C:\Windows\svchost.exe.Trojan.Agent causing blue screen and random crashes do not know how to fix

Jay Pfoutz · Nov 10, 2012

Good job!

Norman Malware Cleaner

Please download Norman Malware Cleaner and save to your desktop.
alternate download link

Double-click on Norman_Malware_Cleaner.exe to start the program.

Read the End User License Agreement and click the Accept button to open the scanning window.

Click Start Scan to begin.

In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.

After the scan has finished, a log file with the date (I.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

rlhartzell · Nov 13, 2012

Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.
Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1850, Date: 2012/11/12 08:40:57, Variants: 15355348
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 19:00:00, Variants: 0
Operating System: Windows 7 Service Pack 1 x64
Switches: /iagree
Scan started: 2012/11/13 01:24:42
Running pre-scan cleanup routine...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
Scanning running processes and process memory...
Number of objects found: 1499
Number of objects scanned: 1499
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 41s
Scanning system for FakeAV...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s
Running full scan...
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Norton\00000082\00000123\000005e0\cltLMS1.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\00000082\00000123\000005e0\cltLMS2.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccGEvt\Global\LM2.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccGLog\ccGenericLog.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccJobMgr\JobMgr.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccJobMgr\JobMgr.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\1eb57a9d-0a4c-44e2-98a4-db11d36dd9bb.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\3b6138df-731f-4692-b706-90357bce634a.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\47ffc7aa-e82b-4626-8354-eefe902fe2b2.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\4f980fae-bfd9-4d5c-8f6d-cafffa491cbe.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\84b542e4-ce8f-4e25-89bc-6f5671b9391e.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\b881f91b-53b3-4d49-a251-2e8c5a4e330a.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\ffa870fc-24a8-4c4a-836f-ca7c009389d0.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\settings_6.4.0.9.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\Volatile.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\ccSetMgr\Volatile.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\EMPxyOpt.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_ICFMGR_{F34173A0-C9EA-45ab-B832-29D35E6D04EC}G: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_RDRPluginG: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_NPC.Tray.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}1: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_ISDATAPR_{FF9AC67A-E394-46ae-B150-B3365343F166}G: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_SvcMgr-A2B50D70-5EA1-45a0-A983-0DB9E7101676G: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_UI.Host.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}1: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}1: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\CmnClnt\_lck\_SNDPluginG: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Connections\connectn.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\diStRptr\diStRptr.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\diStRptr\diStRptr.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{05DD78B7-77A1-4393-888E-D8EC961A3B19}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{0693F93A-DEFD-22EE-B444-87D156D89593}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{1EC30809-4D73-45e5-9FB7-4556BF2591F7}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{2F090208-20DC-42f0-BBD8-B68B472F7215}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{352A29CB-F796-4122-A5C1-F8001F96A569}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{511C2222-DEFD-22EE-B154-4A6A546B9793}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{5779E169-C4E2-4487-B4B1-55A24863F4C6}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{591D2F72-6BF6-4E6D-AEE1-2C53200DE57E}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{591D2F72-BEEF-4E6D-AEE1-2C53200DE57E}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{59414fa6-c6d4-4c78-a752-b677cbdd3c6b}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{5B2B85BE-2999-486f-87D2-CEFAEA5984A2}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{5BD0D294-A689-4606-B58C-47A511ED1C14}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{5BD0D294-BEEF-4606-B58C-47A511ED1C14}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{5DE264E3-CED0-4cee-B206-6D287630A7B9}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{64A1EE4A-948D-4bd0-A3E6-9D6BF96DF72A}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{65190544-26C3-43a4-A78A-694964901607}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{691538C6-034F-4d32-9A14-A53B8BAF68AF}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{69EDD4E1-116E-4773-A0AC-C59945720C2A}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{6A585666-3EAE-44c3-8821-711CCE3F2873}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{6C76977D-A5FD-452b-AAAF-51799B8EA9B4}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{6C817099-B8B4-4137-A53F-68B7EA75EC55}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{70623C4D-BEEF-4025-91D1-3307B948E7DD}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{7C40284F-C1DE-459c-A195-6D854DB8C783}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{89E020E9-BE3E-40cc-9C00-66A3FBA23106}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{93545EED-DE0A-4efa-B44D-68C5CBF1D4F7}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{98A25227-3754-475b-B325-D658972C6E98}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{9BDDC6E8-4FBD-4449-A8CC-142376A325D5}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{70623C4D-9D8A-4025-91D1-3307B948E7DD}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{9F920DB1-1600-4bba-817B-A4F33B0607D1}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{A96E24EE-101F-4f7f-887C-30680DCFF3E4}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{D418C996-433A-42df-8D3C-E1A24C0AD3C0}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{DEC5A7DC-730A-4eff-89E6-DCEEC5DB5287}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{E644497C-3550-4a24-B153-CB0F7A64ADFD}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{E6941702-E564-4caf-84E1-572AEB95826F}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{E8827B4A-4F58-4dea-8C93-07B32A63D1C5}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{F9AF8C8D-BEEF-40db-A228-0F22ECC66E88}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{E8827B4A-BEEF-4dea-8C93-07B32A63D1C5}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{F9AF8C8D-DED9-40db-A228-0F22ECC66E88}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{FF3D8359-103B-1175-AD36-D479E4BBE107}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\DuLuCbkPkg\{FD0D6765-46D2-4399-82E1-8E9D500823F8}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Framework\O2Reg.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Framework\oxygen.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Framework\SpocSelfTune.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\bash.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\ClientIDS.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\DAAlert.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\DADown.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\LU.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\NasState.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\nco2.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\Performance.