49:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-12 01:49

.

Pre-Run: 572,846,972,928 bytes free

Post-Run: 572,811,911,168 bytes free

.

- - End Of File - - C3F34208479F19D9296BD40F62B0AADD

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\
FF - prefs.js: network.proxy.http - 200.215.47.25
FF - prefs.js: network.proxy.http_port - 4528
FF - prefs.js: network.proxy.type - 2

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment

Link to post
Share on other sites

Unless you set FF to use a Proxy server, do this

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Link to post
Share on other sites

Got it to run. Did not make changes you recommended above as I just saw them. MBAM is still blocking access to potentially malicious websites. New ComboFix log:

ComboFix 12-01-12.02 - Paul 01/12/2012 8:41.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4188 [GMT -6:00]

Running from: c:\users\Paul\Desktop\ComboFix.exe

Command switches used :: c:\users\Paul\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))

.

.

2012-01-12 14:45 . 2012-01-12 14:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-12 14:45 . 2012-01-12 14:45 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-01-12 14:45 . 2012-01-12 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-11 03:00 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-01-11 03:00 . 2012-01-11 03:10 -------- d-----w- c:\program files (x86)\Real Deal UpGrade

2012-01-10 20:12 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 20:12 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 20:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-10 20:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-10 20:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 20:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-10 20:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-10 20:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-10 00:33 . 2012-01-10 00:33 -------- d-----w- c:\users\Paul\tmp

2012-01-09 22:05 . 2012-01-09 22:05 -------- d-----w- c:\program files\CPUID

2012-01-09 22:05 . 2011-09-21 16:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2011-12-19 15:37 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-19 15:37 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 15:37 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-19 15:37 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-19 15:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-19 15:37 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-07 11:51 . 2010-10-16 16:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-01-07 11:50 . 2011-01-01 12:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-01-07 11:49 . 2011-01-01 12:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-01-07 11:48 . 2010-10-16 16:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-10 21:24 . 2010-04-29 02:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-10 18:06 . 2011-12-10 18:06 53248 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-10 18:06 . 2011-12-10 18:06 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-11-19 21:17 . 2011-05-17 23:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 03:51 . 2011-11-26 04:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-11-08 03:51 . 2011-11-26 04:51 7581504 ----a-w- c:\windows\system32\nvcuda.dll

2011-11-08 03:51 . 2011-11-26 04:51 7042880 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-11-08 03:51 . 2011-11-26 04:51 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-11-08 03:51 . 2011-11-26 04:51 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-11-08 03:51 . 2011-11-26 04:51 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-11-08 03:51 . 2011-11-26 04:51 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-11-08 03:51 . 2011-11-26 04:51 24796992 ----a-w- c:\windows\system32\nvcompiler.dll

2011-11-08 03:51 . 2011-11-26 04:51 24742720 ----a-w- c:\windows\system32\nvoglv64.dll

2011-11-08 03:51 . 2011-11-26 04:51 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-11-08 03:51 . 2011-11-26 04:51 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-11-08 03:51 . 2011-11-26 04:51 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-11-08 03:51 . 2011-11-26 04:51 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-11-08 03:51 . 2011-11-26 04:51 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-11-08 03:51 . 2011-11-26 04:51 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-11-08 03:51 . 2011-11-26 04:51 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-11-08 03:51 . 2011-11-26 04:51 1543488 ----a-w- c:\windows\system32\nvdispco64.dll

