Another DCOM / svchost infection?

[Alby9]

Hello, in need of some help please. About a day ago I suddenly got an error that said something to the effect of "A Plug and Play device unexpectedly disconnected and you will be logged off" and then a reboot. I had that happen a few times and did a complete scan with Norton 360 and found nothing. I then started receiving the error "DCOM Server Process Launcher terminated unexpectedly" error, with the same automatic reboot. After reading up as best I could I, it sounds like it's an issue with svchost.exe. After running a scan with Malwarebytes, it found one file it thought was corrupt, a PUP.Optional.OpenCandy in a Winamp executable file. I removed and then deleted that file, and ran the scan multiple times after and nothing shows.

 

I went ahead and bought Anti-Malware PRO and it would pop up from time to time (appox once an hour or so) that it blocked svchost.exe outbound on port 50746 to an IP of 66.45.56.109; but the PC would still automatically shutdown and reboot. This last few times Windows has taken a long time to boot up and the last time I tried it hung at loading (after showing the Desktop). Very sorry that this is so wordy, just trying to provide you with all the information I can and need your help before I take any further steps and screw something up. Any and all professional help is much welcomed.

[Alby9]

I'm sorry to have to reply, I didn't see a way to edit my previous post. I've ran DDS earlier, but it was from Safe Mode; I have the DDS and attach text files ready to add if you'd like. I wasn't sure if I should run it again now that I'm currently in normal windows mode or not, please advise.

[B-boy/StyLe/]

Hello! Welcome to Malwarebytes Forums!
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

• Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
• Click the Search button
• It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi

[Alby9]

Hello Georgi, Thank you for the help. Here's the FRST log file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by john 316 (administrator) on JOHN316-PC on 05-01-2014 05:46:04
Running from C:\Users\john 316\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ECAREME) C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
() C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
(Voyetra Turtle Beach, Inc.) C:\Program Files (x86)\Turtle Beach\AudioAdvantageSRM\TBAA.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EeeStorageBackup] - C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Adobe Drivers] - C:\Users\john 316\AppData\Roaming\Microsoft\Local\svchost.exe
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8084000 2009-08-25] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Turbo Gear] - C:\Program Files\ASUS\Turbo Gear\TurboGear.exe [2987520 2009-08-06] ()
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turtle Beach Audio Advantage SRM] - C:\Program Files (x86)\Turtle Beach\AudioAdvantageSRM\TBAA.exe [1679360 2008-10-20] (Voyetra Turtle Beach, Inc.)
HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [ADSMTray] - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2009-11-09] (ASUS)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Turbo Gear Help] - C:\Program Files\ASUS\Turbo Gear\GearHelp.exe [1026048 2009-08-06] ()
HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Run: [MtdAcqu] - C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe [278528 2008-10-30] (Creative Technology Ltd)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MountPoints2: {77e5065d-5afb-11e0-9bf2-a7dd458027aa} - D:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{6F40973C-9111-4ED6-A0DB-0492DB7B1C4E}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{6F40973C-9111-4ED6-A0DB-0492DB7B1C4E}?q={searchTerms}
SearchScopes: HKCU - {995C1769-9419-4C3F-BBC8-980241A8EF80} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,6901,0,8,0
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: www.refdesk.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\john 316\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF SearchPlugin: C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: EPUBReader - C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

==================== Services (Whitelisted) =================

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()
S2 asurscsi; C:\Audio\AudioSurgeon 5\asurscsi.exe [x]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\ENG64.SYS [126040 2013-11-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\EX64.SYS [2099288 2013-11-13] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWow64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1286656 2008-09-10] (C-Media Electronics Inc)
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 05:46 - 2014-01-05 05:46 - 00019318 _____ C:\Users\john 316\Desktop\FRST.txt
2014-01-05 05:44 - 2014-01-05 05:44 - 00000000 ____D C:\FRST
2014-01-05 05:43 - 2014-01-05 05:43 - 01931368 _____ (Farbar) C:\Users\john 316\Desktop\FRST64.exe
2014-01-04 22:24 - 2014-01-04 22:24 - 00017465 _____ C:\Users\john 316\Desktop\attach.txt
2014-01-04 22:24 - 2014-01-04 22:23 - 00014020 _____ C:\Users\john 316\Desktop\dds.txt
2014-01-04 22:13 - 2014-01-04 22:13 - 00688992 ____R (Swearware) C:\Users\john 316\Desktop\dds.com
2014-01-04 20:58 - 2014-01-04 20:58 - 00001414 _____ C:\Users\john 316\Documents\malware-explain.txt
2014-01-02 09:28 - 2014-01-02 09:28 - 00037376 _____ C:\Windows\system32\gsap.ged
2014-01-02 09:16 - 2014-01-05 05:10 - 00000080 _____ C:\Windows\system32\iytfm.agv
2014-01-02 09:15 - 2014-01-02 09:28 - 00000097 _____ C:\Windows\system32\cjapum.ztb
2014-01-02 09:15 - 2014-01-02 09:15 - 00000064 _____ C:\Windows\system32\xkprp.dcc
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 ____S C:\Windows\system32\pjdkc.hlx
2013-12-29 18:35 - 2013-12-29 18:35 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-25 00:49 - 2013-12-25 00:49 - 00006603 _____ C:\Users\john 316\AppData\Local\recently-used.xbel
2013-12-21 05:18 - 2013-12-21 05:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-08 07:29 - 2013-12-08 07:33 - 09394820 _____ C:\Users\john 316\Downloads\Drive OST - A Real Hero (feat. Electric Youth).m4a
2013-12-08 07:28 - 2013-12-08 07:33 - 10383430 _____ C:\Users\john 316\Downloads\Drive OST - Desire - Under Your Spell.m4a
2013-12-08 07:28 - 2013-12-08 07:32 - 09086054 _____ C:\Users\john 316\Downloads\Kavinsky - Nightcall.m4a

