Need help, computer infected with fake system error

Solved
By blkrosephoenix
Mar 24, 2012
  1. Hello my computer received some sort of virus. I keep on getting errors saying out of memory on my hard disk or unable to detect it or ram memory out. Also seem to not be able to view all my of folders and programs on my hard drives. I have followed the 5 step guide and am including my logs. I am able to use the computer and connect to the internet I am currently connected. I notice my malwarebytes anti-malware keeps on blocking some sort of program from accessing the internet. After following the 5 step program my computer still seems to have a virus as in I can't see all my programs and my desktop is black instead of my wallpaper but I am not getting the continuous error pop ups I was once receiving.



    Malwarebytes Anti-malware logs I ran it 3 times including each log.
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.23.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Black Rose Phoenix :: DANCOMPUTER [administrator]

    Protection: Enabled

    3/24/2012 3:14:51 AM
    mbam-log-2012-03-24 (03-14-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189744
    Time elapsed: 1 minute(s), 18 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4464 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)



    log 2

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.23.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Black Rose Phoenix :: DANCOMPUTER [administrator]

    Protection: Enabled

    3/24/2012 3:07:54 AM
    mbam-log-2012-03-24 (03-07-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189776
    Time elapsed: 1 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

    log 3

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.23.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Black Rose Phoenix :: DANCOMPUTER [administrator]

    Protection: Enabled

    3/24/2012 3:02:00 AM
    mbam-log-2012-03-24 (03-02-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190014
    Time elapsed: 1 minute(s), 40 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> 4012 -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> 4480 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\rSkVSbFvavfCaY.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Agent.GMAGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\vubjh.dll",DllRegisterServer -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\ProgramData\rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    there was no log for gmer

    DDS log
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Black Rose Phoenix at 3:37:26 on 2012-03-24
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16354.13879 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    E:\Steam\Steam.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    E:\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    uRun: [Steam] "E:\Steam\steam.exe" -silent
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    mRun: [<NO NAME>]
    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
    TCP: Interfaces\{1BA196DA-5F51-4127-90D4-CA3061D32716} : DhcpNameServer = 192.168.0.1 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    mRun-x64: [(Default)]
    mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Black Rose Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\52uuf49w.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-23 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-6 8704]
    R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]
    R2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-12-1 98624]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
    S3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-24 08:19:18 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-24 08:01:08 -------- d-----w- C:\Users\Black Rose Phoenix\AppData\Roaming\Malwarebytes
    2012-03-24 08:01:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-24 08:01:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-24 07:18:03 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-24 07:18:03 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-23 19:16:59 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
    2012-03-23 19:16:59 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symds64.sys
    2012-03-23 19:16:59 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys
    2012-03-23 19:16:59 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
    2012-03-23 19:16:59 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ironx64.sys
    2012-03-23 19:16:59 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys
    2012-03-23 19:16:59 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symefa64.sys
    2012-03-23 19:16:56 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A
    2012-03-21 04:41:13 -------- d--h--w- C:\Users\Black Rose Phoenix\AppData\Local\CrashDumps
    2012-03-19 22:40:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-03-19 22:36:56 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-03-19 22:36:56 -------- d-----w- C:\Program Files\Symantec
    2012-03-19 22:36:56 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-03-19 22:36:41 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2012-03-19 22:36:40 -------- d-----w- C:\Program Files (x86)\Norton 360
    2012-03-19 22:36:39 -------- d--h--w- C:\ProgramData\Norton
    2012-03-19 22:35:55 -------- d--h--w- C:\ProgramData\NortonInstaller
    2012-03-19 22:35:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-03-19 01:25:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-19 01:25:33 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-19 01:25:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-19 01:22:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-19 01:22:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-19 01:22:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-19 01:22:09 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-03-19 01:22:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-19 01:22:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-19 01:22:08 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-19 01:22:08 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-12 07:31:29 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2B09.tmp
    2012-03-12 07:31:29 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2B08.tmp
    2012-03-03 05:22:22 -------- d--h--w- C:\Users\Black Rose Phoenix\mIRC
    2012-03-03 05:22:22 -------- d--h--w- C:\Users\Black Rose Phoenix\AppData\Roaming\mIRC
    2012-02-27 03:41:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
    .
    ==================== Find3M ====================
    .
    2012-03-12 07:34:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-14 15:33:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-30 10:29:36 136704 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2012-01-30 10:29:34 278528 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2012-01-30 10:29:34 164864 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2012-01-09 00:45:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-01-09 00:45:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-01-07 16:54:58 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-29 09:52:04 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 3:37:54.32 ===============

    DDS attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/29/2011 3:35:24 AM
    System Uptime: 3/24/2012 3:18:05 AM (0 hours ago)
    .
    Motherboard: MSI | | 990XA-GD55 (MS-7640)
    Processor: AMD FX(tm)-6100 Six-Core Processor | CPU 1 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 5.938 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 932 GiB total, 761.931 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP88: 3/24/2012 3:00:10 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    AMD VISION Engine Control Center
    Batman: Arkham Asylum
    BetOnline Poker 8.2
    BitTorrent
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Counter-Strike: Source
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dual-Core Optimizer
    Fallout: New Vegas
    Hi-Rez Studios Authenticate and Update Service
    Java Auto Updater
    Java(TM) 6 Update 24
    Killing Floor
    League of Legends
    Magic Online
    Magic Workstation 0.94f
    Malwarebytes Anti-Malware version 1.60.1.1000
    Metro 2033
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    mIRC
    Mozilla Firefox 11.0 (x86 en-US)
    Norton 360
    NVIDIA PhysX
    Origin
    Pando Media Booster
    Razer Naga
    Razer Synapse 2.0
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Sendori
    Shape Collage
    Sid Meier's Civilization V
    Skype™ 5.8
    Star Wars: The Force Unleashed
    Star Wars: The Old Republic
    StarCraft II
    Steam
    Super-Charger
    Super Street Fighter IV: Arcade Edition
    Tribes Ascend Closed Beta
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VLC media player 1.1.11
    Windows Media Player Firefox Plugin
    WinRAR 4.11 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/24/2012 3:00:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    3/24/2012 2:17:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    3/24/2012 2:17:56 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/23/2012 11:14:41 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    3/21/2012 1:16:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/21/2012 1:16:29 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/19/2012 7:32:24 AM, Error: Microsoft Antimalware [3002] -
    .
    ==== End Of File ===========================
  2. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Did I do something wrong? No one can help me?
  3. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  4. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Thanks I will be performing your instructions tomorrow (today) after my classes. Will post with logs then. Oh and yes Unhide worked for me I can now see all my files.
  5. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Ok so I used unhide and I am now able to see all my files.

    Here are the requested logs

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-26 20:31:39
    -----------------------------
    20:31:39.716 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:31:39.716 Number of processors: 6 586 0x102
    20:31:39.717 ComputerName: DANCOMPUTER UserName:
    20:31:40.131 Initialize success
    20:33:32.295 AVAST engine defs: 12032602
    20:33:36.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:33:36.408 Disk 0 Vendor: OCZ-VERTEX2 1.35 Size: 57241MB BusType: 3
    20:33:36.412 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    20:33:36.418 Disk 1 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    20:33:36.422 Device \Driver\atapi -> MajorFunction fffffa800d6d25c4
    20:33:36.429 Disk 0 MBR read successfully
    20:33:36.434 Disk 0 MBR scan
    20:33:36.440 Disk 0 MBR:Alureon-M [Rtk]
    20:33:36.442 Disk 0 TDL4@MBR code has been found
    20:33:36.445 Disk 0 Windows 7 default MBR code found via API
    20:33:36.448 Disk 0 MBR hidden
    20:33:36.451 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:33:36.457 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
    20:33:36.463 Disk 0 MBR [TDL4] **ROOTKIT**
    20:33:36.468 Disk 0 trace - called modules:
    20:33:36.475 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800d6d25c4]<<
    20:33:36.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d5a2060]
    20:33:36.483 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa800cfcc520]
    20:33:36.487 5 ACPI.sys[fffff88000f1a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800cf99060]
    20:33:36.492 \Driver\atapi[0xfffffa800d5e45c0] -> IRP_MJ_CREATE -> 0xfffffa800d6d25c4
    20:33:36.949 AVAST engine scan C:\Windows
    20:33:37.328 AVAST engine scan C:\Windows\system32
    20:34:56.433 AVAST engine scan C:\Windows\system32\drivers
    20:35:00.194 AVAST engine scan C:\Users\Black Rose Phoenix
    20:35:11.257 AVAST engine scan C:\ProgramData
    20:35:17.712 File: C:\ProgramData\Microsoft\Windows\DRM\2B08.tmp **INFECTED** Win32:Malware-gen
    20:35:17.729 File: C:\ProgramData\Microsoft\Windows\DRM\2B09.tmp **INFECTED** Win32:Malware-gen
    20:35:22.751 Scan finished successfully
    20:35:32.817 Disk 0 MBR has been saved successfully to "C:\Users\Black Rose Phoenix\Desktop\MBR.dat"
    20:35:32.823 The log file has been saved successfully to "C:\Users\Black Rose Phoenix\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  6. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Heres the TDS log splitting it into 2 posts

