Jump to content

Recommended Posts

I have been having a problem for the last couple of days. I would get a popup stating windows svchost has stopped and to report it. I also noticed in task manager the svchost would just show up and shoot to the top using over 400k.

I ran antivirus (which is always up to date) and ccleaner but everything is clean. Decide to buy MBAM (ordered from amazon will be here tomorrow)so I'm using the trial version now. Ran scan and it showed 1 infected file. Removed and restarted but it's still there. I can do this over and over but it never removes.

Please help, I'm lost.

Thanks,

Steve

_______________________________________________________________________

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8036

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/28/2011 1:03:28 PM

mbam-log-2011-10-28 (13-03-28).txt

Scan type: Quick scan

Objects scanned: 187290

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_____________________________________________________________________________________

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Steve at 12:59:07 on 2011-10-28

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.13032 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Pogoplug\dokanmnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Logitech\SetPointP\LBTWiz.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Program Files (x86)\yProxy\yProxy.exe

C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe

C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sscohen.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

uWinlogon: Shell=C:\Users\Steve\AppData\Local\be451f40\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512151150.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

uRun: [yProxy yEnc Decoder] C:\Program Files (x86)\yProxy\yProxy.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\WEB2~1\Office12\REFIEBAR.DLL

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2896E0EB-A650-45AB-A7EB-DB08DB24049E} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8F8A389C-7E8B-4F85-BAB2-9F6AC86EF8CC} : DhcpNameServer = 192.168.1.254

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512151150.dll

BHO-X64: scriptproxy - No File

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 acs6nts;acs6nts;C:\Windows\system32\DRIVERS\acs6nts.sys --> C:\Windows\system32\DRIVERS\acs6nts.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-4-15 586880]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 DokanCEDriver;DokanCEDriver;C:\Program Files\Pogoplug\dokance.sys [2011-6-21 66880]

R2 DokanCEMounter;DokanCEMounter;C:\Program Files\Pogoplug\dokanmnt.exe [2011-6-21 134464]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 xcetap0;XCETAP0 Adapter;C:\Windows\system32\DRIVERS\xcetap0.sys --> C:\Windows\system32\DRIVERS\xcetap0.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2021-11-06 03:12:38 207872 ----a-w- C:\Windows\SysWow64\MVTrim.dll

2011-10-28 19:38:07 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-10-28 07:33:33 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes

2011-10-28 07:33:26 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-28 07:33:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-28 07:33:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-27 23:10:47 -------- d-----w- C:\Users\Steve\AppData\Local\{FB29F398-447C-4BE0-8CF3-D0D283E703E9}

2011-10-27 23:10:14 -------- d-----w- C:\Users\Steve\AppData\Local\{270F3900-58F1-48D4-9094-3933B0C546CD}

2011-10-26 05:54:30 -------- d-----w- C:\Program Files (x86)\Firetrust

2011-10-25 18:20:38 -------- d-----w- C:\Users\Steve\AppData\Local\{651088C9-067E-4FD7-8A02-7577BA10ACFE}

2011-10-25 18:20:16 -------- d-----w- C:\Users\Steve\AppData\Local\{35481520-3945-4384-AD12-AB67552A875A}

2011-10-24 17:35:14 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-10-21 00:43:10 43672 ----a-w- C:\Windows\System32\drivers\psmounter.sys

2011-10-21 00:43:10 13464 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys

2011-10-18 17:09:52 212480 ----a-w- C:\Windows\PCDLIB32.DLL

2011-10-18 06:19:57 -------- d-----w- C:\Users\Steve\AppData\Local\{0E71CA53-61D6-49CA-A2BA-A3078F3F29C3}

2011-10-18 06:19:45 -------- d-----w- C:\Users\Steve\AppData\Local\{CDB76413-9DFB-40AA-9D24-84B288E61485}

2011-10-16 05:38:07 -------- d-----w- C:\Users\Steve\AppData\Local\{389EAC08-36E6-4DBF-AE40-AD138ECC8B62}

2011-10-16 05:37:34 -------- d-----w- C:\Users\Steve\AppData\Local\{7CBAEBC1-DF03-406B-AA9B-EF515206FC4F}

2011-10-14 23:27:59 257024 ----a-w- C:\Users\Steve\taskmgr.exe

2011-10-14 23:27:57 -------- d-sh--w- C:\Users\Steve\AppData\Local\be451f40

2011-10-14 23:20:27 -------- d-----w- C:\Program Files (x86)\UltraISO

2011-10-14 23:20:27 -------- d-----w- C:\Program Files (x86)\Common Files\EZB Systems