==================== One Month Modified Files and Folders =======

2014-01-05 05:46 - 2014-01-05 05:46 - 00019318 _____ C:\Users\john 316\Desktop\FRST.txt
2014-01-05 05:45 - 2009-11-09 20:18 - 01368459 _____ C:\Windows\WindowsUpdate.log
2014-01-05 05:44 - 2014-01-05 05:44 - 00000000 ____D C:\FRST
2014-01-05 05:43 - 2014-01-05 05:43 - 01931368 _____ (Farbar) C:\Users\john 316\Desktop\FRST64.exe
2014-01-05 05:10 - 2014-01-02 09:16 - 00000080 _____ C:\Windows\system32\iytfm.agv
2014-01-05 04:12 - 2012-02-23 04:04 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 04:12 - 2012-02-23 04:04 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 04:04 - 2010-08-14 13:21 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-05 04:03 - 2009-11-09 21:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-05 04:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 04:02 - 2011-01-27 05:13 - 00098501 _____ C:\Windows\setupact.log
2014-01-04 22:24 - 2014-01-04 22:24 - 00017465 _____ C:\Users\john 316\Desktop\attach.txt
2014-01-04 22:23 - 2014-01-04 22:24 - 00014020 _____ C:\Users\john 316\Desktop\dds.txt
2014-01-04 22:13 - 2014-01-04 22:13 - 00688992 ____R (Swearware) C:\Users\john 316\Desktop\dds.com
2014-01-04 20:58 - 2014-01-04 20:58 - 00001414 _____ C:\Users\john 316\Documents\malware-explain.txt
2014-01-04 20:25 - 2010-09-13 16:05 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-04 19:47 - 2011-04-15 14:23 - 00000000 ____D C:\catch
2014-01-04 12:30 - 2010-08-14 23:40 - 00000000 ____D C:\Users\john 316\AppData\Roaming\Skype
2014-01-04 12:23 - 2013-08-18 12:30 - 00000000 ____D C:\Users\john 316\AppData\Local\SecondLife
2014-01-04 10:42 - 2013-08-25 00:57 - 00000000 ____D C:\Users\john 316\AppData\Local\Firestorm
2014-01-04 09:43 - 2011-02-10 21:32 - 00007626 _____ C:\Users\john 316\AppData\Local\resmon.resmoncfg
2014-01-04 02:23 - 2009-11-09 20:54 - 00468972 _____ C:\Windows\PFRO.log
2014-01-04 02:16 - 2009-07-14 00:13 - 00795186 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 02:14 - 2012-02-23 04:54 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 02:14 - 2012-02-23 04:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 09:28 - 2014-01-02 09:28 - 00037376 _____ C:\Windows\system32\gsap.ged
2014-01-02 09:28 - 2014-01-02 09:15 - 00000097 _____ C:\Windows\system32\cjapum.ztb
2014-01-02 09:15 - 2014-01-02 09:15 - 00000064 _____ C:\Windows\system32\xkprp.dcc
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 ____S C:\Windows\system32\pjdkc.hlx
2013-12-29 18:35 - 2013-12-29 18:35 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-29 18:35 - 2013-11-22 00:08 - 00000000 ____D C:\Users\john 316\AppData\Local\Overwolf
2013-12-29 18:33 - 2012-05-08 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-25 00:50 - 2012-06-11 03:42 - 00000000 ____D C:\Users\john 316\.gimp-2.8
2013-12-25 00:49 - 2013-12-25 00:49 - 00006603 _____ C:\Users\john 316\AppData\Local\recently-used.xbel
2013-12-23 20:07 - 2013-11-17 11:29 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-21 05:19 - 2013-12-21 05:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 21:45 - 2012-04-08 01:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 21:45 - 2011-06-28 03:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 19:22 - 2012-09-28 00:57 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-12 07:33 - 2012-02-05 06:25 - 00000000 ____D C:\Users\john 316\AppData\Roaming\Mumble
2013-12-10 06:03 - 2013-08-18 12:32 - 00000000 _____ C:\conversation.log
2013-12-08 20:45 - 2011-07-30 03:40 - 00440960 _____ C:\Users\john 316\AppData\Local\rx_audio.Cache
2013-12-08 20:40 - 2011-07-30 03:40 - 01822896 _____ C:\Users\john 316\AppData\Local\rx_image32.Cache
2013-12-08 07:33 - 2013-12-08 07:29 - 09394820 _____ C:\Users\john 316\Downloads\Drive OST - A Real Hero (feat. Electric Youth).m4a
2013-12-08 07:33 - 2013-12-08 07:28 - 10383430 _____ C:\Users\john 316\Downloads\Drive OST - Desire - Under Your Spell.m4a
2013-12-08 07:32 - 2013-12-08 07:28 - 09086054 _____ C:\Users\john 316\Downloads\Kavinsky - Nightcall.m4a

Some content of TEMP:
====================
C:\Users\john 316\AppData\Local\Temp\AMPing.exe
C:\Users\john 316\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\john 316\AppData\Local\Temp\Second_Life_3_6_12_284506_i686_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 238A0D6C5C280B810CD53528FA6560BC

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 03:18

==================== End Of Log ============================

 

 

 