    21:20:33.0533 1692 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    21:20:34.0682 1692 ============================================================
    21:20:34.0682 1692 Current date / time: 2012/03/26 21:20:34.0682
    21:20:34.0682 1692 SystemInfo:
    21:20:34.0682 1692
    21:20:34.0682 1692 OS Version: 6.1.7601 ServicePack: 1.0
    21:20:34.0682 1692 Product type: Workstation
    21:20:34.0683 1692 ComputerName: DANCOMPUTER
    21:20:34.0683 1692 UserName: Black Rose Phoenix
    21:20:34.0683 1692 Windows directory: C:\Windows
    21:20:34.0683 1692 System windows directory: C:\Windows
    21:20:34.0683 1692 Running under WOW64
    21:20:34.0683 1692 Processor architecture: Intel x64
    21:20:34.0683 1692 Number of processors: 6
    21:20:34.0683 1692 Page size: 0x1000
    21:20:34.0683 1692 Boot type: Normal boot
    21:20:34.0683 1692 ============================================================
    21:20:34.0943 1692 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:20:34.0951 1692 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:20:34.0968 1692 \Device\Harddisk0\DR0:
    21:20:34.0969 1692 MBR used
    21:20:34.0969 1692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:20:34.0969 1692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
    21:20:34.0969 1692 \Device\Harddisk1\DR1:
    21:20:34.0969 1692 MBR used
    21:20:34.0969 1692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
    21:20:34.0997 1692 Initialize success
    21:20:34.0997 1692 ============================================================
    21:20:42.0110 2704 ============================================================
    21:20:42.0110 2704 Scan started
    21:20:42.0110 2704 Mode: Manual;
    21:20:42.0110 2704 ============================================================
    21:20:42.0645 2704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:20:42.0648 2704 1394ohci - ok
    21:20:42.0661 2704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:20:42.0664 2704 ACPI - ok
    21:20:42.0674 2704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:20:42.0675 2704 AcpiPmi - ok
    21:20:42.0689 2704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:20:42.0694 2704 adp94xx - ok
    21:20:42.0706 2704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:20:42.0710 2704 adpahci - ok
    21:20:42.0721 2704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:20:42.0724 2704 adpu320 - ok
    21:20:42.0735 2704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:20:42.0735 2704 AeLookupSvc - ok
    21:20:42.0750 2704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    21:20:42.0755 2704 AFD - ok
    21:20:42.0765 2704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:20:42.0767 2704 agp440 - ok
    21:20:42.0776 2704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:20:42.0777 2704 ALG - ok
    21:20:42.0787 2704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:20:42.0788 2704 aliide - ok
    21:20:42.0798 2704 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
    21:20:42.0801 2704 AMD External Events Utility - ok
    21:20:42.0804 2704 AMD FUEL Service - ok
    21:20:42.0814 2704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:20:42.0815 2704 amdide - ok
    21:20:42.0826 2704 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    21:20:42.0827 2704 amdiox64 - ok
    21:20:42.0837 2704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:20:42.0838 2704 AmdK8 - ok
    21:20:42.0975 2704 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:20:43.0104 2704 amdkmdag - ok
    21:20:43.0122 2704 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
    21:20:43.0124 2704 amdkmdap - ok
    21:20:43.0134 2704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:20:43.0134 2704 AmdPPM - ok
    21:20:43.0144 2704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:20:43.0146 2704 amdsata - ok
    21:20:43.0156 2704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:20:43.0158 2704 amdsbs - ok
    21:20:43.0168 2704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:20:43.0169 2704 amdxata - ok
    21:20:43.0173 2704 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    21:20:43.0173 2704 AODDriver4.01 - ok
    21:20:43.0184 2704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:20:43.0185 2704 AppID - ok
    21:20:43.0193 2704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:20:43.0194 2704 AppIDSvc - ok
    21:20:43.0204 2704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    21:20:43.0204 2704 Appinfo - ok
    21:20:43.0217 2704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    21:20:43.0219 2704 AppMgmt - ok
    21:20:43.0230 2704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:20:43.0231 2704 arc - ok
    21:20:43.0242 2704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:20:43.0243 2704 arcsas - ok
    21:20:43.0253 2704 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:20:43.0253 2704 aspnet_state - ok
    21:20:43.0264 2704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:20:43.0264 2704 AsyncMac - ok
    21:20:43.0274 2704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:20:43.0274 2704 atapi - ok
    21:20:43.0287 2704 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
    21:20:43.0288 2704 AtiHDAudioService - ok
    21:20:43.0304 2704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:20:43.0311 2704 AudioEndpointBuilder - ok
    21:20:43.0320 2704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    21:20:43.0324 2704 AudioSrv - ok
    21:20:43.0334 2704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    21:20:43.0336 2704 AxInstSV - ok
    21:20:43.0350 2704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:20:43.0355 2704 b06bdrv - ok
    21:20:43.0367 2704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:20:43.0370 2704 b57nd60a - ok
    21:20:43.0381 2704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:20:43.0383 2704 BDESVC - ok
    21:20:43.0392 2704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:20:43.0392 2704 Beep - ok
    21:20:43.0410 2704 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    21:20:43.0417 2704 BFE - ok
    21:20:43.0435 2704 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
    21:20:43.0442 2704 BHDrvx64 - ok
    21:20:43.0459 2704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    21:20:43.0468 2704 BITS - ok
    21:20:43.0478 2704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:20:43.0479 2704 blbdrive - ok
    21:20:43.0490 2704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:20:43.0491 2704 bowser - ok
    21:20:43.0500 2704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:20:43.0500 2704 BrFiltLo - ok
    21:20:43.0510 2704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:20:43.0510 2704 BrFiltUp - ok
    21:20:43.0521 2704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    21:20:43.0522 2704 Browser - ok
    21:20:43.0534 2704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:20:43.0537 2704 Brserid - ok
    21:20:43.0546 2704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:20:43.0547 2704 BrSerWdm - ok
    21:20:43.0556 2704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:20:43.0556 2704 BrUsbMdm - ok
    21:20:43.0567 2704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:20:43.0567 2704 BrUsbSer - ok
    21:20:43.0579 2704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:20:43.0580 2704 BTHMODEM - ok
    21:20:43.0591 2704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:20:43.0592 2704 bthserv - ok
    21:20:43.0605 2704 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
    21:20:43.0606 2704 ccSet_N360 - ok
    21:20:43.0617 2704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:20:43.0618 2704 cdfs - ok
    21:20:43.0628 2704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    21:20:43.0630 2704 cdrom - ok
    21:20:43.0639 2704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:20:43.0641 2704 CertPropSvc - ok
    21:20:43.0650 2704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:20:43.0651 2704 circlass - ok
    21:20:43.0664 2704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:20:43.0668 2704 CLFS - ok
    21:20:43.0674 2704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:20:43.0675 2704 clr_optimization_v2.0.50727_32 - ok
    21:20:43.0680 2704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:20:43.0681 2704 clr_optimization_v2.0.50727_64 - ok
    21:20:43.0688 2704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:20:43.0689 2704 clr_optimization_v4.0.30319_32 - ok
    21:20:43.0696 2704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:20:43.0697 2704 clr_optimization_v4.0.30319_64 - ok
    21:20:43.0707 2704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:20:43.0707 2704 CmBatt - ok
    21:20:43.0717 2704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:20:43.0718 2704 cmdide - ok
    21:20:43.0732 2704 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:20:43.0737 2704 CNG - ok
    21:20:43.0746 2704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:20:43.0746 2704 Compbatt - ok
    21:20:43.0757 2704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:20:43.0757 2704 CompositeBus - ok
    21:20:43.0767 2704 COMSysApp - ok
    21:20:43.0777 2704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:20:43.0777 2704 crcdisk - ok
    21:20:43.0790 2704 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    21:20:43.0791 2704 CryptSvc - ok
    21:20:43.0807 2704 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    21:20:43.0812 2704 CSC - ok
    21:20:43.0828 2704 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    21:20:43.0835 2704 CscService - ok
    21:20:43.0850 2704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:20:43.0856 2704 DcomLaunch - ok
    21:20:43.0868 2704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:20:43.0872 2704 defragsvc - ok
    21:20:43.0882 2704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:20:43.0883 2704 DfsC - ok
    21:20:43.0895 2704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    21:20:43.0899 2704 Dhcp - ok
    21:20:43.0908 2704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:20:43.0909 2704 discache - ok
    21:20:43.0919 2704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:20:43.0920 2704 Disk - ok
    21:20:43.0931 2704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    21:20:43.0932 2704 Dnscache - ok
    21:20:43.0943 2704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    21:20:43.0947 2704 dot3svc - ok
    21:20:43.0956 2704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    21:20:43.0958 2704 DPS - ok
    21:20:43.0968 2704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:20:43.0969 2704 drmkaud - ok
    21:20:43.0981 2704 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    21:20:43.0983 2704 dtsoftbus01 - ok
    21:20:44.0003 2704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:20:44.0008 2704 DXGKrnl - ok
    21:20:44.0018 2704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:20:44.0020 2704 EapHost - ok
    21:20:44.0063 2704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:20:44.0097 2704 ebdrv - ok
    21:20:44.0106 2704 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    21:20:44.0109 2704 eeCtrl - ok
    21:20:44.0118 2704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    21:20:44.0119 2704 EFS - ok
    21:20:44.0130 2704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    21:20:44.0138 2704 ehRecvr - ok
    21:20:44.0142 2704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:20:44.0144 2704 ehSched - ok
    21:20:44.0159 2704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:20:44.0165 2704 elxstor - ok
    21:20:44.0171 2704 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    21:20:44.0172 2704 EraserUtilRebootDrv - ok
    21:20:44.0181 2704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:20:44.0181 2704 ErrDev - ok
    21:20:44.0197 2704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:20:44.0201 2704 EventSystem - ok
    21:20:44.0213 2704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:20:44.0214 2704 exfat - ok
    21:20:44.0226 2704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:20:44.0227 2704 fastfat - ok
    21:20:44.0249 2704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    21:20:44.0256 2704 Fax - ok
    21:20:44.0266 2704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:20:44.0266 2704 fdc - ok
    21:20:44.0276 2704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:20:44.0277 2704 fdPHost - ok
    21:20:44.0286 2704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:20:44.0287 2704 FDResPub - ok
    21:20:44.0297 2704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:20:44.0297 2704 FileInfo - ok
    21:20:44.0307 2704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:20:44.0307 2704 Filetrace - ok
    21:20:44.0318 2704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:20:44.0318 2704 flpydisk - ok
    21:20:44.0332 2704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:20:44.0335 2704 FltMgr - ok
    21:20:44.0355 2704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    21:20:44.0367 2704 FontCache - ok
    21:20:44.0373 2704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:20:44.0373 2704 FontCache3.0.0.0 - ok
    21:20:44.0383 2704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:20:44.0384 2704 FsDepends - ok
    21:20:44.0393 2704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:20:44.0393 2704 Fs_Rec - ok
    21:20:44.0406 2704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:20:44.0409 2704 fvevol - ok
    21:20:44.0419 2704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:20:44.0420 2704 gagp30kx - ok
    21:20:44.0436 2704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    21:20:44.0444 2704 gpsvc - ok
    21:20:44.0453 2704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:20:44.0453 2704 hcw85cir - ok
    21:20:44.0467 2704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:20:44.0471 2704 HdAudAddService - ok
    21:20:44.0482 2704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:20:44.0483 2704 HDAudBus - ok
    21:20:44.0493 2704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:20:44.0493 2704 HidBatt - ok
    21:20:44.0504 2704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:20:44.0505 2704 HidBth - ok
    21:20:44.0514 2704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:20:44.0515 2704 HidIr - ok
    21:20:44.0524 2704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    21:20:44.0525 2704 hidserv - ok
    21:20:44.0536 2704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:20:44.0537 2704 HidUsb - ok
    21:20:44.0541 2704 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    21:20:44.0541 2704 HiPatchService - ok
    21:20:44.0552 2704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    21:20:44.0554 2704 hkmsvc - ok
    21:20:44.0564 2704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    21:20:44.0567 2704 HomeGroupListener - ok
    21:20:44.0577 2704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    21:20:44.0579 2704 HomeGroupProvider - ok
    21:20:44.0590 2704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:20:44.0591 2704 HpSAMD - ok
    21:20:44.0608 2704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:20:44.0616 2704 HTTP - ok
    21:20:44.0626 2704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:20:44.0626 2704 hwpolicy - ok
    21:20:44.0637 2704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:20:44.0638 2704 i8042prt - ok
    21:20:44.0652 2704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:20:44.0656 2704 iaStorV - ok
    21:20:44.0670 2704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:20:44.0679 2704 idsvc - ok
    21:20:44.0690 2704 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSvia64.sys
    21:20:44.0692 2704 IDSVia64 - ok
    21:20:44.0702 2704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:20:44.0703 2704 iirsp - ok
    21:20:44.0721 2704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    21:20:44.0730 2704 IKEEXT - ok
    21:20:44.0772 2704 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
    21:20:44.0787 2704 IntcAzAudAddService - ok
    21:20:44.0798 2704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:20:44.0799 2704 intelide - ok
    21:20:44.0809 2704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:20:44.0810 2704 intelppm - ok
    21:20:44.0820 2704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:20:44.0822 2704 IPBusEnum - ok
    21:20:44.0833 2704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:20:44.0834 2704 IpFilterDriver - ok
    21:20:44.0848 2704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    21:20:44.0854 2704 iphlpsvc - ok
    21:20:44.0863 2704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:20:44.0864 2704 IPMIDRV - ok
    21:20:44.0875 2704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:20:44.0876 2704 IPNAT - ok
    21:20:44.0886 2704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:20:44.0886 2704 IRENUM - ok
    21:20:44.0896 2704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:20:44.0897 2704 isapnp - ok
    21:20:44.0910 2704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:20:44.0913 2704 iScsiPrt - ok
    21:20:44.0923 2704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:20:44.0924 2704 kbdclass - ok
    21:20:44.0934 2704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:20:44.0935 2704 kbdhid - ok
    21:20:44.0944 2704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:20:44.0945 2704 KeyIso - ok
    21:20:44.0956 2704 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:20:44.0957 2704 KSecDD - ok
    21:20:44.0967 2704 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:20:44.0969 2704 KSecPkg - ok
    21:20:44.0978 2704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:20:44.0979 2704 ksthunk - ok
    21:20:44.0992 2704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:20:44.0997 2704 KtmRm - ok
    21:20:45.0008 2704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    21:20:45.0012 2704 LanmanServer - ok
    21:20:45.0022 2704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    21:20:45.0024 2704 LanmanWorkstation - ok
    21:20:45.0036 2704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:20:45.0037 2704 lltdio - ok
    21:20:45.0049 2704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:20:45.0053 2704 lltdsvc - ok
    21:20:45.0062 2704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:20:45.0063 2704 lmhosts - ok
    21:20:45.0076 2704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:20:45.0077 2704 LSI_FC - ok
    21:20:45.0088 2704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:20:45.0089 2704 LSI_SAS - ok
    21:20:45.0099 2704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:20:45.0099 2704 LSI_SAS2 - ok
    21:20:45.0111 2704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:20:45.0112 2704 LSI_SCSI - ok
    21:20:45.0124 2704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:20:45.0125 2704 luafv - ok
    21:20:45.0135 2704 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
    21:20:45.0135 2704 Lycosa - ok
    21:20:45.0146 2704 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    21:20:45.0147 2704 MBAMProtector - ok
    21:20:45.0185 2704 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) E:\Malwarebytes' Anti-Malware\mbamservice.exe
    21:20:45.0189 2704 MBAMService - ok
    21:20:45.0199 2704 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
    21:20:45.0200 2704 MBfilt - ok
    21:20:45.0210 2704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    21:20:45.0212 2704 Mcx2Svc - ok
    21:20:45.0221 2704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:20:45.0221 2704 megasas - ok
    21:20:45.0234 2704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:20:45.0236 2704 MegaSR - ok
    21:20:45.0243 2704 Microsoft SharePoint Workspace Audit Service - ok
    21:20:45.0254 2704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:20:45.0255 2704 MMCSS - ok
    21:20:45.0265 2704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:20:45.0266 2704 Modem - ok
    21:20:45.0276 2704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:20:45.0277 2704 monitor - ok
    21:20:45.0287 2704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:20:45.0288 2704 mouclass - ok
    21:20:45.0298 2704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:20:45.0299 2704 mouhid - ok
    21:20:45.0310 2704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:20:45.0311 2704 mountmgr - ok
    21:20:45.0321 2704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:20:45.0324 2704 mpio - ok
    21:20:45.0333 2704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:20:45.0334 2704 mpsdrv - ok
    21:20:45.0352 2704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    21:20:45.0360 2704 MpsSvc - ok
    21:20:45.0371 2704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:20:45.0373 2704 MRxDAV - ok
    21:20:45.0383 2704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:20:45.0385 2704 mrxsmb - ok
    21:20:45.0397 2704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:20:45.0400 2704 mrxsmb10 - ok
    21:20:45.0411 2704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:20:45.0412 2704 mrxsmb20 - ok
    21:20:45.0422 2704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:20:45.0423 2704 msahci - ok
    21:20:45.0434 2704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:20:45.0436 2704 msdsm - ok
    21:20:45.0446 2704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:20:45.0449 2704 MSDTC - ok
    21:20:45.0462 2704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:20:45.0462 2704 Msfs - ok
    21:20:45.0473 2704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:20:45.0473 2704 mshidkmdf - ok
    21:20:45.0484 2704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:20:45.0485 2704 msisadrv - ok
    21:20:45.0495 2704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:20:45.0498 2704 MSiSCSI - ok
    21:20:45.0506 2704 msiserver - ok
    21:20:45.0518 2704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:20:45.0518 2704 MSKSSRV - ok
    21:20:45.0529 2704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:20:45.0529 2704 MSPCLOCK - ok
    21:20:45.0540 2704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:20:45.0540 2704 MSPQM - ok
    21:20:45.0555 2704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:20:45.0558 2704 MsRPC - ok
    21:20:45.0570 2704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:20:45.0571 2704 mssmbios - ok
    21:20:45.0581 2704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:20:45.0581 2704 MSTEE - ok
    21:20:45.0591 2704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:20:45.0591 2704 MTConfig - ok
    21:20:45.0602 2704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:20:45.0603 2704 Mup - ok
    21:20:45.0611 2704 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    21:20:45.0612 2704 N360 - ok
    21:20:45.0626 2704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    21:20:45.0631 2704 napagent - ok
    21:20:45.0644 2704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:20:45.0647 2704 NativeWifiP - ok
    21:20:45.0654 2704 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120326.019\ENG64.SYS
    21:20:45.0655 2704 NAVENG - ok
    21:20:45.0682 2704 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120326.019\EX64.SYS
    21:20:45.0693 2704 NAVEX15 - ok
    21:20:45.0713 2704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    21:20:45.0722 2704 NDIS - ok
    21:20:45.0732 2704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:20:45.0732 2704 NdisCap - ok
    21:20:45.0742 2704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:20:45.0743 2704 NdisTapi - ok
    21:20:45.0754 2704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:20:45.0755 2704 Ndisuio - ok
    21:20:45.0766 2704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:20:45.0769 2704 NdisWan - ok
    21:20:45.0779 2704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:20:45.0779 2704 NDProxy - ok
    21:20:45.0789 2704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:20:45.0790 2704 NetBIOS - ok
    21:20:45.0802 2704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:20:45.0805 2704 NetBT - ok
    21:20:45.0814 2704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:20:45.0815 2704 Netlogon - ok
    21:20:45.0829 2704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:20:45.0833 2704 Netman - ok
    21:20:45.0840 2704 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:20:45.0841 2704 NetMsmqActivator - ok
    21:20:45.0845 2704 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:20:45.0846 2704 NetPipeActivator - ok
    21:20:45.0858 2704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:20:45.0863 2704 netprofm - ok
    21:20:45.0870 2704 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:20:45.0871 2704 NetTcpActivator - ok
