C:\windows\svchost.exe Trojan.agent Recurring Error

[blkrosephoenix]

Hello there, I was running only norton when my computer received a virus which cause fake error messages to pop up telling me my hard disk has ran out of memory or my ram has ran out of memory and that I should do a check on my drives for consitency. My desktop also turned black and many items in folders are missing and I am unable to see them. I am however able to use IE and Firefox and any programs that were set to start up automatically still do but I can not run anything else it always gives me a can not find the file error. If I download something new that will work and I will be able to see it in my hard drive folders. Such as malwarebytes anti-malware which I downloaded in attempt to fix the problem. I ran a quick scan with it and it came up with many errors and asked me to restart after removing. I noticed my computer did seem to have less problems with it but my desktop is still black and many files and folders are missing. I ran malwarebytes once again and did a quick scan this time it only came up with 2 errors which where on the orginal list. It asked me to restart once again afterwards I ran a quick scan once again with it to find the same to problems. Well here are my logs from DDS. It doesnt say if you want the malwarebytes logs also but im posting them after the DDS logs

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Black Rose Phoenix at 18:09:46 on 2012-03-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16354.14553 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

E:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll

uRun: [steam] "E:\Steam\steam.exe" -silent

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

mRun: [<NO NAME>]

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1 192.168.1.1

TCP: Interfaces\{1BA196DA-5F51-4127-90D4-CA3061D32716} : DhcpNameServer = 192.168.0.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

mRun-x64: [(Default)]

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Black Rose Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\52uuf49w.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-23 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-6 8704]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]

R2 Sendori;Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2011-12-1 98624]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-24 138360]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

S3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-24 23:08:48 20480 ----a-w- C:\Windows\svchost.exe

2012-03-24 08:57:23 -------- d-----w- C:\Users\Black Rose Phoenix\AppData\Local\Apps

2012-03-24 08:01:08 -------- d-----w- C:\Users\Black Rose Phoenix\AppData\Roaming\Malwarebytes

2012-03-24 08:01:04 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-24 08:01:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-24 07:18:03 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-24 07:18:03 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-23 19:16:59 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys

2012-03-23 19:16:59 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symds64.sys

2012-03-23 19:16:59 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys

2012-03-23 19:16:59 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys

2012-03-23 19:16:59 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ironx64.sys

2012-03-23 19:16:59 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys

2012-03-23 19:16:59 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symefa64.sys

2012-03-23 19:16:56 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A

2012-03-21 04:41:13 -------- d--h--w- C:\Users\Black Rose Phoenix\AppData\Local\CrashDumps

2012-03-19 22:40:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-03-19 22:36:56 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-19 22:36:56 -------- d-----w- C:\Program Files\Symantec

2012-03-19 22:36:56 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-03-19 22:36:41 -------- d-----w- C:\Windows\System32\drivers\N360x64

2012-03-19 22:36:40 -------- d-----w- C:\Program Files (x86)\Norton 360

2012-03-19 22:36:39 -------- d--h--w- C:\ProgramData\Norton

2012-03-19 22:35:55 -------- d--h--w- C:\ProgramData\NortonInstaller

2012-03-19 22:35:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-03-19 01:25:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-19 01:25:33 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-19 01:25:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-19 01:22:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-19 01:22:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-19 01:22:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-19 01:22:09 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-03-19 01:22:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-19 01:22:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-19 01:22:08 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-19 01:22:08 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-12 07:31:29 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2B09.tmp

2012-03-12 07:31:29 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2B08.tmp

2012-03-03 05:22:22 -------- d--h--w- C:\Users\Black Rose Phoenix\mIRC

2012-03-03 05:22:22 -------- d--h--w- C:\Users\Black Rose Phoenix\AppData\Roaming\mIRC

2012-02-27 03:41:01 -------- d-----w- C:\Program Files (x86)\VideoLAN

.

==================== Find3M ====================

.

2012-03-12 07:34:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-14 15:33:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 10:29:36 136704 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-01-30 10:29:34 278528 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2012-01-30 10:29:34 164864 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-01-09 00:45:42 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-01-09 00:45:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-01-07 16:54:58 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-29 09:52:04 0 ----a-w- C:\Windows\ativpsrm.bin

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 18:10:09.16 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/29/2011 3:35:24 AM

System Uptime: 3/24/2012 6:07:35 PM (0 hours ago)

.

Motherboard: MSI | | 990XA-GD55 (MS-7640)

Processor: AMD FX-6100 Six-Core Processor | CPU 1 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 6.167 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 932 GiB total, 761.93 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP89: 3/24/2012 4:12:16 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

AMD VISION Engine Control Center

Batman: Arkham Asylum

BetOnline Poker 8.2

BitTorrent

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

Counter-Strike: Source

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dual-Core Optimizer

Fallout: New Vegas

Hi-Rez Studios Authenticate and Update Service

Java Auto Updater

Java 6 Update 24

Killing Floor

League of Legends

Magic Online

Magic Workstation 0.94f

Malwarebytes Anti-Malware version 1.60.1.1000

Metro 2033

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

mIRC

Mozilla Firefox 11.0 (x86 en-US)

Norton 360

NVIDIA PhysX

Origin

Pando Media Booster

Razer Naga

Razer Synapse 2.0

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sendori

Shape Collage

Sid Meier's Civilization V

Skype™ 5.8

Star Wars: The Force Unleashed

Star Wars: The Old Republic

StarCraft II

Steam

Super-Charger

Super Street Fighter IV: Arcade Edition

Tribes Ascend Closed Beta

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VLC media player 1.1.11

Windows Media Player Firefox Plugin

WinRAR 4.11 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

3/24/2012 4:12:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

3/24/2012 3:58:04 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/24/2012 2:17:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

3/24/2012 2:17:56 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/21/2012 1:16:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

3/21/2012 1:16:29 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

3/19/2012 7:32:24 AM, Error: Microsoft Antimalware [3002] -

.

==== End Of File ===========================

Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.23.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Black Rose Phoenix :: DANCOMPUTER [administrator]

Protection: Enabled

3/24/2012 6:05:09 PM

mbam-log-2012-03-24 (18-05-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189970

Time elapsed: 1 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!