Here's the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by john 316 at 2014-01-05 05:46:54
Running from C:\Users\john 316\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.4 MUI (x32 Version: 9.4.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620 - Adobe Systems, Inc.)
Akamai NetSession Interface (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS AP Bank (x32 Version: 1.0.0.0 - ASUSTEK)
ASUS Data Security Manager (x32 Version: 1.00.0013 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.0.20 - ASUS)
ASUS Live Update (x32 Version: 2.5.9 - ASUS)
ASUS MultiFrame (x32 Version: 1.0.0019 - ASUS)
ASUS SmartLogon (x32 Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0028 - ASUS)
ASUS Turbo Gear Enhanced VGA Driver (x32 Version: 0.0.0.21 - ASUSTeK Computer Inc.)
ASUS Virtual Camera (x32 Version: 1.0.18 - asus)
Asus WebStorage (Version: 2.0.31.477 - eCareme Technologies, Inc.)
ASUS_ScreenSaver_GSeries (x32 Version:  - )
Atheros Client Installation Program (x32 Version: 7.0 - Atheros)
ATK Generic Function Service (x32 Version: 1.00.0008 - ATK)
ATK Hotkey (x32 Version: 1.0.0052 - ASUS)
ATK Media (x32 Version: 2.0.0006 - ASUS)
ATKOSD2 (x32 Version: 7.0.0006 - ASUS)
AudioAdvantageSRM (x32 Version: 1.01.05 - Turtle Beach)
Best Free Video Converter version 0.9.9 (x32 Version: 0.9.9 - BFVC Team)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CinemaNow Media Manager (x32 Version: 1.9.0.56 - CinemaNow, Inc.)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
ControlDeck (x32 Version: 1.0.4 - ASUS)
Creative MediaSource 5 (x32 Version: 5.00 - Creative Technology Limited)
CyberLink LabelPrint (x32 Version: 2.5.1720 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1720 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.2713 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.2713 - CyberLink Corp.) Hidden
DAZ Content Management Service (x32 Version: 4.8.1.7 - DAZ 3D)
DAZ Studio 4 (x32 Version: 4.0.2.55 - DAZ 3D)
Deluxe Bible Collection (x32 Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (x32 Version: 2.6.0.34 - DivX, LLC)
DS4 Default Content (x32 Version: 4.0.0.13 - DAZ 3D)
Dungeons & Dragons: Daggerdale (x32 Version:  - )
Electronics Assistant V4.2 (x32 Version:  - Electronics 2000)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Express Gate (x32 Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (Version: 1.0.4 - ASUS)
Firestorm-Release (remove only) (x32 Version: 4.4.2.34167 - The Phoenix Firestorm Project, Inc.)
FreeRIP v3.6 (x32 Version: 3.6 - MGShareware)
GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)
G'MIC for GIMP version 1.5.1.5 (x32 Version: 1.5.1.5 - )
Guild Wars (x32 Version:  - )
Guild Wars 2 (x32 Version:  - NCsoft Corporation, Ltd.)
Java 7 Update 7 (x32 Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (x32 Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Harmony Remote Software (x32 Version: 0.6.0201 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Classic - Home Cinema 1.6.0.4014 x64 (Version: 1.6.0.4014 - MPC-HC Team)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (x32 Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 4.0.60129.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mixxx 1.9.2 (x32 Version: 1.9.2 - The Mixxx Team)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (x32 Version: 1.2.4 - Thorvald Natvig)
NCsoft Launcher (x32 Version: 1.5.7.0 - NCsoft)
Neverwinter Nights 2: Platinum (x32 Version:  - )
Norton 360 (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 270.61 (Version: 270.61 - NVIDIA Corporation)
NVIDIA Control Panel 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 270.61 (Version: 270.61 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.270.54.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7061 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RaidCall (x32 Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5924 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.62.02 (x32 Version: 3.62.02 - RICOH)
RIFT (HKCU Version:  - Trion Worlds, Inc.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (x32 Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.104 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (x32 Version: 6.0 - Sonic Solutions)
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SecondLifeViewer (remove only) (x32 Version:  - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster Audigy HD (x32 Version: 1.0 - Creative Technology Limited)
Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 13.2.6.1 - Synaptics Incorporated)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Bible Collection Installer (x32 Version: 1.0 - ValuSoft)
The Bible Collection Installer (x32 Version: 1.0 - ValuSoft) Hidden
Turbo Gear Extreme (x32 Version: 1.00.24 - )
Update for 2007 Microsoft Office System (KB2284654) (x32 Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Ventrilo Client (x32 Version: 3.0.7 - Flagship Industries, Inc.)
Winamp (x32 Version: 5.64  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (x32 Version: 2.29.0 - ASUS)
Wireless Console 3 (x32 Version: 3.0.11 - ASUS)
World of Warcraft (x32 Version:  - Blizzard Entertainment)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

20-12-2013 09:23:01 Scheduled Checkpoint
28-12-2013 17:23:46 Scheduled Checkpoint
29-12-2013 23:44:47 Removed Overwolf
29-12-2013 23:46:47 Removed Overwolf.Setup.VC100CRTx64.Dist