2011-11-08 03:51 . 2011-11-26 04:51 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-11-08 03:51 . 2011-11-26 04:51 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-11-08 03:51 . 2011-11-26 04:51 12971328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-11-08 03:51 . 2011-02-27 18:20 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-11-08 03:51 . 2011-02-23 07:38 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-11-08 03:51 . 2011-02-23 07:38 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-11-08 03:51 . 2011-02-23 07:38 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-11-08 03:51 . 2011-02-23 07:38 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-11-08 03:51 . 2011-02-23 07:38 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-11-08 03:51 . 2011-01-08 02:48 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-11-08 03:51 . 2010-10-31 11:01 8792384 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-11-08 00:53 . 2011-11-08 00:53 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-12_01.44.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-09-17 16:07 . 2012-01-11 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-09-17 16:07 . 2012-01-12 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:54 . 2012-01-11 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-12 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-11 14:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-12 13:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-11 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-12 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-13 03:12 . 2012-01-12 13:30 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2010-05-13 03:12 . 2012-01-08 13:25 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2009-12-24 11:39 . 2012-01-12 13:15 53250 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-12 13:43 26536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-23 17:33 . 2012-01-12 13:43 19768 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3145798524-2891152256-292567754-1000_UserData.bin

- 2012-01-12 01:43 . 2012-01-12 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-12 14:47 . 2012-01-12 14:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-12 14:47 . 2012-01-12 14:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-12 01:43 . 2012-01-12 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:12 . 2012-01-11 14:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-01-12 13:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-01-12 01:42 276976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-12 14:46 276976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-04-28 02:53 . 2012-01-12 14:46 46833556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3145798524-2891152256-292567754-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-04 1242448]

"SansaDispatch"="c:\users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-22 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Impulse Now.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2010-9-15 2042088]

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2011-5-18 1520280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-30 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-30 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Paul\AppData\Local\Temp\GPU-Z.sys [x]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-21 43032]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120111.003\IDSvia64.sys [2011-08-23 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2010-08-04 96384]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2011-05-18 154776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-08 381248]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 13:05]

.

2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 13:05]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3145798524-2891152256-292567754-1000\Software\SecuROM\License information*]

"datasecu"=hex:b8,e3,60,1e,70,47,73,bc,da,44,82,a8,0c,27,c3,fd,64,2e,30,75,75,

17,0e,77,b1,30,bf,60,ad,d1,f1,db,a0,5c,c1,8a,40,74,d1,36,35,cc,64,9b,7f,b5,\

"rkeysecu"=hex:32,ba,2c,e8,e9,f5,97,91,73,0d,6d,f4,d6,81,80,b1

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-01-12 10:17:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-12 16:17

ComboFix2.txt 2012-01-12 01:49

.

Pre-Run: 571,704,315,904 bytes free

Post-Run: 571,626,827,776 bytes free

.

- - End Of File - - 9A074EF24AEEBF32AD0D2E6583C4184F

Link to post
Share on other sites

New MBAM Log. Also turned off proxy per instructions above. It may be worth noting this entry in proxy (greyed out now since proxy is turned off.) file://C:/Users/Paul/AppData/Local/Temp/arr_clt.pac. Don't know where this came from.

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.12.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-PC [administrator]

Protection: Enabled

1/12/2012 10:55:39 AM

mbam-log-2012-01-12 (10-55-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216001

Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3296 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

Will reboot and update re machine behavior.

Link to post
Share on other sites

Please download Dr.Web CureIt Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
    Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

Hi

I dowloaded and ran drweb-cureit. Which did this as a result of the express scan:

In this mode the following objects are scanned:

* Random access memory

* Boot sectors of all disks

* Startup objects

* Boot disk root directory

* Root directory of Windows installation disk

* Windows system folder

* User documents folder ("My documents")

* System temporary folder

* User temporary folder

It found this:

Process in Memory

c:\programfiles (x86) Norton Security Suite\ engine\5.1.0.29 \ccsvchst.exe 1248

Status

BackDoor.TSS 565

Action

Eradicated

The scan ran for quite awhile. I received no prompt to cure anything. Options to perform complete scans and or custom scans are greyed out. Will go to the DrWeb-Cureit site and downlaod a copy from here and try again:

https://www.freedrweb.com/download+cureit+free/?lng=en

Link to post
Share on other sites

Was able to complete a full scan. Output from DrWeb:

Process in memory: C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe:1248;;BackDoor.Tdss.565;Eradicated.;

pdburnsdk.dll;C:\Program Files (x86)\Rhapsody\modules;Trojan.Click2.1533;Deleted.;