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Logs\SymNetDrv.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Lue\LueDyn.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Lue\LueDyn.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\LuReg\{648D9F44-15C3-4554-9624-36BEA55E1B88}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\LuReg\{82E8AF44-7C45-42a1-B9D5-A531BEEA7C9E}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\LuReg\{C6EC303F-DEB3-4b76-AA4A-652A7641B359}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\LuReg\{D06948D5-FB30-4721-9983-45F86F6D2D85}.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NCO\IDD2.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NPC\InstOpts.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NPC\Settings.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NPC\Support.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NUM\Settings.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\NUM\Settings.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\asDynam.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\Backup.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\BackupProvider.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\BackupSettings.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\CAVDNode.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\CAVDNode.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\cltDynam.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\cltDynam.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\depend.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\Layout.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\LCset.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\LCset.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\OEM.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\ProdExcl.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\set-priv.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\set-priv.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\TuneupElements.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\User.dat: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Product\User.dat.log: Error opening file for read: 0x00000020
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\SRTSP\SrtspSet.dat: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\TDSSKiller_Quarantine\07.11.2012_17.11.12\mbr0000\tdlfs0000\tsk0001.dta: File infected with doslegacy/Suspicious_Gen4.BLGIU
Delete file: C:\TDSSKiller_Quarantine\07.11.2012_17.11.12\mbr0000\tdlfs0000\tsk0001.dta
Cleaning successful
C:\Users\Sunshine\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{59520D1C-2CEC-11E2-97A7-E4D53DFA1BDB}.dat: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{00361FB4-2D59-11E2-97A7-E4D53DFA1BDB}.dat: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{17603CE7-2D59-11E2-97A7-E4D53DFA1BDB}.dat: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B947153-196C-46FB-ADFD-F3A5C28468F5}.tmp: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{426ABF17-8194-4A41-A089-8D33FBAF49F8}.tmp: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43BE70E5-AD93-4E75-A2CA-6E78B923409F}.tmp: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B3CA5589-1A5C-4687-A965-D7B5A1849229}.tmp: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FBE2DE4A-AC9D-4DF8-A92C-DA038848F8D8}.tmp: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF0DE1C6154EE11F3F.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF2008890BF79A52F0.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF27FA4F2C8C11C39F.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF421F2C0454239F6A.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF686A43B267B467E2.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF71A6B8AFF385886D.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF8F3C268A5A5A2BD9.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF91441ADBD8E40B61.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF9A757BCF47724B6A.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF9C7EEC2D47487F12.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DF9DDBD64E1F6B73A7.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFA16E182DFBC57B96.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFA59365BE4651FCCA.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFB63671D8721EB67A.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFDC137E67B6C5731B.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFDD2A9EE920F6AD6A.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\AppData\Local\Temp\~DFEFE04662628C2955.TMP: Error opening file for read: 0x00000020
C:\Users\Sunshine\Desktop\aswMBR.exe: File infected with winpe/Rootkit.EODN
C:\Users\Sunshine\Desktop\dds.com: File infected with winpe/Rootkit.ENZD
Delete file: C:\Users\Sunshine\Desktop\aswMBR.exe
Delete file: C:\Users\Sunshine\Desktop\dds.com
Cleaning successful
Cleaning successful
C:\Users\Sunshine\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\Sunshine\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Sunshine\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\240b0879e9732eb0d5b95dc2541d4a91d7a252a6.HomeGroupClassifier\7828bd1b927daee4ca98f5985ee0ba8c\grouping\db.mdb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\240b0879e9732eb0d5b95dc2541d4a91d7a252a6.HomeGroupClassifier\7828bd1b927daee4ca98f5985ee0ba8c\grouping\edb.log: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\240b0879e9732eb0d5b95dc2541d4a91d7a252a6.HomeGroupClassifier\7828bd1b927daee4ca98f5985ee0ba8c\grouping\tmp.edb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\default: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\sam: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\security: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\software: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\system: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTAdmin_PS_Provider.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020
Number of files found: 142422
Number of archives unpacked: 4248
Number of objects found: 678253
Number of objects scanned: 678058
Number of objects not scanned: 195
Number of malicious objects found: 3
Number of malicious objects cleaned: 3
Number of malicious files found: 3
Number of malicious files cleaned: 3
Scanning time: 1h 17m 19s
Running post-scan cleanup routine...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
Results:
Total number of files found: 142422
Total number of archives unpacked: 4248
Total number of objects found: 679752
Total number of objects scanned: 679557
Total number of objects not scanned: 195
Total number of malicious objects found: 3
Total number of malicious objects cleaned: 3
Total number of malicious files found: 3
Total number of malicious files cleaned: 3
Total number of objects quarantined: 3
Total scanning time: 1h 18m 0s

Jay Pfoutz · Nov 13, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer

Error messages

Fake antivirus alerts or the icon in the system tray

svchost.exe running at 100%

System crashes or blue screen of death

rlhartzell · Nov 15, 2012

My computer does run slow. I have a lot of problems with internet explorer. It constantly wants to shut down and claims there is an error. I believe it states something about the internet connection not being found. Usually refreshing the page and it will load but I have to do this several times throughout my time on the computer. When on facebook, I have problems with adobe... If I am playing a game it will suddenly quit and tell me to get the newest version but when I go to the page it states that I have the newest version. Since you have been helping me I have not had the system crashes or the blue screen of death. I am not sure what else to say. Just loading pages takes forever, and there is something wrong with the bluetooth connectivity. I get an error message about it. Do I really need the bluetooth? Let me know if there is anything else you need. Thank you!!!