    21:20:45.0874 2704 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:20:45.0875 2704 NetTcpPortSharing - ok
    21:20:45.0885 2704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:20:45.0886 2704 nfrd960 - ok
    21:20:45.0898 2704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    21:20:45.0901 2704 NlaSvc - ok
    21:20:45.0911 2704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:20:45.0911 2704 Npfs - ok
    21:20:45.0920 2704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:20:45.0921 2704 nsi - ok
    21:20:45.0933 2704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:20:45.0933 2704 nsiproxy - ok
    21:20:45.0962 2704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:20:45.0979 2704 Ntfs - ok
    21:20:45.0989 2704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:20:45.0989 2704 Null - ok
    21:20:46.0001 2704 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
    21:20:46.0002 2704 nusb3hub - ok
    21:20:46.0014 2704 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    21:20:46.0016 2704 nusb3xhc - ok
    21:20:46.0027 2704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:20:46.0029 2704 nvraid - ok
    21:20:46.0040 2704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:20:46.0043 2704 nvstor - ok
    21:20:46.0054 2704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:20:46.0055 2704 nv_agp - ok
    21:20:46.0065 2704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:20:46.0066 2704 ohci1394 - ok
    21:20:46.0072 2704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:20:46.0073 2704 ose - ok
    21:20:46.0134 2704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:20:46.0159 2704 osppsvc - ok
    21:20:46.0174 2704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:20:46.0178 2704 p2pimsvc - ok
    21:20:46.0191 2704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:20:46.0196 2704 p2psvc - ok
    21:20:46.0206 2704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:20:46.0207 2704 Parport - ok
    21:20:46.0217 2704 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:20:46.0218 2704 partmgr - ok
    21:20:46.0228 2704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:20:46.0230 2704 PcaSvc - ok
    21:20:46.0243 2704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:20:46.0245 2704 pci - ok
    21:20:46.0254 2704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:20:46.0254 2704 pciide - ok
    21:20:46.0266 2704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:20:46.0268 2704 pcmcia - ok
    21:20:46.0278 2704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:20:46.0279 2704 pcw - ok
    21:20:46.0295 2704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:20:46.0302 2704 PEAUTH - ok
    21:20:46.0325 2704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    21:20:46.0339 2704 PeerDistSvc - ok
    21:20:46.0351 2704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:20:46.0352 2704 PerfHost - ok
    21:20:46.0381 2704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    21:20:46.0396 2704 pla - ok
    21:20:46.0410 2704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    21:20:46.0415 2704 PlugPlay - ok
    21:20:46.0424 2704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:20:46.0426 2704 PNRPAutoReg - ok
    21:20:46.0438 2704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:20:46.0441 2704 PNRPsvc - ok
    21:20:46.0455 2704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    21:20:46.0460 2704 PolicyAgent - ok
    21:20:46.0472 2704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:20:46.0475 2704 Power - ok
    21:20:46.0486 2704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:20:46.0487 2704 PptpMiniport - ok
    21:20:46.0496 2704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:20:46.0497 2704 Processor - ok
    21:20:46.0508 2704 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    21:20:46.0511 2704 ProfSvc - ok
    21:20:46.0520 2704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:20:46.0521 2704 ProtectedStorage - ok
    21:20:46.0532 2704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:20:46.0533 2704 Psched - ok
    21:20:46.0559 2704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:20:46.0574 2704 ql2300 - ok
    21:20:46.0585 2704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:20:46.0587 2704 ql40xx - ok
    21:20:46.0598 2704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:20:46.0601 2704 QWAVE - ok
    21:20:46.0611 2704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:20:46.0612 2704 QWAVEdrv - ok
    21:20:46.0622 2704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:20:46.0622 2704 RasAcd - ok
    21:20:46.0633 2704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:20:46.0634 2704 RasAgileVpn - ok
    21:20:46.0644 2704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:20:46.0647 2704 RasAuto - ok
    21:20:46.0658 2704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:20:46.0659 2704 Rasl2tp - ok
    21:20:46.0671 2704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    21:20:46.0676 2704 RasMan - ok
    21:20:46.0688 2704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:20:46.0689 2704 RasPppoe - ok
    21:20:46.0699 2704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:20:46.0700 2704 RasSstp - ok
    21:20:46.0713 2704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:20:46.0716 2704 rdbss - ok
    21:20:46.0726 2704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:20:46.0726 2704 rdpbus - ok
    21:20:46.0737 2704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:20:46.0737 2704 RDPCDD - ok
    21:20:46.0750 2704 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    21:20:46.0753 2704 RDPDR - ok
    21:20:46.0763 2704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:20:46.0763 2704 RDPENCDD - ok
    21:20:46.0775 2704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:20:46.0775 2704 RDPREFMP - ok
    21:20:46.0787 2704 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    21:20:46.0788 2704 RdpVideoMiniport - ok
    21:20:46.0800 2704 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    21:20:46.0802 2704 RDPWD - ok
    21:20:46.0814 2704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:20:46.0816 2704 rdyboost - ok
    21:20:46.0826 2704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:20:46.0828 2704 RemoteAccess - ok
    21:20:46.0849 2704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:20:46.0852 2704 RemoteRegistry - ok
    21:20:46.0862 2704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:20:46.0863 2704 RpcEptMapper - ok
    21:20:46.0872 2704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:20:46.0873 2704 RpcLocator - ok
    21:20:46.0887 2704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    21:20:46.0891 2704 RpcSs - ok
    21:20:46.0902 2704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:20:46.0903 2704 rspndr - ok
    21:20:46.0918 2704 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:20:46.0921 2704 RTL8167 - ok
    21:20:46.0933 2704 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
    21:20:46.0934 2704 RzSynapse - ok
    21:20:46.0944 2704 rzudd (ec425b78926f0b5ee79c9e3fb3c49031) C:\Windows\system32\DRIVERS\rzudd.sys
    21:20:46.0946 2704 rzudd - ok
    21:20:46.0956 2704 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    21:20:46.0957 2704 s3cap - ok
    21:20:46.0966 2704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:20:46.0967 2704 SamSs - ok
    21:20:46.0978 2704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:20:46.0979 2704 sbp2port - ok
    21:20:46.0990 2704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:20:46.0993 2704 SCardSvr - ok
    21:20:47.0004 2704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:20:47.0004 2704 scfilter - ok
    21:20:47.0025 2704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    21:20:47.0037 2704 Schedule - ok
    21:20:47.0047 2704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    21:20:47.0048 2704 SCPolicySvc - ok
    21:20:47.0059 2704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    21:20:47.0063 2704 SDRSVC - ok
    21:20:47.0073 2704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:20:47.0073 2704 secdrv - ok
    21:20:47.0083 2704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    21:20:47.0085 2704 seclogon - ok
    21:20:47.0090 2704 Sendori (953f0a33da207dc1e2763d058a14179a) C:\Program Files (x86)\Sendori\SendoriSvc.exe
    21:20:47.0091 2704 Sendori - ok
    21:20:47.0101 2704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    21:20:47.0102 2704 SENS - ok
    21:20:47.0111 2704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:20:47.0113 2704 SensrSvc - ok
    21:20:47.0123 2704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:20:47.0123 2704 Serenum - ok
    21:20:47.0135 2704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6)
  8. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    C:\Windows\system32\DRIVERS\serial.sys
    21:20:47.0136 2704 Serial - ok
    21:20:47.0145 2704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:20:47.0146 2704 sermouse - ok
    21:20:47.0161 2704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    21:20:47.0164 2704 SessionEnv - ok
    21:20:47.0174 2704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:20:47.0175 2704 sffdisk - ok
    21:20:47.0185 2704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:20:47.0186 2704 sffp_mmc - ok
    21:20:47.0196 2704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:20:47.0196 2704 sffp_sd - ok
    21:20:47.0207 2704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:20:47.0207 2704 sfloppy - ok
    21:20:47.0221 2704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    21:20:47.0225 2704 SharedAccess - ok
    21:20:47.0240 2704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    21:20:47.0244 2704 ShellHWDetection - ok
    21:20:47.0254 2704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:20:47.0255 2704 SiSRaid2 - ok
    21:20:47.0266 2704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:20:47.0267 2704 SiSRaid4 - ok
    21:20:47.0272 2704 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:20:47.0273 2704 SkypeUpdate - ok
    21:20:47.0284 2704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:20:47.0285 2704 Smb - ok
    21:20:47.0297 2704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:20:47.0298 2704 SNMPTRAP - ok
    21:20:47.0309 2704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:20:47.0309 2704 spldr - ok
    21:20:47.0325 2704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    21:20:47.0331 2704 Spooler - ok
    21:20:47.0379 2704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    21:20:47.0418 2704 sppsvc - ok
    21:20:47.0430 2704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:20:47.0432 2704 sppuinotify - ok
    21:20:47.0450 2704 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
    21:20:47.0454 2704 SRTSP - ok
    21:20:47.0464 2704 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
    21:20:47.0465 2704 SRTSPX - ok
    21:20:47.0480 2704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:20:47.0484 2704 srv - ok
    21:20:47.0498 2704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:20:47.0502 2704 srv2 - ok
    21:20:47.0514 2704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:20:47.0516 2704 srvnet - ok
    21:20:47.0527 2704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:20:47.0529 2704 SSDPSRV - ok
    21:20:47.0539 2704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:20:47.0541 2704 SstpSvc - ok
    21:20:47.0544 2704 Steam Client Service - ok
    21:20:47.0555 2704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:20:47.0556 2704 stexstor - ok
    21:20:47.0571 2704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    21:20:47.0579 2704 stisvc - ok
    21:20:47.0589 2704 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    21:20:47.0590 2704 storflt - ok
    21:20:47.0600 2704 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    21:20:47.0601 2704 storvsc - ok
    21:20:47.0610 2704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:20:47.0611 2704 swenum - ok
    21:20:47.0626 2704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:20:47.0631 2704 swprv - ok
    21:20:47.0647 2704 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
    21:20:47.0652 2704 SymDS - ok
    21:20:47.0674 2704 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
    21:20:47.0686 2704 SymEFA - ok
    21:20:47.0698 2704 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    21:20:47.0700 2704 SymEvent - ok
    21:20:47.0712 2704 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
    21:20:47.0713 2704 SymIRON - ok
    21:20:47.0727 2704 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS
    21:20:47.0730 2704 SymNetS - ok
    21:20:47.0739 2704 Synth3dVsc - ok
    21:20:47.0768 2704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    21:20:47.0787 2704 SysMain - ok
    21:20:47.0798 2704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    21:20:47.0800 2704 TabletInputService - ok
    21:20:47.0813 2704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    21:20:47.0818 2704 TapiSrv - ok
    21:20:47.0828 2704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:20:47.0830 2704 TBS - ok
    21:20:47.0860 2704 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:20:47.0879 2704 Tcpip - ok
    21:20:47.0909 2704 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:20:47.0918 2704 TCPIP6 - ok
    21:20:47.0930 2704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:20:47.0931 2704 tcpipreg - ok
    21:20:47.0944 2704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:20:47.0944 2704 TDPIPE - ok
    21:20:47.0955 2704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    21:20:47.0956 2704 TDTCP - ok
    21:20:47.0968 2704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:20:47.0969 2704 tdx - ok
    21:20:47.0979 2704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:20:47.0980 2704 TermDD - ok
    21:20:47.0997 2704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    21:20:48.0006 2704 TermService - ok
    21:20:48.0015 2704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:20:48.0017 2704 Themes - ok
    21:20:48.0027 2704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:20:48.0028 2704 THREADORDER - ok
    21:20:48.0039 2704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:20:48.0041 2704 TrkWks - ok
    21:20:48.0046 2704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    21:20:48.0047 2704 TrustedInstaller - ok
    21:20:48.0059 2704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:20:48.0060 2704 tssecsrv - ok
    21:20:48.0071 2704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:20:48.0072 2704 TsUsbFlt - ok
    21:20:48.0081 2704 tsusbhub - ok
    21:20:48.0094 2704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:20:48.0095 2704 tunnel - ok
    21:20:48.0107 2704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:20:48.0107 2704 uagp35 - ok
    21:20:48.0121 2704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:20:48.0125 2704 udfs - ok
    21:20:48.0138 2704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:20:48.0140 2704 UI0Detect - ok
    21:20:48.0150 2704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:20:48.0151 2704 uliagpkx - ok
    21:20:48.0162 2704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    21:20:48.0163 2704 umbus - ok
    21:20:48.0173 2704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:20:48.0173 2704 UmPass - ok
    21:20:48.0186 2704 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    21:20:48.0190 2704 UmRdpService - ok
    21:20:48.0203 2704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:20:48.0207 2704 upnphost - ok
    21:20:48.0219 2704 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    21:20:48.0220 2704 usbaudio - ok
    21:20:48.0231 2704 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:20:48.0233 2704 usbccgp - ok
    21:20:48.0246 2704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:20:48.0247 2704 usbcir - ok
    21:20:48.0257 2704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:20:48.0258 2704 usbehci - ok
    21:20:48.0269 2704 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
    21:20:48.0270 2704 usbfilter - ok
    21:20:48.0281 2704 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
    21:20:48.0282 2704 UsbFltr - ok
    21:20:48.0296 2704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:20:48.0299 2704 usbhub - ok
    21:20:48.0310 2704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    21:20:48.0311 2704 usbohci - ok
    21:20:48.0321 2704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:20:48.0322 2704 usbprint - ok
    21:20:48.0333 2704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:20:48.0334 2704 USBSTOR - ok
    21:20:48.0344 2704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    21:20:48.0345 2704 usbuhci - ok
    21:20:48.0354 2704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:20:48.0356 2704 UxSms - ok
    21:20:48.0365 2704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    21:20:48.0366 2704 VaultSvc - ok
    21:20:48.0376 2704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:20:48.0377 2704 vdrvroot - ok
    21:20:48.0392 2704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    21:20:48.0399 2704 vds - ok
    21:20:48.0410 2704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:20:48.0411 2704 vga - ok
    21:20:48.0421 2704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:20:48.0422 2704 VgaSave - ok
    21:20:48.0432 2704 VGPU - ok
    21:20:48.0446 2704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:20:48.0448 2704 vhdmp - ok
    21:20:48.0458 2704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:20:48.0459 2704 viaide - ok
    21:20:48.0472 2704 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    21:20:48.0475 2704 vmbus - ok
    21:20:48.0485 2704 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    21:20:48.0486 2704 VMBusHID - ok
    21:20:48.0497 2704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:20:48.0498 2704 volmgr - ok
    21:20:48.0512 2704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:20:48.0516 2704 volmgrx - ok
    21:20:48.0529 2704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:20:48.0531 2704 volsnap - ok
    21:20:48.0543 2704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:20:48.0545 2704 vsmraid - ok
    21:20:48.0571 2704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    21:20:48.0588 2704 VSS - ok
    21:20:48.0599 2704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    21:20:48.0599 2704 vwifibus - ok
    21:20:48.0614 2704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:20:48.0620 2704 W32Time - ok
    21:20:48.0631 2704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:20:48.0632 2704 WacomPen - ok
    21:20:48.0644 2704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:20:48.0645 2704 WANARP - ok
    21:20:48.0648 2704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:20:48.0649 2704 Wanarpv6 - ok
    21:20:48.0673 2704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    21:20:48.0686 2704 WatAdminSvc - ok
    21:20:48.0712 2704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    21:20:48.0729 2704 wbengine - ok
    21:20:48.0741 2704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:20:48.0745 2704 WbioSrvc - ok
    21:20:48.0759 2704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    21:20:48.0764 2704 wcncsvc - ok
    21:20:48.0774 2704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:20:48.0777 2704 WcsPlugInService - ok
    21:20:48.0787 2704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:20:48.0788 2704 Wd - ok
    21:20:48.0806 2704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:20:48.0809 2704 Wdf01000 - ok
    21:20:48.0820 2704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:20:48.0822 2704 WdiServiceHost - ok
    21:20:48.0825 2704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:20:48.0826 2704 WdiSystemHost - ok
    21:20:48.0839 2704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    21:20:48.0843 2704 WebClient - ok
    21:20:48.0855 2704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:20:48.0859 2704 Wecsvc - ok
    21:20:48.0870 2704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:20:48.0872 2704 wercplsupport - ok
    21:20:48.0882 2704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:20:48.0884 2704 WerSvc - ok
    21:20:48.0894 2704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:20:48.0894 2704 WfpLwf - ok
    21:20:48.0906 2704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:20:48.0906 2704 WIMMount - ok
    21:20:48.0910 2704 WinDefend - ok
    21:20:48.0916 2704 WinHttpAutoProxySvc - ok
    21:20:48.0931 2704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:20:48.0933 2704 Winmgmt - ok
    21:20:48.0964 2704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    21:20:48.0985 2704 WinRM - ok
    21:20:49.0008 2704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:20:49.0018 2704 Wlansvc - ok
    21:20:49.0047 2704 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:20:49.0058 2704 wlidsvc - ok
    21:20:49.0070 2704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:20:49.0071 2704 WmiAcpi - ok
    21:20:49.0085 2704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:20:49.0087 2704 wmiApSrv - ok
    21:20:49.0090 2704 WMPNetworkSvc - ok
    21:20:49.0100 2704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:20:49.0102 2704 WPCSvc - ok
    21:20:49.0112 2704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    21:20:49.0114 2704 WPDBusEnum - ok
    21:20:49.0125 2704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:20:49.0125 2704 ws2ifsl - ok
    21:20:49.0136 2704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    21:20:49.0138 2704 wscsvc - ok
    21:20:49.0146 2704 WSearch - ok
    21:20:49.0182 2704 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    21:20:49.0208 2704 wuauserv - ok
    21:20:49.0220 2704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:20:49.0221 2704 WudfPf - ok
    21:20:49.0233 2704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:20:49.0236 2704 WUDFRd - ok
    21:20:49.0247 2704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    21:20:49.0249 2704 wudfsvc - ok
    21:20:49.0262 2704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:20:49.0266 2704 WwanSvc - ok
    21:20:49.0271 2704 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
    21:20:49.0272 2704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    21:20:49.0272 2704 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    21:20:49.0275 2704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    21:20:49.0279 2704 \Device\Harddisk1\DR1 - ok
    21:20:49.0281 2704 Boot (0x1200) (34e9dce77b8d82ed2e2ab253dd268405) \Device\Harddisk0\DR0\Partition0
    21:20:49.0282 2704 \Device\Harddisk0\DR0\Partition0 - ok
    21:20:49.0284 2704 Boot (0x1200) (70791dda835086cf17894878bf256ad9) \Device\Harddisk0\DR0\Partition1
    21:20:49.0285 2704 \Device\Harddisk0\DR0\Partition1 - ok
    21:20:49.0288 2704 Boot (0x1200) (d3bb6f73c8990ca14eb15263bbf9a6a0) \Device\Harddisk1\DR1\Partition0
    21:20:49.0289 2704 \Device\Harddisk1\DR1\Partition0 - ok
    21:20:49.0289 2704 ============================================================
    21:20:49.0289 2704 Scan finished
    21:20:49.0289 2704 ============================================================
    21:20:49.0297 7028 Detected object count: 1
    21:20:49.0297 7028 Actual detected object count: 1
    21:21:03.0628 7028 \Device\Harddisk0\DR0\# - copied to quarantine
    21:21:03.0628 7028 \Device\Harddisk0\DR0 - copied to quarantine
    21:21:03.0660 7028 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:21:03.0663 7028 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    21:21:03.0667 7028 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:21:03.0672 7028 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:21:03.0681 7028 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    21:21:03.0688 7028 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    21:21:03.0690 7028 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    21:21:03.0692 7028 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    21:21:03.0694 7028 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    21:21:03.0697 7028 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    21:21:03.0700 7028 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    21:21:03.0703 7028 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    21:21:03.0705 7028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    21:21:03.0706 7028 \Device\Harddisk0\DR0 - ok
    21:21:03.0707 7028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    21:21:05.0713 3488 Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good :)