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FF5EDD1-110F-4B8E-9C38-1DACED807CBB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {14A3B64A-1B67-4D01-A530-0658C39B1B0B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {19CFB981-FEFE-4652-9763-21F29277FA32} - System32\Tasks\{04EC9106-E9CD-42AA-8CA0-EB0111F690F3} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {22761162-C51E-4AE7-A5C7-087CF331F7DF} - System32\Tasks\{8586CE54-D287-4262-8FFA-867BE7EAA5AD} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.260&LastError=12002
Task: {230C778B-7400-48D0-85D5-0DFA2BB225C2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2373D3B3-A03B-424B-A039-788B6868BDCA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {2E2F8368-D09F-49BF-8AF5-CC5001081C34} - System32\Tasks\{32878CA4-37CE-4E43-9289-AFCD28942E99} => C:\Program Files (x86)\American Farmer\JohnDeere.exe
Task: {2E77F949-DCB8-41A2-81DF-6E78F288A5F3} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {47F6A3BA-AAED-4948-94AA-7EE31758389A} - System32\Tasks\{DEEEAC7A-63ED-4314-99E7-3E65AB82FA23} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {51E853AD-39DE-4F37-9058-C7C88E3286ED} - System32\Tasks\{A1FE5D20-2C32-4816-99FF-C9EB1B479C69} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {63CE209A-D755-4AA3-AB5B-7E3105E38CCA} - System32\Tasks\{BF740C8B-02F0-4EDA-AAB6-D837526667D3} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {76E97CFC-1A86-4FA9-88FC-A31CDA2AFE97} - System32\Tasks\{A9D035C5-3210-4BBF-A504-1DBCCCBC33BC} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {7E6F0974-1937-489A-8A28-E4F8E51EE4BF} - System32\Tasks\{B60F8919-44A1-4CF0-B255-BAD327E5A17E} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {889E9C77-84C8-46A1-9CDA-E29E47CDCF11} - System32\Tasks\{4904AE77-C434-4223-A5E5-04F3E09AB5EF} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {8C1A4E59-CEF1-4EBC-93D5-4A5FC0BDE0DD} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {929986D3-E110-433E-8FDF-12518825AC04} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {946CDDA1-EB7C-4E57-BBB4-46797C599C26} - System32\Tasks\{24E1E41A-ABD6-4984-B946-F398855B5488} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A89AC480-6F7D-4480-B291-77018BA0F286} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {B8989A75-B24E-4C9D-8D1B-1EB91DF7FD27} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-04] ()
Task: {CF383C35-74D1-4107-9966-041EC13A2E32} - System32\Tasks\{DDD17670-F3BD-4814-B8F6-8DAE137BC274} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {DF5A6949-42EE-442E-A17A-ACA286017125} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {E3D81A04-ABA9-4CDC-A846-9E01C831AA2C} - System32\Tasks\{C8F642D6-F619-4C34-B0EF-4A811C151B95} => C:\Games\chipschallenge\chipschallenge\CHIPS.EXE
Task: {EB0723AA-15A9-41E2-A717-5643A6C0159C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {F716E2F2-66D5-469F-A134-351CBE82D39D} - System32\Tasks\{6BA85C26-9C71-4696-94A9-F3055D5B29AE} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

==================== Loaded Modules (whitelisted) =============

2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-08-25 02:47 - 2009-08-25 02:47 - 00140560 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\EcaremeDLL.dll
2009-11-09 20:40 - 2009-11-09 20:40 - 00029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
2009-11-09 20:40 - 2009-11-09 20:40 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-08-25 02:47 - 2009-08-25 02:47 - 00095504 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\BSWorker.dll
2009-08-25 02:47 - 2009-08-25 02:47 - 00083216 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\BSBroker.dll
2011-08-05 13:48 - 2011-10-19 03:28 - 01574400 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMADGQ4Z.DLL
2011-08-05 13:48 - 2011-10-19 03:28 - 00640000 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMADGQ4A.DLL
2011-08-05 13:47 - 2011-10-19 03:28 - 00025600 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMADGQ40.dll
2011-07-08 01:29 - 2011-07-08 01:29 - 01795584 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMADGQUE.DLL
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-11-09 21:01 - 2008-02-17 01:08 - 00950272 _____ () C:\Program Files\ASUS\Turbo Gear\OcSetting.dll
2009-11-09 21:01 - 2005-05-11 18:39 - 00565248 _____ () C:\Program Files\ASUS\Turbo Gear\pngio.dll
2009-11-09 21:01 - 2008-05-23 00:24 - 00045056 _____ () C:\Program Files\ASUS\Turbo Gear\atkmethod.dll
2008-08-27 19:32 - 2008-08-27 19:32 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 12:55 - 2008-06-09 12:55 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-21 05:18 - 2013-12-21 05:19 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-07 20:54 - 2011-04-07 20:54 - 00239720 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 05:50:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16912, time stamp: 0x4eb4c636
Exception code: 0xc0000005
Fault offset: 0x0000000000163ae0
Faulting process id: 0x2dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/04/2014 04:43:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16912, time stamp: 0x4eb4c636
Exception code: 0xc0000005
Fault offset: 0x00000000005c5d57
Faulting process id: 0x2dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/04/2014 03:34:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001222e8d
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/04/2014 01:06:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000742e8d
Faulting process id: 0x2e0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/04/2014 09:13:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000006f2e8d
Faulting process id: 0x2e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/03/2014 09:58:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16912, time stamp: 0x4eb4c636
Exception code: 0xc0000005
Fault offset: 0x0000000000163ae0
Faulting process id: 0x2e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/03/2014 09:35:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000792e8d
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/03/2014 04:59:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001122e8d
Faulting process id: 0x2dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/03/2014 02:41:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16912, time stamp: 0x4eb4c636
Exception code: 0xc0000005
Fault offset: 0x0000000000163ae0
Faulting process id: 0x2e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/03/2014 02:02:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16912, time stamp: 0x4eb4c636
Exception code: 0xc0000005
Fault offset: 0x00000000005c5d57
Faulting process id: 0x2d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (01/05/2014 05:43:36 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F029A792-FCC7-46E4-A1AA-E2A5DA7421D6}.
The backup browser is stopping.

Error: (01/05/2014 05:32:15 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 05:28:16 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 05:15:27 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 04:53:37 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 04:41:58 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 04:31:58 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (01/05/2014 04:04:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (01/05/2014 04:03:16 AM) (Source: Service Control Manager) (User: )
Description: The asurscsi service failed to start due to the following error:
%%2

Error: (01/05/2014 00:25:20 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 6143.04 MB
Available physical RAM: 3423.38 MB
Total Pagefile: 12284.21 MB
Available Pagefile: 9356.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:294.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:0.95 GB) (Free:0.84 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 969 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=969 MB) - (Type=06)

==================== End Of Log ============================

 

 

And the final Search log you requested:

 

Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by john 316 at 2014-01-05 05:49:00
Running from C:\Users\john 316\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 238A0D6C5C280B810CD53528FA6560BC

====== End Of Search ======

[B-boy/StyLe/]

Hi,

 

 

Thanks for the logs.
 
 
Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

Regards,
Georgi

[Alby9]

Ok, Downloaded and ran as you instructed. I was told to reboot and did; when the desktop came up I now have two new files on the desktop and the names are written in a foreign text like Chinese (haven't touched them). Also upon returning, the Volume contorl in the taskbar now has a red X and when moused over it says: "The Audio Service is not running." and the signal strength icon that's also in the tray just has the little blue loading circle over it, but I do have a connection.