Jay Pfoutz · Nov 15, 2012

I want to take an external look if we can...

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to the disclaimer.

Place a check next to List Drivers MD5 as well as the default check marks that are already there

Press Scan button. It will do its scan and save a log on your flash drive.

Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.

Type exit in the Command Prompt window and reboot the computer normally

FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

rlhartzell · Nov 15, 2012

Hello
I have tried to do the following request, but I cannot get it to run. when I get to the command prompt screen and type in h:\frst.exe it states is not recognized as an internal or external command.
Is there something that I am doing wrong or should try differently?
Thank you!!

Jay Pfoutz · Nov 16, 2012

When you get to the Command Prompt screen, type Notepad to open Notepad.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

rlhartzell · Nov 18, 2012

Hello
I just wanted to let you know that I had a family emergency but I will try to get that scan done today sometime. Also I did switch the letter e to the letter h that my computer was showing it to be. Should I download the download from a non infected ccomputer first and then try it on the infected computer?
Thank you,
Becky

Jay Pfoutz · Nov 18, 2012

Yes do that. Will wait.

rlhartzell · Nov 21, 2012

I just wanted to check in and let you know that I have not forgotten. Things did not turn out how I wanted. I am downloading now and will try to perform the scan again.

rlhartzell · Nov 21, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 21-11-2012 23:43:56
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKU\Kiddos\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-27] (Google Inc.)
HKU\Kiddos\...\Policies\system: [LogonHoursAction] 2
HKU\Kiddos\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kiddos.Sunshine-HP\...\Run: [EPSON NX330 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\KIDDOS~1.SUN\AppData\Local\Temp\E_S3340.tmp" /EF "HKCU" [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\Kiddos.Sunshine-HP\...\Policies\system: [LogonHoursAction] 2
HKU\Kiddos.Sunshine-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sunshine\...\Policies\system: [LogonHoursAction] 2
HKU\Sunshine\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Services (Whitelisted) ===================
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1328736 2012-09-24] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [656480 2012-09-24] (Secunia)
==================== Drivers (Whitelisted) =====================
3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
3 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
3 BTWDPAN; C:\Windows\System32\Drivers\BTWDPAN.sys [89640 2011-09-20] (Broadcom Corporation.)
3 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-18] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
3 HP8207_8307; C:\Windows\System32\Drivers\HP8207_8307.sys [15360 2010-02-04] (Windows (R) Win 7 DDK provider)
3 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121121.001\IDSvia64.sys [513184 2012-10-30] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121121.016\ENG64.SYS [126112 2012-11-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121121.016\EX64.SYS [2084000 2012-11-21] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
3 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
3 SymDS; C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
3 SymEFA; C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-16] (Symantec Corporation)
3 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)
3 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-16 17:19 - 2012-11-16 17:19 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Hewlett-Packard
2012-11-16 16:09 - 2012-11-16 16:09 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-16 16:06 - 2012-11-16 16:06 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-15 19:59 - 2012-11-15 19:59 - 00000000 ____D C:\FRST
2012-11-15 11:14 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 11:14 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 11:14 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 11:14 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 11:08 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 11:08 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 11:08 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 11:08 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 11:08 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 11:08 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 11:08 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 11:08 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 11:08 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 11:08 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 11:08 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 11:08 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 11:08 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 11:08 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 11:08 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 11:08 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 11:08 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 11:08 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 11:08 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 11:08 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 11:08 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 11:08 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 11:08 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 11:08 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 11:08 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 11:08 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 11:08 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 11:08 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 11:08 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 11:08 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 11:08 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 11:08 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 11:05 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 11:05 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 11:05 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 11:05 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 11:05 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 