    Post new aswMBR log.
  10. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-26 22:11:30
    -----------------------------
    22:11:30.332 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:11:30.332 Number of processors: 6 586 0x102
    22:11:30.333 ComputerName: DANCOMPUTER UserName:
    22:11:30.499 Initialize success
    22:11:34.815 AVAST engine defs: 12032602
    22:11:36.733 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:11:36.737 Disk 0 Vendor: OCZ-VERTEX2 1.35 Size: 57241MB BusType: 3
    22:11:36.742 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    22:11:36.746 Disk 1 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    22:11:36.752 Disk 0 MBR read successfully
    22:11:36.757 Disk 0 MBR scan
    22:11:36.762 Disk 0 Windows 7 default MBR code
    22:11:36.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:11:36.771 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
    22:11:36.779 Disk 0 scanning C:\Windows\system32\drivers
    22:11:39.906 Service scanning
    22:11:48.703 Modules scanning
    22:11:48.709 Disk 0 trace - called modules:
    22:11:48.716 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    22:11:48.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d1d3060]
    22:11:48.725 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800ce8cd00]
    22:11:48.729 5 ACPI.sys[fffff88000ef97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800cfbb060]
    22:11:48.869 AVAST engine scan C:\Windows
    22:11:49.282 AVAST engine scan C:\Windows\system32
    22:13:11.433 AVAST engine scan C:\Windows\system32\drivers
    22:13:15.258 AVAST engine scan C:\Users\Black Rose Phoenix
    22:13:27.871 AVAST engine scan C:\ProgramData
    22:13:34.634 File: C:\ProgramData\Microsoft\Windows\DRM\2B08.tmp **INFECTED** Win32:Malware-gen
    22:13:34.649 File: C:\ProgramData\Microsoft\Windows\DRM\2B09.tmp **INFECTED** Win32:Malware-gen
    22:13:39.866 Scan finished successfully
    22:16:16.170 Disk 0 MBR has been saved successfully to "C:\Users\Black Rose Phoenix\Desktop\MBR.dat"
    22:16:16.176 The log file has been saved successfully to "C:\Users\Black Rose Phoenix\Desktop\aswMBR2.txt"
  11. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    ComboFix 12-03-26.04 - Black Rose Phoenix 03/26/2012 23:01:25.1.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16354.14121 [GMT -5:00]
    Running from: c:\users\Black Rose Phoenix\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 04:04 . 2012-03-27 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-27 02:21 . 2012-03-27 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-26 05:14 . 2012-03-26 05:14 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Roaming\Feluw
    2012-03-26 05:14 . 2012-03-26 05:14 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Roaming\Acs
    2012-03-26 05:14 . 2012-03-26 05:14 193024 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\eduwr.exe
    2012-03-24 08:57 . 2012-03-24 08:57 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Local\Apps
    2012-03-24 08:01 . 2012-03-24 08:01 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Roaming\Malwarebytes
    2012-03-24 08:01 . 2012-03-24 08:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-24 08:01 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-24 07:18 . 2012-03-24 07:18 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-24 07:18 . 2012-03-24 07:18 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-21 04:41 . 2012-03-24 07:16 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Local\CrashDumps
    2012-03-19 22:40 . 2012-03-19 22:40 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-03-19 22:36 . 2012-03-23 19:17 -------- d-----w- c:\program files\Symantec
    2012-03-19 22:36 . 2012-03-23 19:16 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-03-19 22:36 . 2012-03-24 07:17 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-03-19 22:36 . 2012-03-19 22:36 -------- d-----w- c:\program files (x86)\Norton 360
    2012-03-19 22:36 . 2012-03-19 22:37 -------- d-----w- c:\programdata\Norton
    2012-03-19 22:35 . 2012-03-19 22:35 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-03-19 01:35 . 2012-03-19 01:35 -------- d-----w- c:\windows\Sun
    2012-03-19 01:25 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-19 01:25 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-19 01:25 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-19 01:22 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-03-19 01:22 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-19 01:22 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-19 01:22 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-19 01:22 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-19 01:22 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-19 01:22 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-19 01:22 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-12 07:31 . 2012-03-12 07:31 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2B09.tmp
    2012-03-12 07:31 . 2012-03-12 07:31 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\2B08.tmp
    2012-03-07 05:23 . 2012-03-07 05:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-03-03 05:22 . 2012-03-12 07:31 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Roaming\mIRC
    2012-03-03 05:22 . 2012-03-07 04:17 -------- d-----w- c:\users\Black Rose Phoenix\mIRC
    2012-02-27 05:28 . 2012-02-27 05:28 -------- d-----w- c:\users\Black Rose Phoenix\AppData\Roaming\vlc
    2012-02-27 03:41 . 2012-02-27 03:41 -------- d-----w- c:\program files (x86)\VideoLAN
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-12 07:34 . 2011-12-29 11:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-14 15:33 . 2012-02-14 15:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-01-31 12:44 . 2011-12-29 09:49 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-30 10:29 . 2012-01-30 10:29 136704 ----a-w- c:\windows\SysWow64\rztouchdll.dll
    2012-01-30 10:29 . 2012-01-30 10:29 278528 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
    2012-01-30 10:29 . 2012-01-30 10:29 164864 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
    2012-01-09 00:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-01-09 00:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-01-07 16:54 . 2012-01-07 16:54 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-04 10:44 . 2012-02-16 03:47 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-16 03:47 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-31 08:27 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-12-31 08:27 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-30 06:26 . 2012-02-16 03:47 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-16 03:47 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-29 10:31 . 2011-12-29 10:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-12-29 10:31 . 2011-12-29 10:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-12-29 10:31 . 2011-12-29 10:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-12-29 10:31 . 2011-12-29 10:31 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-12-29 10:31 . 2011-12-29 10:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-12-29 10:31 . 2011-12-29 10:31 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-12-29 10:31 . 2011-12-29 10:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-12-29 10:31 . 2011-12-29 10:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-12-29 10:31 . 2011-12-29 10:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-12-29 10:31 . 2011-12-29 10:31 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-12-29 10:31 . 2011-12-29 10:31 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-12-29 10:31 . 2011-12-29 10:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-12-29 10:31 . 2011-12-29 10:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-12-29 10:31 . 2011-12-29 10:31 448512 ----a-w- c:\windows\system32\html.iec
    2011-12-29 10:31 . 2011-12-29 10:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-12-29 10:31 . 2011-12-29 10:31 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-12-29 10:31 . 2011-12-29 10:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-12-29 10:31 . 2011-12-29 10:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-29 10:31 . 2011-12-29 10:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-12-29 10:31 . 2011-12-29 10:31 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-12-29 10:31 . 2011-12-29 10:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-12-29 10:31 . 2011-12-29 10:31 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-12-29 10:31 . 2011-12-29 10:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-12-29 10:31 . 2011-12-29 10:31 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-12-29 10:31 . 2011-12-29 10:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-12-29 10:31 . 2011-12-29 10:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-12-29 10:31 . 2011-12-29 10:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-12-29 10:31 . 2011-12-29 10:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-12-29 10:31 . 2011-12-29 10:31 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-12-29 10:31 . 2011-12-29 10:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-12-29 10:31 . 2011-12-29 10:31 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-12-29 10:31 . 2011-12-29 10:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-12-29 10:31 . 2011-12-29 10:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-12-29 10:31 . 2011-12-29 10:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\steam\steam.exe" [2011-12-31 1242448]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-07 303104]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-11-17 953232]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-03-01 318344]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    eduwr.exe [2012-3-26 193024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2012-01-13 652360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
    R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSvia64.sys [2012-03-17 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-12-01 98624]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-24 138360]
    S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
    FF - ProfilePath - c:\users\Black Rose Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\52uuf49w.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKU-Default-Run-Update - c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\Adobe\xqsnxwgl.dll
    AddRemove-Steam App 45760 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-26 23:08:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-27 04:08
    .
    Pre-Run: 5,407,535,104 bytes free
    Post-Run: 5,394,108,416 bytes free
    .
    - - End Of File - - AEAFDAB271C552EB8AAAACE30151914A
  13. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Computer is looking very good. Desktop is still black but I haven't tried to set a wallpaper or anything.