 

Here's your log....

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by john 316 at 2014-01-05 06:41:37 Run:1
Running from C:\Users\john 316\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [Adobe Drivers] - C:\Users\john 316\AppData\Roaming\Microsoft\Local\svchost.exe
C:\Users\john 316\AppData\Roaming\Microsoft\Local\svchost.exe
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-01-02 09:28 - 2014-01-02 09:28 - 00037376 _____ C:\Windows\system32\gsap.ged
2014-01-02 09:16 - 2014-01-05 05:10 - 00000080 _____ C:\Windows\system32\iytfm.agv
2014-01-02 09:15 - 2014-01-02 09:28 - 00000097 _____ C:\Windows\system32\cjapum.ztb
2014-01-02 09:15 - 2014-01-02 09:15 - 00000064 _____ C:\Windows\system32\xkprp.dcc
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 ____S C:\Windows\system32\pjdkc.hlx
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\john 316\AppData\Local\Temp
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Drivers => Value deleted successfully.
"C:\Users\john 316\AppData\Roaming\Microsoft\Local\svchost.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Windows\system32\gsap.ged => Moved successfully.
C:\Windows\system32\iytfm.agv => Moved successfully.
Could not move "C:\Windows\system32\cjapum.ztb" => Scheduled to move on reboot.
C:\Windows\system32\xkprp.dcc => Moved successfully.
Could not move "C:\Windows\system32\pjdkc.hlx" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\john 316\AppData\Local\Temp" directory move:

C:\Users\john 316\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\AMPing.exe => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\CFGC4F.tmp => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\john 316\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\john 316\AppData\Local\Temp\InstallManager_BAB_BAB.exe => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Invoice-76668.pdf => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Second_Life_3_6_12_284506_i686_Setup.exe => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\license.txt => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OV170QNQ\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ME37BQ0P\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Temporary Internet Files\Content.IE5\M912N5L8\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Temporary Internet Files\Content.IE5\I1Q7MHE1\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VRQTJEUK\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\JU0JWROK\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8ROIFFKV\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\37B6E46B\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\Low\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\flaD402.tmp => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\TZO3TUDW\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\R9U4ZCPX\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\O51DAWL9\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\2Y4ZMW3Q\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\08OC3BP1\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\History\History.IE5\index.dat => Moved successfully.
C:\Users\john 316\AppData\Local\Temp\acro_rd_dir\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\john 316\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 06:44:08)<=

C:\Windows\system32\cjapum.ztb => Moved successfully.
C:\Windows\system32\pjdkc.hlx => Is moved successfully.
"C:\Users\john 316\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\john 316\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

[B-boy/StyLe/]

Hi,

 

Please reboot the computer again and run a new scan with FRST then post the logs.

 

• Also please download RKill by Grinler from the link below and save it to your desktop.
  
  Rkill
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply.
• A log pops up at the end of the run. This log file is located at C:\rkill.log.
• Please post the log in your next reply.
  

 

 

Regards,

Georgi

[Alby9]

Just to be sure, you would like me to reboot and run FRST and come back and post the logs (both FRST.txt and Addition.txt) before continuing on with Rkill, is that correct or do all the steps at once?

[B-boy/StyLe/]

Hi,

 

Yes, that is correct. Reboot and run a new scan with FRST and post the logs. Next run RKILL (I want to check the system integrity with the tool) and post the log as well.

 

 

Regards,

Georgi

[Alby9]

Rebooted and ran FRST again and here is the log produced, will begin the Rkill and post the log when done.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by john 316 (administrator) on JOHN316-PC on 05-01-2014 07:23:50
Running from C:\Users\john 316\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
(ECAREME) C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
() C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Voyetra Turtle Beach, Inc.) C:\Program Files (x86)\Turtle Beach\AudioAdvantageSRM\TBAA.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EeeStorageBackup] - C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8084000 2009-08-25] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Turbo Gear] - C:\Program Files\ASUS\Turbo Gear\TurboGear.exe [2987520 2009-08-06] ()
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turtle Beach Audio Advantage SRM] - C:\Program Files (x86)\Turtle Beach\AudioAdvantageSRM\TBAA.exe [1679360 2008-10-20] (Voyetra Turtle Beach, Inc.)
HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [ADSMTray] - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2009-11-09] (ASUS)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Turbo Gear Help] - C:\Program Files\ASUS\Turbo Gear\GearHelp.exe [1026048 2009-08-06] ()
HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Run: [MtdAcqu] - C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe [278528 2008-10-30] (Creative Technology Ltd)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MountPoints2: {77e5065d-5afb-11e0-9bf2-a7dd458027aa} - D:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{6F40973C-9111-4ED6-A0DB-0492DB7B1C4E}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{6F40973C-9111-4ED6-A0DB-0492DB7B1C4E}?q={searchTerms}
SearchScopes: HKCU - {995C1769-9419-4C3F-BBC8-980241A8EF80} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,6901,0,8,0
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: www.refdesk.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\john 316\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF SearchPlugin: C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: EPUBReader - C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