11:05 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 11:05 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 11:05 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-15 09:56 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-15 09:56 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-15 09:56 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 09:56 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-15 09:56 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-15 09:56 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-15 09:56 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-15 09:56 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-15 09:56 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-15 09:56 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-15 09:56 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-15 09:56 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-15 09:56 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-15 09:56 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-15 09:56 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-15 09:56 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-15 09:56 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-15 09:55 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-15 09:55 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 16:28 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Adobe
2012-11-12 22:24 - 2012-11-12 23:42 - 00058344 ____A C:\Users\Sunshine\Desktop\Nmc_2012-11-13_01-24-42.log
2012-11-12 22:24 - 2012-11-12 22:24 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Norman Malware Cleaner
2012-11-12 22:13 - 2012-11-12 22:24 - 217393728 ____A (Norman ASA) C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
2012-11-12 13:35 - 2012-11-12 13:35 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Games
2012-11-12 13:34 - 2012-11-21 13:48 - 00108816 ____A C:\Users\Kiddos.Sunshine-HP\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-10 10:12 - 2012-11-10 10:33 - 00000000 ____D C:\Users\Sunshine\Documents\alphabet for trenton
2012-11-10 08:18 - 2012-11-10 08:18 - 00008398 ____A C:\Users\Sunshine\Desktop\HitmanPro_20121110_1118.log
2012-11-10 08:13 - 2012-11-10 08:13 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-11-10 08:12 - 2012-11-10 08:13 - 09015072 ____A (SurfRight B.V.) C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
2012-11-09 18:25 - 2012-11-09 18:25 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan (2).txt
2012-11-09 18:10 - 2012-11-09 18:11 - 00930691 ____A C:\Users\Sunshine\Desktop\gfd.txt
2012-11-09 03:11 - 2012-11-09 03:11 - 00000963 ____A C:\Users\Sunshine\Desktop\kaspersky 11912.txt
2012-11-09 00:00 - 2012-11-09 00:00 - 00263236 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-11-08 04:30 - 2012-11-08 04:30 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-11-08 04:15 - 2012-11-08 04:29 - 143004736 ____A C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
2012-11-07 14:27 - 2012-11-09 18:25 - 00002760 ____A C:\Users\Sunshine\Desktop\aswMBR.txt
2012-11-07 14:27 - 2012-11-07 14:27 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan.txt
2012-11-07 14:14 - 2012-11-07 14:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-07 14:10 - 2012-11-07 14:11 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Sunshine\Desktop\tdsskiller.exe
2012-11-07 05:26 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-06 14:12 - 2012-11-06 14:12 - 00021796 ____A C:\ComboFix.txt
2012-11-06 13:59 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-06 13:59 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-06 13:59 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-06 13:59 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-06 13:59 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-06 13:59 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-06 13:59 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-06 13:59 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-06 13:56 - 2012-11-06 14:12 - 00000000 ____D C:\Qoobox
2012-11-06 13:55 - 2012-11-06 14:10 - 00000000 ____D C:\Windows\erdnt
2012-11-06 13:54 - 2012-11-06 13:55 - 04997881 ____R (Swearware) C:\Users\Sunshine\Desktop\ComboFix.exe
2012-11-06 05:38 - 2012-11-06 05:38 - 00025881 ____A C:\Users\Sunshine\Desktop\dds.txt
2012-11-06 05:38 - 2012-11-06 05:38 - 00019449 ____A C:\Users\Sunshine\Desktop\attach.txt
2012-11-06 05:34 - 2012-11-06 05:34 - 00000411 ____A C:\Users\Sunshine\Desktop\gmer.log
2012-11-06 05:09 - 2012-11-06 05:11 - 00302592 ____A C:\Users\Sunshine\Desktop\f04bhlw2.exe
2012-11-06 04:14 - 2012-11-06 05:10 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill 110612.txt
2012-11-05 10:59 - 2012-11-05 10:59 - 02434048 ____A C:\Users\Sunshine\Downloads\msxml.msi
2012-11-05 10:11 - 2012-11-05 10:43 - 00007597 ____A C:\Users\Sunshine\AppData\Local\Resmon.ResmonCfg
2012-11-05 09:39 - 2012-11-05 09:39 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-04 20:41 - 2012-11-04 20:41 - 00036507 ____A C:\Users\Sunshine\Desktop\sfcdetails.txt
2012-11-04 19:58 - 2012-11-06 04:31 - 00000000 ____D C:\Windows\pss
2012-11-04 19:53 - 2012-11-04 19:53 - 00266288 ____A C:\Windows\Minidump\110412-20264-01.dmp
2012-11-04 19:04 - 2012-11-04 19:06 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Sunshine\Desktop\mbam-setup.exe
2012-11-04 19:03 - 2012-11-04 19:03 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\Sunshine\Desktop\rkill.com
2012-11-04 18:46 - 2012-11-04 18:59 - 68897872 ____A (Microsoft Corporation) C:\Users\Sunshine\Downloads\mpam-fe.exe
2012-11-04 18:36 - 2012-11-04 18:36 - 00266288 ____A C:\Windows\Minidump\110412-24102-01.dmp
2012-11-04 00:58 - 2012-11-04 00:58 - 00002259 ____A C:\Users\Sunshine\Desktop\Google Chrome.lnk