    OTL logfile created on: 3/27/2012 1:11:17 AM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Black Rose Phoenix\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.97 Gb Total Physical Memory | 13.54 Gb Available Physical Memory | 84.75% Memory free
    31.94 Gb Paging File | 29.39 Gb Available in Paging File | 92.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 55.79 Gb Total Space | 5.12 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
    Drive D: | 1.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 931.51 Gb Total Space | 766.50 Gb Free Space | 82.29% Space Free | Partition Type: NTFS

    Computer Name: DANCOMPUTER | User Name: Black Rose Phoenix | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/27 01:04:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Black Rose Phoenix\Desktop\OTL.exe
    PRC - [2012/03/24 02:17:49 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/02/29 22:47:22 | 000,318,344 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    PRC - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/31 07:27:52 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
    PRC - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2011/11/16 22:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
    PRC - [2011/07/06 19:11:44 | 000,443,504 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/24 02:17:49 | 020,297,512 | ---- | M] () -- E:\Steam\bin\libcef.dll
    MOD - [2012/03/24 02:17:49 | 001,099,576 | ---- | M] () -- E:\Steam\bin\avcodec-53.dll
    MOD - [2012/03/24 02:17:49 | 000,907,048 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
    MOD - [2012/03/24 02:17:49 | 000,190,776 | ---- | M] () -- E:\Steam\bin\avformat-53.dll
    MOD - [2012/03/24 02:17:49 | 000,123,192 | ---- | M] () -- E:\Steam\bin\avutil-51.dll
    MOD - [2012/03/20 03:14:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
    MOD - [2012/03/20 03:12:55 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
    MOD - [2012/03/20 03:12:41 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/03/20 03:12:40 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
    MOD - [2012/03/20 03:12:39 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
    MOD - [2012/03/20 03:12:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
    MOD - [2012/03/20 03:12:09 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
    MOD - [2012/03/20 03:12:06 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
    MOD - [2012/03/20 03:02:32 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
    MOD - [2012/03/20 03:02:20 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
    MOD - [2012/03/20 03:02:19 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
    MOD - [2012/03/20 03:02:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
    MOD - [2012/03/20 03:02:11 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
    MOD - [2012/03/20 03:02:10 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
    MOD - [2012/03/20 03:02:10 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
    MOD - [2012/03/20 03:02:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
    MOD - [2012/03/20 03:02:07 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
    MOD - [2012/03/20 03:02:06 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
    MOD - [2012/03/20 03:02:01 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/11/09 22:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/03/24 02:17:49 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/02/20 23:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe -- (N360)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendori)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/23 14:16:59 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/01/07 11:54:58 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/12/18 23:01:28 | 000,074,240 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/11/23 21:23:48 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/11/23 20:50:28 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/11/23 20:50:28 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/11/16 22:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/11/16 22:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/11/15 11:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
    DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/11/09 21:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/11/04 18:59:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/08/16 01:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/28 15:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
    DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2012/03/26 21:00:50 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120326.019\ex64.sys -- (NAVEX15)
    DRV - [2012/03/26 21:00:50 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120326.019\eng64.sys -- (NAVENG)
    DRV - [2012/03/24 17:17:11 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/03/19 17:40:32 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/03/16 23:51:50 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/03/02 18:59:42 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 40 03 CF 9E 0B CD 01 [binary data]
    IE - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/03/19 17:37:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/03/26 23:27:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/24 02:18:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/14 10:33:51 | 000,000,000 | ---D | M]