==================== Services (Whitelisted) =================

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()
S2 asurscsi; C:\Audio\AudioSurgeon 5\asurscsi.exe [x]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\ENG64.SYS [126040 2013-11-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\EX64.SYS [2099288 2013-11-13] (Symantec Corporation)
S1 RxFilter; C:\Windows\SysWow64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1286656 2008-09-10] (C-Media Electronics Inc)
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 07:14 - 2014-01-05 07:14 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\john 316\Desktop\rkill.com
2014-01-05 05:49 - 2014-01-05 05:50 - 00000632 _____ C:\Users\john 316\Desktop\Search.txt
2014-01-05 05:46 - 2014-01-05 07:23 - 00018953 _____ C:\Users\john 316\Desktop\FRST.txt
2014-01-05 05:46 - 2014-01-05 05:47 - 00029762 _____ C:\Users\john 316\Desktop\Addition.txt
2014-01-05 05:44 - 2014-01-05 06:44 - 00000000 ____D C:\FRST
2014-01-05 05:43 - 2014-01-05 05:43 - 01931368 _____ (Farbar) C:\Users\john 316\Desktop\FRST64.exe
2014-01-04 22:24 - 2014-01-04 22:24 - 00017465 _____ C:\Users\john 316\Desktop\attach.txt
2014-01-04 22:24 - 2014-01-04 22:23 - 00014020 _____ C:\Users\john 316\Desktop\dds.txt
2014-01-04 22:13 - 2014-01-04 22:13 - 00688992 ____R (Swearware) C:\Users\john 316\Desktop\dds.com
2014-01-04 20:58 - 2014-01-04 20:58 - 00001414 _____ C:\Users\john 316\Documents\malware-explain.txt
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ѐ
2013-12-29 18:35 - 2013-12-29 18:35 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-29 18:34 - 2013-12-29 18:34 - 00000000 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ȁ
2013-12-25 00:49 - 2013-12-25 00:49 - 00006603 _____ C:\Users\john 316\AppData\Local\recently-used.xbel
2013-12-21 05:18 - 2013-12-21 05:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-08 07:29 - 2013-12-08 07:33 - 09394820 _____ C:\Users\john 316\Downloads\Drive OST - A Real Hero (feat. Electric Youth).m4a
2013-12-08 07:28 - 2013-12-08 07:33 - 10383430 _____ C:\Users\john 316\Downloads\Drive OST - Desire - Under Your Spell.m4a
2013-12-08 07:28 - 2013-12-08 07:32 - 09086054 _____ C:\Users\john 316\Downloads\Kavinsky - Nightcall.m4a

==================== One Month Modified Files and Folders =======

2014-01-05 07:24 - 2014-01-05 05:46 - 00018953 _____ C:\Users\john 316\Desktop\FRST.txt
2014-01-05 07:22 - 2010-08-14 13:21 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-05 07:21 - 2011-01-27 05:13 - 00098725 _____ C:\Windows\setupact.log
2014-01-05 07:21 - 2010-09-13 16:05 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-05 07:21 - 2009-11-09 21:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-05 07:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 07:20 - 2009-11-09 20:18 - 01375057 _____ C:\Windows\WindowsUpdate.log
2014-01-05 07:14 - 2014-01-05 07:14 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\john 316\Desktop\rkill.com
2014-01-05 06:50 - 2012-02-23 04:04 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 06:50 - 2012-02-23 04:04 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 06:44 - 2014-01-05 05:44 - 00000000 ____D C:\FRST
2014-01-05 06:42 - 2009-11-09 20:54 - 00469328 _____ C:\Windows\PFRO.log
2014-01-05 05:50 - 2014-01-05 05:49 - 00000632 _____ C:\Users\john 316\Desktop\Search.txt
2014-01-05 05:47 - 2014-01-05 05:46 - 00029762 _____ C:\Users\john 316\Desktop\Addition.txt
2014-01-05 05:43 - 2014-01-05 05:43 - 01931368 _____ (Farbar) C:\Users\john 316\Desktop\FRST64.exe
2014-01-04 22:24 - 2014-01-04 22:24 - 00017465 _____ C:\Users\john 316\Desktop\attach.txt
2014-01-04 22:23 - 2014-01-04 22:24 - 00014020 _____ C:\Users\john 316\Desktop\dds.txt
2014-01-04 22:13 - 2014-01-04 22:13 - 00688992 ____R (Swearware) C:\Users\john 316\Desktop\dds.com
2014-01-04 20:58 - 2014-01-04 20:58 - 00001414 _____ C:\Users\john 316\Documents\malware-explain.txt
2014-01-04 19:47 - 2011-04-15 14:23 - 00000000 ____D C:\catch
2014-01-04 12:30 - 2010-08-14 23:40 - 00000000 ____D C:\Users\john 316\AppData\Roaming\Skype
2014-01-04 12:23 - 2013-08-18 12:30 - 00000000 ____D C:\Users\john 316\AppData\Local\SecondLife
2014-01-04 10:42 - 2013-08-25 00:57 - 00000000 ____D C:\Users\john 316\AppData\Local\Firestorm
2014-01-04 09:43 - 2011-02-10 21:32 - 00007626 _____ C:\Users\john 316\AppData\Local\resmon.resmoncfg
2014-01-04 02:16 - 2009-07-14 00:13 - 00795186 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 02:14 - 2012-02-23 04:54 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 02:14 - 2012-02-23 04:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ѐ
2013-12-29 18:35 - 2013-12-29 18:35 - 00000000 ____D C:\ProgramData\Overwolf
2013-12-29 18:35 - 2013-11-22 00:08 - 00000000 ____D C:\Users\john 316\AppData\Local\Overwolf
2013-12-29 18:34 - 2013-12-29 18:34 - 00000000 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ȁ
2013-12-29 18:33 - 2012-05-08 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-25 00:50 - 2012-06-11 03:42 - 00000000 ____D C:\Users\john 316\.gimp-2.8
2013-12-25 00:49 - 2013-12-25 00:49 - 00006603 _____ C:\Users\john 316\AppData\Local\recently-used.xbel
2013-12-23 20:07 - 2013-11-17 11:29 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-21 05:19 - 2013-12-21 05:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 21:45 - 2012-04-08 01:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 21:45 - 2011-06-28 03:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-16 19:22 - 2012-09-28 00:57 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-12 07:33 - 2012-02-05 06:25 - 00000000 ____D C:\Users\john 316\AppData\Roaming\Mumble
2013-12-10 06:03 - 2013-08-18 12:32 - 00000000 _____ C:\conversation.log
2013-12-08 20:45 - 2011-07-30 03:40 - 00440960 _____ C:\Users\john 316\AppData\Local\rx_audio.Cache
2013-12-08 20:40 - 2011-07-30 03:40 - 01822896 _____ C:\Users\john 316\AppData\Local\rx_image32.Cache
2013-12-08 07:33 - 2013-12-08 07:29 - 09394820 _____ C:\Users\john 316\Downloads\Drive OST - A Real Hero (feat. Electric Youth).m4a
2013-12-08 07:33 - 2013-12-08 07:28 - 10383430 _____ C:\Users\john 316\Downloads\Drive OST - Desire - Under Your Spell.m4a
2013-12-08 07:32 - 2013-12-08 07:28 - 09086054 _____ C:\Users\john 316\Downloads\Kavinsky - Nightcall.m4a