2012-11-03 21:57 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-03 21:57 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-03 21:57 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2012-11-03 21:57 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-03 21:57 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-03 21:57 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-03 21:57 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-03 21:57 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-03 21:57 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-03 21:57 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-03 21:57 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-03 21:57 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-03 21:57 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-03 21:57 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-03 21:57 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-03 21:57 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-03 21:57 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-03 21:57 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-03 21:57 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-03 21:57 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-03 21:57 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-03 21:57 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-03 21:57 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-03 21:57 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-03 21:57 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-03 21:53 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-03 21:53 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-03 21:53 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-03 21:53 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-03 21:53 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-03 21:53 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-03 21:53 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-03 21:53 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-03 21:53 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-03 21:53 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-11-03 21:53 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-11-03 21:48 - 2012-11-03 21:48 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2012-11-03 20:54 - 2012-11-03 20:54 - 00262144 ____A C:\Windows\Minidump\110412-38766-01.dmp
2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Secunia PSI
2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-11-03 20:32 - 2012-11-03 20:32 - 00262144 ____A C:\Windows\Minidump\110412-26036-01.dmp
2012-11-03 19:43 - 2012-11-03 19:43 - 00000048 ____A C:\Users\Sunshine\AppData\Roaming\mbam.context.scan
2012-11-03 19:41 - 2012-11-04 19:06 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-03 19:41 - 2012-11-04 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Malwarebytes
2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-03 19:41 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-03 19:32 - 2012-11-06 04:14 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill.txt
2012-11-03 19:32 - 2012-11-03 19:42 - 00000000 ____D C:\Users\Sunshine\Desktop\rkill
2012-11-03 16:41 - 2012-11-03 16:41 - 00000000 ____D C:\Users\Sunshine\Documents\Autoruns
2012-11-03 16:18 - 2012-11-03 16:18 - 00000000 ____D C:\Users\Sunshine\Documents\Symantec
2012-11-03 16:15 - 2012-11-03 16:15 - 00262144 ____A C:\Windows\Minidump\110312-36987-01.dmp
2012-11-02 17:11 - 2012-11-02 17:11 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-11-02 17:11 - 2012-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-02 17:06 - 2012-11-21 20:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-02 17:06 - 2012-11-07 18:14 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-02 17:06 - 2012-11-07 18:14 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-01 19:11 - 2012-11-01 19:11 - 00000134 ____A C:\Users\Sunshine\Desktop\Microsoft Fix it.url
2012-11-01 18:03 - 2012-11-01 18:03 - 00262144 ____A C:\Windows\Minidump\110112-19515-01.dmp
2012-11-01 12:52 - 2012-11-19 14:16 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForSunshine.job
2012-11-01 11:23 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Adobe
2012-11-01 11:23 - 2012-11-07 13:04 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Google
2012-11-01 11:23 - 2012-11-01 12:33 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Google
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Synaptics
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Macromedia
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\hpqLog
2012-11-01 11:22 - 2012-11-20 12:24 - 00001234 _RASH C:\Users\Kiddos.Sunshine-HP\ntuser.pol
2012-11-01 11:22 - 2012-11-20 12:24 - 00000000 ____D C:\users\Kiddos.Sunshine-HP
2012-11-01 11:22 - 2012-11-01 11:22 - 00000020 ___SH C:\Users\Kiddos.Sunshine-HP\ntuser.ini
2012-11-01 11:22 - 2012-11-01 11:22 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\VirtualStore
2012-11-01 11:22 - 2012-04-11 18:01 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Help
2012-10-31 09:33 - 2012-10-31 09:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\{4619D3FA-A7E4-4EA1-993F-2CF2C632768F}
2012-10-30 19:14 - 2012-10-30 19:14 - 00262144 ____A C:\Windows\Minidump\103012-29827-01.dmp
2012-10-29 18:47 - 2012-10-29 18:47 - 00000000 ____D C:\Windows\Sun
2012-10-29 10:43 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Google
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Synaptics
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Macromedia
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\hpqLog
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Adobe
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Google
2012-10-29 10:42 - 2012-10-29 10:42 - 00000000 ____D C:\Users\Kiddos\AppData\Local\VirtualStore
2012-10-29 10:41 - 2012-10-31 16:50 - 00000000 ____D C:\users\Kiddos
2012-10-29 10:41 - 2012-04-11 18:01 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Microsoft Help
2012-10-29 08:00 - 2012-11-20 12:24 - 00000632 _RASH C:\Users\Sunshine\ntuser.pol
2012-10-24 20:14 - 2012-11-04 19:53 - 00000000 ____D C:\Windows\Minidump
2012-10-24 20:14 - 2012-11-04 19:52 - 631130791 ____A C:\Windows\MEMORY.DMP
2012-10-24 20:14 - 2012-10-24 20:14 - 00262144 ____A C:\Windows\Minidump\102512-24944-01.dmp
2012-10-23 21:36 - 2012-10-23 21:36 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-22 03:10 - 2012-11-19 14:16 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForSUNSHINE-HP$.job
==================== One Month Modified Files and Folders =======
2012-11-21 20:40 - 2011-10-30 00:33 - 01643990 ____A C:\Windows\WindowsUpdate.log
2012-11-21 20:39 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-21 20:38 - 2012-11-02 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-21 20:38 - 2012-08-27 12:07 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-21 20:16 - 2012-02-22 19:00 - 00000000 ____D C:\Users\Sunshine\AppData\Local\CrashDumps
2012-11-21 20:12 - 2012-09-26 11:07 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001UA.job