    [2011/12/29 05:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Rose Phoenix\AppData\Roaming\Mozilla\Extensions
    [2012/03/23 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Rose Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\52uuf49w.default\extensions
    [2012/03/19 23:21:08 | 000,002,465 | ---- | M] () -- C:\Users\Black Rose Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\52uuf49w.default\searchplugins\safesearch.xml
    [2012/02/16 11:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/26 23:27:29 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\COFFPLGN
    [2012/03/19 17:37:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPLGN
    () (No name found) -- C:\USERS\BLACK ROSE PHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\52UUF49W.DEFAULT\EXTENSIONS\SUUPCSIOPX@SUUPCSIOPX.ORG.XPI
    [2012/03/24 02:18:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/14 10:33:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/26 00:14:24 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 149.5.18.172 www.google-analytics.com.
    O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
    O1 - Hosts: 149.5.18.172 www.statcounter.com.
    O1 - Hosts: 108.163.215.51 www.google-analytics.com.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 www.statcounter.com.
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (MSI)
    O4 - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eduwr.exe ()
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eduwr.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1667358613-2966712028-2184513951-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA196DA-5F51-4127-90D4-CA3061D32716}: DhcpNameServer = 192.168.0.1 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/21 23:24:09 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/27 01:05:00 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Black Rose Phoenix\Desktop\OTL.exe
    [2012/03/26 23:08:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/26 23:05:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/03/26 23:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/26 23:00:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/26 23:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/26 23:00:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/26 22:59:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/26 22:57:12 | 004,446,680 | R--- | C] (Swearware) -- C:\Users\Black Rose Phoenix\Desktop\ComboFix.exe
    [2012/03/26 21:21:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/26 21:20:27 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Black Rose Phoenix\Desktop\TDSSKiller.exe
    [2012/03/26 21:20:05 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Black Rose Phoenix\Desktop\boot_cleaner.exe
    [2012/03/26 00:14:36 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\Feluw
    [2012/03/26 00:14:36 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\Acs
    [2012/03/24 18:02:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Black Rose Phoenix\Desktop\dds(1).scr
    [2012/03/24 03:57:23 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Local\Apps
    [2012/03/24 03:01:08 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\Malwarebytes
    [2012/03/24 03:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/24 03:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/24 03:01:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/23 14:16:59 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symefa64.sys
    [2012/03/23 14:16:59 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtsp64.sys
    [2012/03/23 14:16:59 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symds64.sys
    [2012/03/23 14:16:59 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symnets.sys
    [2012/03/23 14:16:59 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ironx64.sys
    [2012/03/23 14:16:59 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ccsetx64.sys
    [2012/03/23 14:16:59 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtspx64.sys
    [2012/03/23 14:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0601020.00A
    [2012/03/20 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Local\CrashDumps
    [2012/03/19 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2012/03/19 17:36:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/03/19 17:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/03/19 17:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/03/19 17:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
    [2012/03/19 17:36:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2012/03/19 17:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
    [2012/03/19 17:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2012/03/19 17:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012/03/19 17:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2012/03/18 20:35:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/03/18 20:25:33 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2012/03/18 20:22:09 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/03/18 20:22:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
    [2012/03/18 20:22:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
    [2012/03/18 20:22:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
    [2012/03/18 20:22:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
    [2012/03/18 20:22:08 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
    [2012/03/07 00:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/03/07 00:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/03/03 00:22:22 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\mIRC
    [2012/03/03 00:22:22 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\mIRC
    [2012/03/03 00:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
    [2012/03/03 00:20:33 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\Desktop\MWS
    [2012/03/02 23:03:21 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\WinRAR
    [2012/03/02 23:03:21 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/03/02 23:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/03/02 23:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2012/03/02 22:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Workstation
    [2012/02/27 00:28:14 | 000,000,000 | ---D | C] -- C:\Users\Black Rose Phoenix\AppData\Roaming\vlc
    [2012/02/26 22:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/02/26 22:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