Rebooted machine. MBAM is still blocking access to potentially malicious websites. Multiple ports, etc. Basically the same behavior as before. There is also cureot.log. Summary data from that log folows:

Scan statistics

-----------------------------------------------------------------------------

Scanned: 466328

Infected: 1

Modifications: 0

Suspicious: 0

Adware: 0

Dialers: 0

Jokes: 0

Riskware: 0

Hacktools: 0

Cured: 0

Deleted: 1

Renamed: 0

Moved: 0

Ignored: 0

Scan speed: 32 Kb/s

Scan time: 3:54:11

-----------------------------------------------------------------------------

=============================================================================

Total session statistics

=============================================================================

Scanned: 499010

Infected: 3

Modifications: 0

Suspicious: 0

Adware: 0

Dialers: 0

Jokes: 0

Riskware: 0

Hacktools: 0

Cured: 0

Deleted: 1

Renamed: 0

Moved: 0

Ignored: 0

Scan speed: 233 Kb/s

Scan time: 3:55:42

==================

Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Link to post
Share on other sites

Output from OTL.txt

OTL logfile created on: 1/12/2012 7:27:03 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.32% Memory free

11.98 Gb Paging File | 10.17 Gb Available in Paging File | 84.82% Paging File free

Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 531.65 Gb Free Space | 57.08% Space Free | Partition Type: NTFS

Drive K: | 1863.01 Gb Total Space | 1243.63 Gb Free Space | 66.75% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)

PRC - C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)

PRC - C:\Program Files\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)

PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - \\.\globalroot\systemroot\svchost.exe ()

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - \\.\globalroot\systemroot\svchost.exe ()

MOD - C:\Windows\SysWOW64\CTXFIRES.DLL ()

MOD - C:\Windows\SysWOW64\APOMngr.DLL ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV:64bit: - (nsverctl) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)

SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys (Symantec Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (ctxva51) -- C:\Windows\SysNative\drivers\ctxva51.sys (Citrix Systems, Inc.)

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys (Symantec Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys (Symantec Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys (Symantec Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)

DRV:64bit: - (cag) -- C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys (Citrix Systems, Inc.)

DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()

DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)

DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)

DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (NWUSBPort2) -- C:\Windows\SysNative\drivers\nwusbser2.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBPort) -- C:\Windows\SysNative\drivers\nwusbser.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBModem) -- C:\Windows\SysNative\drivers\nwusbmdm.sys (Novatel Wireless Inc.)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120111.003\IDSviA64.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120112.002\EX64.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120112.002\ENG64.SYS (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (SMSIVZAM5X64) -- c:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 04 01 F7 9C 15 CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.2.52.8: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.52.8: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/28 04:45:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/12 19:11:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Users\Paul\AppData\Local\Mozilla Firefox\components [2012/01/06 15:03:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Users\Paul\AppData\Local\Mozilla Firefox\plugins

[2012/01/12 19:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions

[2012/01/12 19:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\extensions

[2012/01/12 19:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjjoydep.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/30 06:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\no4p4gt0.default\extensions

[2009/12/30 06:13:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\no4p4gt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/01/12 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/06/14 16:18:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/15 05:04:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/05 12:08:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/21 06:00:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/15 05:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN

File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN

[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Citrix Access Gateway (Enabled) = C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npagee.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Paul\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/12 08:47:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (DownloadHelper Class) - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [sansaDispatch] C:\Users\Paul\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

O4 - HKCU..\Run: [steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)

O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9774EFE1-8B36-498D-B0A7-1F6FAA9C7C16}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 19:22:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe

[2012/01/12 13:11:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\DoctorWeb

[2012/01/12 10:40:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/01/12 10:17:33 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/01/12 08:38:57 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/01/12 07:39:34 | 004,381,405 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe

[2012/01/12 07:29:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/01/11 18:27:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/01/11 18:27:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/01/11 18:27:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2012/01/11 18:27:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/01/11 18:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/11 18:21:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/10 21:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Deal UpGrade

[2012/01/10 21:00:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Real Deal UpGrade

[2012/01/10 21:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Deal UpGrade

[2012/01/09 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\tmp

[2012/01/09 16:05:19 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys

[2012/01/09 16:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2012/01/09 16:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2012/01/07 04:52:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\meshes

[2009/06/04 02:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2009/06/04 02:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 19:22:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe

[2012/01/12 19:16:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/12 19:16:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/12 19:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/12 19:09:10 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/12 19:04:59 | 000,405,441 | ---- | M] () -- C:\Users\Paul\Desktop\bookmarks-2012-01-12.json

[2012/01/12 18:56:09 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-00000005-00311102}.rfx

[2012/01/12 18:56:09 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-00000005-00311102}.rfx

[2012/01/12 18:56:09 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-00000005-00311102}.rfx

[2012/01/12 17:57:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000UA.job

[2012/01/12 17:57:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3145798524-2891152256-292567754-1000Core.job

[2012/01/12 08:47:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/01/12 07:41:51 | 755,218,879 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/01/12 07:39:35 | 004,381,405 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe

[2012/01/10 22:02:17 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/01/10 22:02:17 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/10 22:02:17 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/10 22:02:06 | 000,772,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/10 20:03:12 | 000,870,128 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mcs.rma

[2012/01/10 20:03:12 | 000,000,004 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\FEBFAA

[2012/01/10 13:44:05 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk

[2012/01/09 16:30:10 | 000,001,774 | ---- | M] () -- C:\Users\Paul\Desktop\skse_loader.exe - Shortcut.lnk

[2012/01/09 16:05:20 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012/01/08 07:34:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/06 22:57:33 | 000,002,354 | ---- | M] () -- C:\Users\Paul\Desktop\Google Chrome.lnk

[2012/01/06 14:50:32 | 000,001,871 | ---- | M] () -- C:\Users\Paul\Desktop\Skyrim NPC Editor.exe - Shortcut.lnk

[2012/01/01 08:08:52 | 000,001,354 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/12/20 03:17:32 | 000,310,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 19:04:59 | 000,405,441 | ---- | C] () -- C:\Users\Paul\Desktop\bookmarks-2012-01-12.json

[2012/01/12 07:29:39 | 755,218,879 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/01/11 18:27:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/11 18:27:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/11 18:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/11 18:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/11 18:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/09 16:30:10 | 000,001,774 | ---- | C] () -- C:\Users\Paul\Desktop\skse_loader.exe - Shortcut.lnk

[2012/01/09 16:05:20 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2012/01/08 07:34:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/06 14:50:32 | 000,001,871 | ---- | C] () -- C:\Users\Paul\Desktop\Skyrim NPC Editor.exe - Shortcut.lnk

[2012/01/01 08:08:52 | 000,001,354 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/05/22 12:52:07 | 000,127,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/05/12 12:53:22 | 000,001,940 | ---- | C] () -- C:\Users\Paul\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/06 00:11:42 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011/03/04 19:04:25 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/03/04 19:04:23 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011/03/04 19:04:23 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/03/01 19:01:21 | 000,007,602 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg

[2011/02/19 10:34:52 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/08/02 17:25:39 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010/08/02 17:25:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010/06/15 16:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009/12/30 07:53:57 | 000,870,128 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\mcs.rma

[2009/12/30 07:53:57 | 000,000,004 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\FEBFAA

[2009/12/30 05:42:09 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/12/30 05:42:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/12/30 05:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/12/30 05:29:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/06/04 03:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2009/06/04 03:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009/06/04 02:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2009/06/04 02:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2009/06/04 02:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2009/06/04 02:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2009/05/27 11:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== LOP Check ==========

[2011/01/30 09:58:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Juniper Networks

[2011/02/19 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Kalypso Media

[2011/12/10 12:06:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech

[2011/05/19 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Lionhead Studios