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 03:18

==================== End Of Log ============================

[Alby9]

Disabled all AV and firewall software, ran Rkill and here is your log.

(Upon the last reboot the Volume and internet connection icons in the tray are back to normal)

 

 

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2014 07:30:59 AM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 1516) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\john 316\Desktop\rkill\rkill-01-05-2014-07-31-04.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/05/2014 07:31:46 AM
Execution time: 0 hours(s), 0 minute(s), and 46 seconds(s)
 

[B-boy/StyLe/]

Hi,
 

 

We are almost done here.
 
Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Next let me know how are the things now.

 
Regards,
Georgi

[Alby9]

Here we go, latest log...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by john 316 at 2014-01-05 08:00:23 Run:2
Running from C:\Users\john 316\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
S2 asurscsi; C:\Audio\AudioSurgeon 5\asurscsi.exe [x]
U3 tmlwf;
U3 tmwfp;
2014-01-02 08:59 - 2014-01-02 08:59 - 00219314 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ѐ
2013-12-29 18:34 - 2013-12-29 18:34 - 00000000 _____ C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ȁ
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /f
end




*****************

asurscsi => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ѐ => Moved successfully.
C:\Users\john 316\Desktop\㩃䙜卒屔畑牡湡楴敮Ȁ => Moved successfully.

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====

[B-boy/StyLe/]

Hi,
 

(Upon the last reboot the Volume and internet connection icons in the tray are back to normal)

 
 
Nice to hear there is an improvement.
 
Also I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:
 

STEP 1

 

 

• Please download RogueKiller.exe and save to the desktop.
• Close all windows and browsers
• Right-click the program and select 'Run as Administrator'
• Press the scan button.
• A report opens on the desktop named - RKreport.txt
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
   
• Click the Start Scan button.
   
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow these instructions for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 4

 

 

1.Please download HitmanPro.

• For 32-bit Operating System - .
• This is the mirror -
• For 64-bit Operating System -
• This is the mirror -

2.Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations.

 

 

Regards,

Georgi

 
 

[Alby9]

Alright, have them all downloaded and ready to begin, I will post you the files after each program run.

Thank you again for taking the time to help with my issues.

[Alby9]

Here is RougeKillers log. I didn't delete or remove anything, just closed the program since you didn't instruct me to.

 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : john 316 [Admin rights]
Mode : Scan -- Date : 01/05/2014 09:10:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] ecfb9639bd329c89520bd3e1a1fe21e2
[bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30716280 | Size: 461940 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ ) SD Memory Card +++++
--- User ---
[MBR] b07927c6b904ea2d7d8dc9b2acf6092f
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo
Error reading LL1 MBR! ([0x1] Incorrect function. )
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_01052014_091020.txt >>




Did we want to remove what this program found before moving to the next on the list?

[B-boy/StyLe/]

Hello,

 

Please don't remove anything until instructed. You can post the results from all of the tools together when you are done with the scans.

 

Thanks!

 

 

Regards,

Georgi

[Alby9]

Thank you for the clarification, sorry if I've taken too long, just wanted to be sure.

[Alby9]

Here's all the logs you requested... (Already sent Rougekiller log)

 

The link to the TDSSkiller log (it was way too large to fit into the reply).  ---> http://pastebin.com/dZ02mZYP

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.05.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
john 316 :: JOHN316-PC [administrator]

1/5/2014 10:18:49 AM
mbar-log-2014-01-05 (10-18-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 273356
Time elapsed: 23 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

-----------------------------------

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6441439232, free: 4694953984

Downloaded database version: v2014.01.05.02
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     01/05/2014 09:50:58
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\92529428.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\AsDsm.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys
\SystemRoot\system32\DRIVERS\EIO64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\sffp_sd.sys
\SystemRoot\system32\DRIVERS\sffdisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\drivers\CM10664.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\ENG64.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007369060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006223050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007369060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007369b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007369060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006223050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 30714232

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30716280  Numsec = 946054840
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008c47060, DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c47560, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c47060, DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
DevicePointer: 0xfffffa8008c535c0, DeviceName: Unknown, DriverName: \Driver\sffp_sd\
DevicePointer: 0xfffffa8008c538b0, DeviceName: \Device\SdBus-0\, DriverName: \Driver\sdbus\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 249  Numsec = 1983495

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1015808000 bytes
Sector size: 512 bytes

Done!
Infected: C:\Windows\System32\xwemzeb.gif --> [Extension.Mismatch]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_30716280_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6441439232, free: 4981645312

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6441439232, free: 4730220544

=======================================
------------ Kernel report ------------
     01/05/2014 10:18:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\AsDsm.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1501000.012\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys
\SystemRoot\system32\DRIVERS\EIO64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\sffp_sd.sys
\SystemRoot\system32\DRIVERS\sffdisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\CM10664.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\EX64.SYS
\??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140104.006\ENG64.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006600790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006223050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006600790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006600250, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006600790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006223050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 30714232