    ========== Files - Modified Within 30 Days ==========

    [2012/03/27 01:04:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Black Rose Phoenix\Desktop\OTL.exe
    [2012/03/27 00:03:07 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/27 00:03:07 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/27 00:03:07 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/26 23:34:32 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/26 23:34:32 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/26 23:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/26 23:27:20 | 4271,587,326 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/26 22:56:53 | 004,446,680 | R--- | M] (Swearware) -- C:\Users\Black Rose Phoenix\Desktop\ComboFix.exe
    [2012/03/26 22:16:16 | 000,000,512 | ---- | M] () -- C:\Users\Black Rose Phoenix\Desktop\MBR.dat
    [2012/03/26 21:21:48 | 001,810,911 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\Cat.DB
    [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Black Rose Phoenix\Desktop\TDSSKiller.exe
    [2012/03/26 00:28:56 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/26 00:28:56 | 000,000,618 | ---- | M] () -- C:\Users\Black Rose Phoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/03/26 00:14:24 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/24 18:02:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Black Rose Phoenix\Desktop\dds(1).scr
    [2012/03/24 02:17:25 | 000,008,727 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\VT20120301.009
    [2012/03/23 14:16:59 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/03/23 14:16:59 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/03/23 14:16:59 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/03/20 03:03:04 | 000,776,646 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/19 23:42:46 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\isolate.ini
    [2012/03/19 17:36:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/03/19 07:32:02 | 000,432,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/19 03:01:41 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/12 02:34:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/03/02 23:05:59 | 000,000,571 | ---- | M] () -- C:\Users\Black Rose Phoenix\Desktop\Magic Workstation.lnk
    [2012/03/02 23:05:59 | 000,000,542 | ---- | M] () -- C:\Users\Black Rose Phoenix\Desktop\MWS Online Play.lnk