2012-11-21 18:31 - 2012-08-27 12:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-21 13:48 - 2012-11-12 13:34 - 00108816 ____A C:\Users\Kiddos.Sunshine-HP\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-21 13:40 - 2012-09-26 11:07 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001Core.job
2012-11-20 20:43 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-20 20:43 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-20 20:35 - 2010-11-20 19:47 - 00907542 ____A C:\Windows\PFRO.log
2012-11-20 20:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 20:35 - 2009-07-13 20:51 - 00055316 ____A C:\Windows\setupact.log
2012-11-20 20:26 - 2012-03-02 04:18 - 00000000 ____D C:\Program Files (x86)\Coupons
2012-11-20 12:24 - 2012-11-01 11:22 - 00001234 _RASH C:\Users\Kiddos.Sunshine-HP\ntuser.pol
2012-11-20 12:24 - 2012-11-01 11:22 - 00000000 ____D C:\users\Kiddos.Sunshine-HP
2012-11-20 12:24 - 2012-10-29 08:00 - 00000632 _RASH C:\Users\Sunshine\ntuser.pol
2012-11-20 12:24 - 2012-02-21 18:54 - 00000000 ____D C:\users\Sunshine
2012-11-19 14:16 - 2012-11-01 12:52 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForSunshine.job
2012-11-19 14:16 - 2012-10-22 03:10 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForSUNSHINE-HP$.job
2012-11-16 17:19 - 2012-11-16 17:19 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Hewlett-Packard
2012-11-16 16:13 - 2011-10-29 19:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-16 16:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-11-16 16:09 - 2012-11-16 16:09 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-11-16 16:08 - 2011-10-29 19:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-11-16 16:06 - 2012-11-16 16:06 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-16 16:05 - 2012-03-02 09:33 - 00108816 ____A C:\Users\Sunshine\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-16 16:05 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
2012-11-15 19:59 - 2012-11-15 19:59 - 00000000 ____D C:\FRST
2012-11-15 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-15 16:08 - 2012-02-24 04:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-15 15:57 - 2009-07-13 20:45 - 00415968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 11:18 - 2012-02-22 05:24 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 11:06 - 2012-02-24 04:43 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 11:04 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-11-14 16:28 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Adobe
2012-11-14 16:28 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Adobe
2012-11-13 01:01 - 2012-08-27 03:21 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 350
2012-11-12 23:42 - 2012-11-12 22:24 - 00058344 ____A C:\Users\Sunshine\Desktop\Nmc_2012-11-13_01-24-42.log
2012-11-12 22:24 - 2012-11-12 22:24 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Norman Malware Cleaner
2012-11-12 22:24 - 2012-11-12 22:13 - 217393728 ____A (Norman ASA) C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
2012-11-12 13:35 - 2012-11-12 13:35 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Games
2012-11-10 10:33 - 2012-11-10 10:12 - 00000000 ____D C:\Users\Sunshine\Documents\alphabet for trenton
2012-11-10 10:07 - 2012-08-21 08:47 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 381
2012-11-10 09:55 - 2012-09-14 11:38 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 245
2012-11-10 08:18 - 2012-11-10 08:18 - 00008398 ____A C:\Users\Sunshine\Desktop\HitmanPro_20121110_1118.log
2012-11-10 08:13 - 2012-11-10 08:13 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-11-10 08:13 - 2012-11-10 08:12 - 09015072 ____A (SurfRight B.V.) C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
2012-11-09 18:25 - 2012-11-09 18:25 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan (2).txt
2012-11-09 18:25 - 2012-11-07 14:27 - 00002760 ____A C:\Users\Sunshine\Desktop\aswMBR.txt
2012-11-09 18:11 - 2012-11-09 18:10 - 00930691 ____A C:\Users\Sunshine\Desktop\gfd.txt
2012-11-09 03:11 - 2012-11-09 03:11 - 00000963 ____A C:\Users\Sunshine\Desktop\kaspersky 11912.txt
2012-11-09 00:00 - 2012-11-09 00:00 - 00263236 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-11-08 17:11 - 2012-02-27 19:35 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Microsoft Games
2012-11-08 04:30 - 2012-11-08 04:30 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-11-08 04:29 - 2012-11-08 04:15 - 143004736 ____A C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
2012-11-07 20:25 - 2012-02-22 19:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-07 18:14 - 2012-11-02 17:06 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-07 18:14 - 2012-11-02 17:06 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-07 18:10 - 2011-10-29 19:39 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-07 14:27 - 2012-11-07 14:27 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan.txt
2012-11-07 14:14 - 2012-11-07 14:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-07 14:11 - 2012-11-07 14:10 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Sunshine\Desktop\tdsskiller.exe
2012-11-07 13:04 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Google
2012-11-06 14:12 - 2012-11-06 14:12 - 00021796 ____A C:\ComboFix.txt
2012-11-06 14:12 - 2012-11-06 13:56 - 00000000 ____D C:\Qoobox
2012-11-06 14:12 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-11-06 14:10 - 2012-11-06 13:55 - 00000000 ____D C:\Windows\erdnt
2012-11-06 14:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-06 13:55 - 2012-11-06 13:54 - 04997881 ____R (Swearware) C:\Users\Sunshine\Desktop\ComboFix.exe
2012-11-06 05:38 - 2012-11-06 05:38 - 00025881 ____A C:\Users\Sunshine\Desktop\dds.txt
2012-11-06 05:38 - 2012-11-06 05:38 - 00019449 ____A C:\Users\Sunshine\Desktop\attach.txt
2012-11-06 05:34 - 2012-11-06 05:34 - 00000411 ____A C:\Users\Sunshine\Desktop\gmer.log
2012-11-06 05:11 - 2012-11-06 05:09 - 00302592 ____A C:\Users\Sunshine\Desktop\f04bhlw2.exe
2012-11-06 05:10 - 2012-11-06 04:14 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill 110612.txt
2012-11-06 04:31 - 2012-11-04 19:58 - 00000000 ____D C:\Windows\pss
2012-11-06 04:14 - 2012-11-03 19:32 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill.txt
2012-11-05 19:37 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-05 10:59 - 2012-11-05 10:59 - 02434048 ____A C:\Users\Sunshine\Downloads\msxml.msi
2012-11-05 10:43 - 2012-11-05 10:11 - 00007597 ____A C:\Users\Sunshine\AppData\Local\Resmon.ResmonCfg