[2010/04/17 12:42:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mount&Blade Warband

[2009/12/30 06:24:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera

[2011/04/29 08:24:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\picpick

[2010/04/09 15:51:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Red Alert 3

[2010/05/14 20:00:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\runic games

[2010/05/08 14:29:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SanDisk

[2010/06/25 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SEGA Corporation

[2011/05/29 05:00:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Smith Micro

[2010/09/17 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stardock

[2011/03/12 07:52:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SystemRequirementsLab

[2009/12/31 15:27:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\The Creative Assembly

[2011/08/18 11:34:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TS3Client

[2011/08/18 11:32:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ts3overlay

[2010/03/24 14:00:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\webex

[2011/12/29 05:14:51 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/01/12 10:17:32 | 000,023,356 | ---- | M] () -- C:\ComboFix.txt

[2012/01/12 19:09:10 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/12 19:09:20 | 2142,240,767 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2011/05/18 13:38:44 | 000,000,221 | -HS- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2012/01/12 07:39:35 | 004,381,405 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe

[2012/01/12 19:22:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

[2011/11/25 23:03:12 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk

[2011/11/25 23:03:12 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log

[2011/06/23 07:20:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs

[2011/06/23 07:20:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2011/06/23 07:22:24 | 000,000,402 | -HS- | M] () -- C:\Users\Paul\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 56405 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >

__________________________________Output from Extras.txt________________________________________________

OTL Extras logfile created on: 1/12/2012 7:27:03 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.32% Memory free

11.98 Gb Paging File | 10.17 Gb Available in Paging File | 84.82% Paging File free

Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 531.65 Gb Free Space | 57.08% Space Free | Partition Type: NTFS

Drive K: | 1863.01 Gb Total Space | 1243.63 Gb Free Space | 66.75% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Users\Paul\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BAB6BEB-8377-4474-8C1C-80DF8A865431}" = Diskeeper 2009 Professional

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.79

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.4

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BE4A40AC-FCF5-47F9-BAA7-D68346FBE1E3}" = Citrix Access Gateway Plug-in

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"sp6" = Logitech SetPoint 6.32

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{17237540-33FF-47B3-A770-3201222841B4}" = Standalone Topic Player

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{44397CF9-315D-4535-8585-DCD2EE47B966}" = Opera 10.62

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63262DED-CF79-4B7D-AE38-7E02922E13A4}" = Cisco WebEx Meeting Center for Internet Explorer

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager

"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A03775BE-8AC6-4E8E-A80A-D112E373D6E2}" = Movie Joiner v4

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit

"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet

"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI

"{DAA33CB8-54ED-4040-96F4-D48F70D6761C}" = IE Download Helper

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"ALchemy" = Creative ALchemy

"AudioCS" = Creative Audio Control Panel

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Console Launcher" = Creative Console Launcher

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"EA Download Manager" = EA Download Manager

"EASEUS Data Recovery Wizard 5.0.1_is1" = EASEUS Data Recovery Wizard 5.0.1

"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6

"Fraps" = Fraps

"GameSpy Arcade" = GameSpy Arcade

"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Impulse" = Impulse

"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0

"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"N360" = Norton Security Suite

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PicPick" = PicPick

"PunkBusterSvc" = PunkBuster Services

"Real Deal UpGrade" = Real Deal UpGrade

"RegZooka" = RegZooka 2.84

"Rhapsody" = Rhapsody

"Rockstar Games Social Club" = Rockstar Games Social Club

"StarCraft II" = StarCraft II

"Steam App 110800" = L.A. Noire: The Complete Edition

"Steam App 20920" = The Witcher 2

"Steam App 21970" = R.U.S.E

"Steam App 22300" = Fallout 3

"Steam App 22380" = Fallout: New Vegas

"Steam App 22814" = Arcania Gothic 4 - Prima Official Strategy Guide

"Steam App 22892" = Hunted: Demon's Forge Prima Official Strategy Guide

"Steam App 24400" = King Arthur - The Role-playing Wargame

"Steam App 24980" = Mass Effect 2

"Steam App 28050" = Deus Ex: Human Revolution

"Steam App 39160" = Dungeon Siege III

"Steam App 47900" = Dragon Age II

"Steam App 55370" = Saints Row: The Third - Initiation Station

"Steam App 620" = Portal 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 7520" = Two Worlds II