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30716280  Numsec = 946054840
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008c02a90, DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c025c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c02a90, DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
DevicePointer: 0xfffffa8008c02d70, DeviceName: Unknown, DriverName: \Driver\sffp_sd\
DevicePointer: 0xfffffa8008c0f3d0, DeviceName: \Device\SdBus-0\, DriverName: \Driver\sdbus\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\SR0\, DriverName: \Driver\sffdisk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 249  Numsec = 1983495

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1015808000 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_30716280_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

---------------------------------------

 

HitmanPro 3.7.8.208www.hitmanpro.com   Computer name . . . . : JOHN316-PC   Windows . . . . . . . : 6.1.0.7600.X64/2   User name . . . . . . : john316-PC\john 316   UAC . . . . . . . . . : Disabled   License . . . . . . . : Free   Scan date . . . . . . : 2014-01-05 10:44:57   Scan mode . . . . . . : Normal   Scan duration . . . . : 5m 41s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 28   Objects scanned . . . : 2,320,394   Files scanned . . . . : 77,976   Remnants scanned  . . : 1,172,046 files / 1,070,372 keysPotential Unwanted Programs _________________________________________________   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)   HKU\S-1-5-21-3813216129-3567850777-1963101282-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)   HKU\S-1-5-21-3813216129-3567850777-1963101282-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)Cookies _____________________________________________________________________   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\18TX0D1T.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\7FNTM3NZ.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\83SGSO4H.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\8GSD0EN9.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\8POD77DJ.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\9ZO8FRVC.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\AHJUQHRF.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\DWXXTS9X.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\E03TFWEG.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\EVTBFU7C.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\FR0I964P.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\GRKBV5UL.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\L4E51I21.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\RMCYIL3K.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\ST0NPHZ3.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\VTW7E3H6.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\WJBBIFPM.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\Y90QAP3H.txt   C:\Users\john 316\AppData\Roaming\Microsoft\Windows\Cookies\YMXDZZF2.txt   C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\cookies.sqlite:ads.yahoo.com   C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\cookies.sqlite:doubleclick.net   C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\cookies.sqlite:invitemedia.com   C:\Users\john 316\AppData\Roaming\Mozilla\Firefox\Profiles\bwrbxm7b.default\cookies.sqlite:stats.paypal.com

--------------------------------------------------

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 24  
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[B-boy/StyLe/]

Hi,

 

Nice work! The system is clean!

Let's remove a few registry remnants from Yontoo from the system:

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

UPDATING TASKS

 

 

 

Download and install Service Pack 1 for Windows 7 from here.

 

 

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.04 to your PC's desktop.
 

• Uninstall Adobe Reader 9 via Start => Control Panel > Uninstall a program
• Install the new downloaded updated software.
• Also please download and install the following update 11.0.05

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

 

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 11.9.900.170 Final for (Internet Explorer)

Adobe Flash Player 11.9.900.170 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.

 

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
 

• Download the latest version of Java SE 7.
• Click the Java™ 7 Update 45 "Download JRE" button to the right.
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-7u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
   Java™ 6 Update 24  
   Java 7 Update 7
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u45-windows-i586.exe and select "Run as an Administrator.")

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...
 
http://www.techsupportforum.com/5494-java-time-to-wake-up-and-smell-the-coffee/
 
 
Next please run JavaRa.

• Please download JavaRa and unzip it to your desktop.
• Double-click on JavaRa.exe to start the program.
• Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
• Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
• When that's successfully done, please click OK to close the message.
• Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
• From the main menu please choose Additional tasks
• Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
• When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
• A log file should be created in the same directory as JavaRa.
• Please attach the log to your next reply.
• Close JavaRa by clicking the red cross button.

 

• It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
• Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
• You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

• It is important that you visit Windows Update regularly.
• This will ensure your computer has always the latest security updates available installed on your computer.  
• If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

When done please post a new log from SecurityCheck.

I'll give you my final recommendations in the next post.

 

 

Regards,

Georgi

[Alby9]

After downloading updates, them installing and doing the reboot, windows has been hung at:

 

"Configuring Windows updates

             87% complete

Do not turn off your computer."

 

for appox one hour now, and have low HDD activity by the light, the pc isn't frozen since the blue 'busy' circle icon is still spinning.

Should I continue to wait? (I'm writting to you from a different pc)

[B-boy/StyLe/]

Hi,

 

 

Service Pack 1 is a massive update much larger than a simple patch, so I would recommend to give it more time to complete.

 

If no luck try some of the advices described here:

 

http://pcsupport.about.com/od/findbysymptom/a/windows-update-frozen.htm

http://www.instantsupportsite.com/self-help/windows-configuring-updates/

http://infotechnology.hubpages.com/hub/Solution-for-Stuck-Preparing-to-Configure-Windows-Please-do-not-turn-off-your-Computer

 

and let me know about the results.

 

 

Regards,

Georgi

[Alby9]

Thank you for the reply and will get right on restarting it, just didn't want to do anything with you knowing about it.

[B-boy/StyLe/]

Hi,

 

Was the restart successful? Lol we cleaned the malware and windows update did more damage than it. That's ridiculous...

 

 

Regards,

Georgi

[Alby9]

This is the main reason why I had it turned off, I've had more bad experiences with update than I can say. Anyways, sorry for taking so long, we got it back up and running in normal mode. Here's the break down...

Did a forced cold start, booted into Safe mode and it "reverted changes" and completed and rebooted it's self.

loaded into normal mode and stated, "Preparing to configure windows", followed by, "Failure to configure, reverting changes". (approx @ 5:50am) and hung again.

I waited another 30 mins as instructed and forced another cold start.

Loaded back into Safe mode which took roughly 10 mins to get to Desktop.

Started a System Restore to the latest point before the update (6:40am)

Restore completed, rebooted it's self and loaded to normal mode (never got to the Desktop before it rebooted its self again).

Upon return, we got the messages "System Restore completed successfully" & an error "BackupServices has stopped working" and closed it.

 

How should we proceed and thank you once more for your patience and time.

Maybe just start with the SP1 since that was your main concern?