2012-11-05 09:57 - 2011-10-29 19:35 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-11-05 09:56 - 2011-09-05 18:20 - 00000000 ____D C:\Program Files\Hewlett-Packard
2012-11-05 09:39 - 2012-11-05 09:39 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-04 20:41 - 2012-11-04 20:41 - 00036507 ____A C:\Users\Sunshine\Desktop\sfcdetails.txt
2012-11-04 19:53 - 2012-11-04 19:53 - 00266288 ____A C:\Windows\Minidump\110412-20264-01.dmp
2012-11-04 19:53 - 2012-10-24 20:14 - 00000000 ____D C:\Windows\Minidump
2012-11-04 19:52 - 2012-10-24 20:14 - 631130791 ____A C:\Windows\MEMORY.DMP
2012-11-04 19:06 - 2012-11-04 19:04 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Sunshine\Desktop\mbam-setup.exe
2012-11-04 19:06 - 2012-11-03 19:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-04 19:06 - 2012-11-03 19:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-04 19:03 - 2012-11-04 19:03 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\Sunshine\Desktop\rkill.com
2012-11-04 18:59 - 2012-11-04 18:46 - 68897872 ____A (Microsoft Corporation) C:\Users\Sunshine\Downloads\mpam-fe.exe
2012-11-04 18:36 - 2012-11-04 18:36 - 00266288 ____A C:\Windows\Minidump\110412-24102-01.dmp
2012-11-04 00:58 - 2012-11-04 00:58 - 00002259 ____A C:\Users\Sunshine\Desktop\Google Chrome.lnk
2012-11-03 21:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-03 21:48 - 2012-11-03 21:48 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2012-11-03 20:54 - 2012-11-03 20:54 - 00262144 ____A C:\Windows\Minidump\110412-38766-01.dmp
2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Secunia PSI
2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-11-03 20:32 - 2012-11-03 20:32 - 00262144 ____A C:\Windows\Minidump\110412-26036-01.dmp
2012-11-03 20:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-03 19:43 - 2012-11-03 19:43 - 00000048 ____A C:\Users\Sunshine\AppData\Roaming\mbam.context.scan
2012-11-03 19:42 - 2012-11-03 19:32 - 00000000 ____D C:\Users\Sunshine\Desktop\rkill
2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Malwarebytes
2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-03 16:41 - 2012-11-03 16:41 - 00000000 ____D C:\Users\Sunshine\Documents\Autoruns
2012-11-03 16:18 - 2012-11-03 16:18 - 00000000 ____D C:\Users\Sunshine\Documents\Symantec
2012-11-03 16:15 - 2012-11-03 16:15 - 00262144 ____A C:\Windows\Minidump\110312-36987-01.dmp
2012-11-03 10:39 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-11-03 07:39 - 2012-03-02 10:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Windows Live
2012-11-02 17:11 - 2012-11-02 17:11 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-11-02 17:11 - 2012-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-01 19:11 - 2012-11-01 19:11 - 00000134 ____A C:\Users\Sunshine\Desktop\Microsoft Fix it.url
2012-11-01 18:03 - 2012-11-01 18:03 - 00262144 ____A C:\Windows\Minidump\110112-19515-01.dmp
2012-11-01 12:33 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Google
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Synaptics
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Macromedia
2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\hpqLog
2012-11-01 11:22 - 2012-11-01 11:22 - 00000020 ___SH C:\Users\Kiddos.Sunshine-HP\ntuser.ini
2012-11-01 11:22 - 2012-11-01 11:22 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\VirtualStore
2012-10-31 19:12 - 2012-10-10 19:13 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Mozilla
2012-10-31 16:51 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-10-31 16:50 - 2012-10-29 10:41 - 00000000 ____D C:\users\Kiddos
2012-10-31 16:50 - 2011-10-30 01:22 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-10-31 16:50 - 2011-10-30 00:46 - 00000000 ____D C:\Users\All Users\Norton
2012-10-31 16:50 - 2011-10-30 00:35 - 00000000 ____D C:\Program Files\WIDCOMM
2012-10-31 16:50 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-10-31 16:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2012-10-31 16:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-10-31 09:33 - 2012-10-31 09:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\{4619D3FA-A7E4-4EA1-993F-2CF2C632768F}
2012-10-30 19:14 - 2012-10-30 19:14 - 00262144 ____A C:\Windows\Minidump\103012-29827-01.dmp
2012-10-29 18:47 - 2012-10-29 18:47 - 00000000 ____D C:\Windows\Sun
2012-10-29 12:32 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Google
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Synaptics
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Macromedia
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\hpqLog
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Adobe
2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Google
2012-10-29 10:42 - 2012-10-29 10:42 - 00000000 ____D C:\Users\Kiddos\AppData\Local\VirtualStore
2012-10-24 20:14 - 2012-10-24 20:14 - 00262144 ____A C:\Windows\Minidump\102512-24944-01.dmp
2012-10-24 02:50 - 2012-10-20 23:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-23 21:36 - 2012-10-23 21:36 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-07 20:25:12
Restore point made on: 2012-11-09 00:00:19
Restore point made on: 2012-11-11 17:43:22
Restore point made on: 2012-11-11 17:44:39
Restore point made on: 2012-11-12 23:36:59
Restore point made on: 2012-11-14 11:17:56
Restore point made on: 2012-11-14 11:42:12
Restore point made on: 2012-11-15 11:02:16
Restore point made on: 2012-11-16 16:07:31
Restore point made on: 2012-11-16 16:11:45
Restore point made on: 2012-11-16 16:12:35
Restore point made on: 2012-11-18 16:24:38
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 6091.86 MB
Available physical RAM: 5253.86 MB
Total Pagefile: 6090.01 MB
Available Pagefile: 5235.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:674.41 GB) (Free:615.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:20.06 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
5 Drive h: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.44 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7728 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 674 GB 200 MB
Partition 3 Primary 20 GB 674 GB
Partition 4 Primary 4062 MB 694 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 674 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 20 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4062 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H USB20FD FAT32 Removable 7727 MB Healthy
=========================================================
Last Boot: 2012-11-15 19:17
==================== End Of Log =============================