"SystemRequirementsLab" = System Requirements Lab

"Venetica_is1" = Venetica

"VLC media player" = VLC media player 1.0.3

"WaveStudio 7" = Creative WaveStudio 7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/6/2011 11:03:24 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/7/2011 8:41:04 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/11/2011 10:39:29 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/11/2011 10:29:21 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3007

Description =

Error - 5/12/2011 11:47:14 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/13/2011 9:10:35 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/13/2011 9:24:06 PM | Computer Name = Paul-PC | Source = Application Error | ID = 1000

Description = Faulting application name: vlc.exe, version: 1.0.3.0, time stamp:

0x4aeacbb7 Faulting module name: vlc.exe, version: 1.0.3.0, time stamp: 0x4aeacbb7

Exception

code: 0xc0000005 Fault offset: 0x000016e2 Faulting process id: 0x11d8 Faulting application

start time: 0x01cc11d59b7a6d93 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Faulting

module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: dbb032f2-7dc8-11e0-9d43-001fbc0834cb

Error - 5/14/2011 9:54:25 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/18/2011 7:35:28 AM | Computer Name = Paul-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ccSvcHst.exe, version: 10.1.0.37, time

stamp: 0x4cec5876 Faulting module name: MSVCR90.dll, version: 9.0.30729.4926, time

stamp: 0x4a1743c1 Exception code: 0xc0000005 Fault offset: 0x00036eae Faulting process

id: 0xaac Faulting application start time: 0x01cc154fa28a2780 Faulting application

path: C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe

Faulting

module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll

Report

Id: edb225a6-8142-11e0-af54-001fbc0834cb

Error - 5/18/2011 8:31:46 AM | Computer Name = Paul-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

[ Cisco AnyConnect VPN Client Events ]

Error - 1/12/2012 9:11:25 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp

Line:

344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:25 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp

Line:

815 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:25 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp

Line:

253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780

(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:25 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp

Line:

1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780

(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp

Line:

815 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp

Line:

253 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780

(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp

Line:

1149 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780

(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp

Line:

976 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363

(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could

not contact target

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

812 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)

Description:

NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 1/12/2012 9:11:33 PM | Computer Name = Paul-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

189 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)

Description:

NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ Media Center Events ]

Error - 1/6/2012 9:15:01 AM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 7:15:01 AM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 1/6/2012 9:15:02 AM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 7:15:01 AM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 1/6/2012 9:15:02 AM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 7:15:02 AM - Failed to retrieve Broadband (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 1/6/2012 7:38:52 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:52 PM - Failed to retrieve Directory (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 1/6/2012 7:38:54 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:54 PM - Failed to retrieve NetTV (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 1/6/2012 7:38:54 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:54 PM - Failed to retrieve MCESpotlight (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 1/6/2012 7:38:55 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:55 PM - Failed to retrieve MCEClientUX (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 1/6/2012 7:38:56 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:55 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

Error - 1/6/2012 7:38:56 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:56 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 1/6/2012 7:39:11 PM | Computer Name = Paul-PC | Source = MCUpdate | ID = 0

Description = 5:38:56 PM - Failed to retrieve Broadband (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 4 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 6 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 3 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 7 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 5 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:14 PM | Computer Name = Paul-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 1 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 1/12/2012 9:09:24 PM | Computer Name = Paul-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:07:10 PM on ?1/?12/?2012 was unexpected.

Error - 1/12/2012 9:09:33 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/12/2012 9:11:44 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1326 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 1/12/2012 9:11:44 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.