    ========== Files Created - No Company Name ==========

    [2012/03/26 23:00:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/26 23:00:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/26 23:00:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/26 23:00:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/26 23:00:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/26 20:35:32 | 000,000,512 | ---- | C] () -- C:\Users\Black Rose Phoenix\Desktop\MBR.dat
    [2012/03/26 00:36:25 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/26 00:28:56 | 000,000,618 | ---- | C] () -- C:\Users\Black Rose Phoenix\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/03/24 02:17:25 | 001,810,911 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\Cat.DB
    [2012/03/24 02:17:25 | 000,008,727 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\VT20120301.009
    [2012/03/23 14:16:59 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symds64.cat
    [2012/03/23 14:16:59 | 000,007,468 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ccsetx64.cat
    [2012/03/23 14:16:59 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtspx64.cat
    [2012/03/23 14:16:59 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symefa64.cat
    [2012/03/23 14:16:59 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symnet64.cat
    [2012/03/23 14:16:59 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtsp64.cat
    [2012/03/23 14:16:59 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\iron.cat
    [2012/03/23 14:16:59 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symefa.inf
    [2012/03/23 14:16:59 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symds.inf
    [2012/03/23 14:16:59 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symnet.inf
    [2012/03/23 14:16:59 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtsp64.inf
    [2012/03/23 14:16:59 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\srtspx64.inf
    [2012/03/23 14:16:59 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\ccsetx64.inf
    [2012/03/23 14:16:59 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\iron.inf
    [2012/03/23 14:16:56 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\symvtcer.dat
    [2012/03/23 14:16:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\isolate.ini
    [2012/03/19 17:36:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/03/19 17:36:56 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/03/19 03:01:41 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/02 22:45:51 | 000,000,542 | ---- | C] () -- C:\Users\Black Rose Phoenix\Desktop\MWS Online Play.lnk
    [2012/03/02 22:45:50 | 000,000,571 | ---- | C] () -- C:\Users\Black Rose Phoenix\Desktop\Magic Workstation.lnk
    [2012/01/06 17:15:54 | 000,776,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/04 23:50:51 | 000,000,249 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/01/03 02:47:57 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2011/12/29 04:52:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
    [2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/03/26 23:08:03 | 000,020,880 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/26 23:27:20 | 4271,587,326 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/29 04:45:58 | 000,000,189 | ---- | M] () -- C:\mylog.log
    [2012/03/26 23:27:23 | 4263,796,733 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/29 04:47:48 | 000,002,276 | ---- | M] () -- C:\RHDSetup.log
    [2012/03/26 21:21:05 | 000,131,464 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_26.03.2012_21.20.33_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/29 05:43:10 | 000,000,221 | -HS- | M] () -- C:\Users\Black Rose Phoenix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Black Rose Phoenix\Desktop\boot_cleaner.exe
    [2012/03/26 22:56:53 | 004,446,680 | R--- | M] (Swearware) -- C:\Users\Black Rose Phoenix\Desktop\ComboFix.exe
    [2012/03/27 01:04:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Black Rose Phoenix\Desktop\OTL.exe
    [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Black Rose Phoenix\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/26 23:27:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/07/14 00:08:49 | 000,015,898 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >
  15. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 11:03:40 | 000,000,402 | -HS- | M] () -- C:\Users\Black Rose Phoenix\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  16. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    OTL Extras logfile created on: 3/27/2012 1:05:51 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Black Rose Phoenix\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.97 Gb Total Physical Memory | 13.66 Gb Available Physical Memory | 85.54% Memory free
    31.94 Gb Paging File | 29.44 Gb Available in Paging File | 92.18% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 55.79 Gb Total Space | 5.12 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
    Drive D: | 1.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 931.51 Gb Total Space | 766.50 Gb Free Space | 82.29% Space Free | Partition Type: NTFS

    Computer Name: DANCOMPUTER | User Name: Black Rose Phoenix | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
    "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
    "{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
    "{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
    "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
    "{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BetOnline Poker 8.2" = BetOnline Poker 8.2
    "BitTorrent" = BitTorrent
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Magic Workstation_is1" = Magic Workstation 0.94f
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "N360" = Norton 360
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "Sendori" = Sendori
    "ShapeCollage" = Shape Collage
    "StarCraft II" = StarCraft II
    "Steam App 1250" = Killing Floor
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 240" = Counter-Strike: Source
    "Steam App 32430" = Star Wars: The Force Unleashed
    "Steam App 43110" = Metro 2033
    "Steam App 45760" = Super Street Fighter IV: Arcade Edition
    "Steam App 8930" = Sid Meier's Civilization V
    "VLC media player" = VLC media player 1.1.11
    "WinRAR archiver" = WinRAR 4.11 (32-bit)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/25/2012 12:12:39 PM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0xa7e5b361 Faulting process id: 0x1330 Faulting application
    start time: 0x01cd0a98aa99224d Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 57231c43-7695-11e1-977b-8c89a5614bb8

    Error - 3/26/2012 1:14:49 AM | Computer Name = DanComputer | Source = Microsoft-Windows-Defrag | ID = 257
    Description =

    Error - 3/26/2012 2:14:01 AM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time
    stamp: 0x4ee81830 Exception code: 0xc0000005 Fault offset: 0x0079d312 Faulting process
    id: 0x1130 Faulting application start time: 0x01cd0b1237796372 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: e0db8aee-770a-11e1-bda9-8c89a5614bb8

    Error - 3/26/2012 2:51:51 AM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: Flash11g.ocx, version: 11.1.102.63, time
    stamp: 0x4f4c398c Exception code: 0xc0000005 Fault offset: 0x0040db3a Faulting process
    id: 0xa10 Faulting application start time: 0x01cd0b17ad48bdf8 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11g.ocx
    Report
    Id: 29d98b51-7710-11e1-bda9-8c89a5614bb8

    Error - 3/26/2012 5:19:19 AM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
    id: 0x1a10 Faulting application start time: 0x01cd0b1cf433b09d Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: c3a8d10d-7724-11e1-bda9-8c89a5614bb8

    Error - 3/26/2012 9:38:26 AM | Computer Name = DanComputer | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
    Dependent
    Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 3/26/2012 2:36:02 PM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16441, time
    stamp: 0x4ee8124d Exception code: 0xc0000005 Fault offset: 0x0005e263 Faulting process
    id: 0x13f0 Faulting application start time: 0x01cd0b5b0a4576b4 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: 8975fff2-7772-11e1-bda9-8c89a5614bb8

    Error - 3/26/2012 6:08:12 PM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time
    stamp: 0x4ee81830 Exception code: 0xc0000005 Fault offset: 0x000914fc Faulting process
    id: 0x1780 Faulting application start time: 0x01cd0b7f54d84a0b Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: 2d13cec2-7790-11e1-bda9-8c89a5614bb8

    Error - 3/26/2012 6:55:57 PM | Computer Name = DanComputer | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jvm.dll, version: 19.1.0.2, time stamp:
    0x4d4a3fae Exception code: 0xc0000005 Fault offset: 0x000c87b2 Faulting process id:
    0x13fc Faulting application start time: 0x01cd0b9cf8a0a857 Faulting application path:
    \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll
    Report
    Id: d8bffbad-7796-11e1-bda9-8c89a5614bb8

    Error - 3/27/2012 1:30:15 AM | Computer Name = DanComputer | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
    Dependent
    Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 3/26/2012 1:20:41 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%5

    Error - 3/26/2012 1:20:41 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%5

    Error - 3/26/2012 1:20:42 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%5

    Error - 3/26/2012 1:20:42 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%5

    Error - 3/26/2012 4:00:24 AM | Computer Name = DanComputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/26/2012 2:36:11 PM | Computer Name = DanComputer | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/27/2012 12:02:43 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/27/2012 12:04:30 AM | Computer Name = DanComputer | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 3/27/2012 12:04:53 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/27/2012 12:05:39 AM | Computer Name = DanComputer | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good news :)
    See if you can change background manually.

    We still have "hosts" file hijacked.

    Restart computer in Safe Mode.
    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.
    Delete hosts file.
    NOTE. If you can't delete "hosts" file (access denied) take ownership of "ETC" folder first and then try again: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/

    Restart in normal mode.
    Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
    Follow all prompts.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • List content of Hosts
    Click Go and post the result.
  18. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Hello been busy past couple of days here is the log from minitoolbox

    MiniToolBox by Farbar Version: 18-01-2012
    Ran by Black Rose Phoenix (administrator) on 30-03-2012 at 16:15:26
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= Hosts content: =================================

    # ::1 localhost


    **** End of log ****
     
  19. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good job :)

    ???

    ===================================================================

    OTL logs are clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player 11.1.102.55
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````

    Farbar Service Scanner Version: 01-03-2012
    Ran by Black Rose Phoenix (administrator) on 02-04-2012 at 19:02:28
    Running from "E:\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    C:\ProgramData\Microsoft\Windows\DRM\2B08.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\ProgramData\Microsoft\Windows\DRM\2B09.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\26.03.2012_21.20.34\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMF3BPXL\jquery.bgiframe.min[1].js JS/Agent.NEJ trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-6abcc757 a variant of Java/Exploit.Blacole.AN trojan deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3c2d347a-4a73c07b a variant of Java/TrojanDownloader.Agent.NDN trojan deleted - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll a variant of Win32/Kryptik.ADGH trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Macromedia\zchvwceaw.dll a variant of Win32/Kryptik.ADGH trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Mozilla\zchvwceaw.dll a variant of Win32/Kryptik.ADGH trojan cleaned by deleting - quarantined
    E:\Downloads\setup_PlayPickle_v25.exe a variant of Win32/Adware.OpenInstall application cleaned by deleting - quarantined
    E:\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application deleted - quarantined
  21. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    yes I was able to change my background and sorry bout taking so long. So much work with college classes coming to a end.
  22. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. blkrosephoenix

    blkrosephoenix Newcomer, in training Topic Starter

    Thanks alot. Computer is doing great, running fast and strong.
  24. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)

    Make sure you complete all final steps.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.