Jay Pfoutz · Nov 23, 2012

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

rlhartzell · Nov 27, 2012

Hello, I missed this email, I will do this tonight when I get home. Thank you!

Jay Pfoutz · Nov 27, 2012

Okay.

rlhartzell · Nov 27, 2012

Rebooting seemed to go ok. Bringing up a web page was still slow. Running other scan now.

rlhartzell · Nov 27, 2012

Here is the scan!
Thank you!

Jay Pfoutz · Nov 28, 2012

Do a TDSSKiller scan again, and delete the TDSS File System once it comes up. Then do the following please:

avast! aswMBR

Please download aswMBR from here

Save aswMBR.exe to your Desktop

Double click aswMBR.exe to run it

Uncheck "Trace disk IO calls".

Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review

Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

rlhartzell · Dec 2, 2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 17:26:11
-----------------------------
17:26:11.832 OS Version: Windows x64 6.1.7601 Service Pack 1
17:26:11.832 Number of processors: 4 586 0x2A07
17:26:11.832 ComputerName: SUNSHINE-HP UserName: Sunshine
17:26:13.592 Initialize success
17:26:18.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:26:18.280 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
17:26:18.295 Disk 0 MBR read successfully
17:26:18.300 Disk 0 MBR scan
17:26:18.305 Disk 0 Windows 7 default MBR code
17:26:18.315 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:26:18.335 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
17:26:18.370 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
17:26:18.390 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
17:26:18.435 Disk 0 scanning C:\Windows\system32\drivers
17:26:25.055 Service scanning
17:26:51.265 Modules scanning
17:26:51.280 Scan finished successfully
17:27:30.398 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
17:27:30.403 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 21:24:01
-----------------------------
21:24:01.605 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:01.605 Number of processors: 4 586 0x2A07
21:24:01.605 ComputerName: SUNSHINE-HP UserName: Sunshine
21:24:03.480 Initialize success
21:24:20.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:24:20.130 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
21:24:20.150 Disk 0 MBR read successfully
21:24:20.160 Disk 0 MBR scan
21:24:20.165 Disk 0 Windows 7 default MBR code
21:24:20.170 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:24:20.190 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
21:24:20.225 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
21:24:20.245 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
21:24:20.295 Disk 0 scanning C:\Windows\system32\drivers
21:24:27.145 Service scanning
21:24:54.100 Modules scanning
21:24:54.115 Scan finished successfully
21:25:40.810 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
21:25:40.835 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-02 03:19:31
-----------------------------
03:19:31.263 OS Version: Windows x64 6.1.7601 Service Pack 1
03:19:31.263 Number of processors: 4 586 0x2A07
03:19:31.263 ComputerName: SUNSHINE-HP UserName: Sunshine
03:19:32.923 Initialize success
03:19:43.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:19:43.126 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
03:19:43.136 Disk 0 MBR read successfully
03:19:43.141 Disk 0 MBR scan
03:19:43.146 Disk 0 Windows 7 default MBR code
03:19:43.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
03:19:43.166 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
03:19:43.201 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
03:19:43.221 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
03:19:43.266 Disk 0 scanning C:\Windows\system32\drivers
03:19:51.001 Service scanning
03:20:22.329 Modules scanning
03:20:22.344 Scan finished successfully
03:21:23.059 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
03:21:23.094 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"

rlhartzell · Dec 2, 2012

I am tryin to upload the second part, let me know if it works please. thank you

Jay Pfoutz · Dec 2, 2012

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe.

Click Quick Scan button and let the program run uninterrupted.

It will produce a log for you called OTL.txt, please post it in your next reply.

You may need to use two posts to get it all.

TechSpot

Welcome to TechSpot

C:\Windows\svchost.exe.Trojan.Agent causing blue screen and random crashes do not know how to fix

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

Attached Files:

fixlist.txt

rlhartzell Newcomer, in training Posts: 34

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

rlhartzell Newcomer, in training Posts: 34

Attached Files:

TDSSKiller.2.8.15.0_27.11.2012_23.48.52_log.txt

Jay Pfoutz Malware Helper Posts: 4,286 +49

rlhartzell Newcomer, in training Posts: 34

rlhartzell Newcomer, in training Posts: 34

Attached Files:

MBRscan.txt.zip

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.