2011-10-14 22:32:14 -------- d-----w- C:\Users\Steve\AppData\Local\Ahead

2011-10-14 22:23:11 476320 ------w- C:\Windows\SysWow64\ImagXpr7.dll

2011-10-14 22:23:11 471040 ------w- C:\Windows\SysWow64\ImagXRA7.dll

2011-10-14 22:23:11 262144 ------w- C:\Windows\SysWow64\ImagXR7.dll

2011-10-14 22:23:11 1568768 ------w- C:\Windows\SysWow64\ImagX7.dll

2011-10-14 22:23:11 106496 ----a-w- C:\Windows\SysWow64\TwnLib20.dll

2011-10-13 22:56:47 -------- d-----w- C:\Program Files\iTunes

2011-10-13 22:56:47 -------- d-----w- C:\Program Files\iPod

2011-10-13 22:56:47 -------- d-----w- C:\Program Files (x86)\iTunes

2011-10-13 22:55:08 -------- d-----w- C:\Program Files\Bonjour

2011-10-13 22:55:08 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-13 19:24:41 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-13 19:24:39 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-13 19:24:39 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-13 19:24:39 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-13 19:24:39 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-13 19:24:34 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-13 19:24:34 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-13 19:24:34 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-13 19:24:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-07 20:27:43 -------- d-----w- C:\Users\Steve\AppData\Local\{7B51CFDD-4477-4A2F-8426-ED0D37249C6A}

2011-10-07 20:27:09 -------- d-----w- C:\Users\Steve\AppData\Local\{2C1D4C66-7013-4BCE-9C1F-27B750A3FA86}

2011-10-07 06:04:42 -------- d-----w- C:\Users\Steve\AppData\Local\{9DA3EF6B-898A-4F6B-A2A9-7A94EF372DD1}

2011-10-07 06:04:10 -------- d-----w- C:\Users\Steve\AppData\Local\{39FDA9D8-0B82-4DB8-898F-D82F00C9AF98}

2011-10-01 07:13:49 -------- d-----w- C:\Users\Steve\AppData\Local\{498981C7-60D5-47C0-B0A1-DE639E6A5E01}

2011-10-01 07:13:38 -------- d-----w- C:\Users\Steve\AppData\Local\{5FEFC3C6-22AA-4967-B5A9-67BF0B2B596B}

.

==================== Find3M ====================

.

2011-10-26 00:47:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-25 06:59:02 996896 ----a-w- C:\Windows\PE_Rom.dll

2011-10-25 06:58:04 1058592 ----a-w- C:\Windows\PE_File.dll

2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-31 06:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-31 06:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-08-24 21:13:05 0 ----a-w- C:\Windows\ativpsrm.bin

2011-08-21 23:06:32 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-08-19 16:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll

2011-08-19 16:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll

2011-08-19 16:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys

2011-08-19 16:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys

2011-08-19 16:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll

2011-08-19 16:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll

2011-08-19 16:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll

2011-08-19 16:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll

2011-08-19 16:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll

2011-08-19 16:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll

2011-08-19 16:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll

2011-08-19 16:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll

2011-08-19 16:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll

2011-08-19 16:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe

2011-08-19 16:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe

2011-08-12 19:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll

.

============= FINISH: 13:01:55.35 ===============

______________________________________________________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume4

Install Date: 4/15/2011 9:11:05 PM

System Uptime: 10/28/2011 12:52:20 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 DELUXE

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1397 GiB total, 874.509 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 218.128 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

G: is CDROM ()

I: is Removable

K: is Removable

M: is Removable

O: is FIXED (NTFS) - 932 GiB total, 246.846 GiB free.

P: is FIXED (NTFS) - 932 GiB total, 240.292 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP159: 10/24/2011 10:34:47 AM - Installed Realtek Ethernet Controller Driver For Windows Vista a”KS`

RP160: 10/25/2011 11:20:52 PM - Removed Apple Mobile Device Support

RP161: 10/25/2011 11:23:48 PM - Removed Apple Application Support

RP162: 10/25/2011 11:26:24 PM - Removed PhotoStudio

RP163: 10/26/2011 12:28:45 AM - Windows Update

RP164: 10/26/2011 12:31:10 AM - Windows Update

RP165: 10/26/2011 12:32:26 AM - Windows Update

RP166: 10/26/2011 12:33:49 AM - Windows Update

RP167: 10/26/2011 12:43:16 AM - Windows Update

RP168: 10/27/2011 10:02:07 AM - Installed calibre

RP169: 10/27/2011 7:00:11 PM - Removed Realtek Ethernet Controller Driver For Windows Vista andÞvK

RP170: 10/27/2011 7:02:10 PM - Installed Realtek Ethernet Controller Driver For Windows Vista ahp

RP171: 10/28/2011 12:19:11 AM - Removed Java 6 Update 29

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

ActiveHome Pro

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

AI Suite II

Amazon Kindle For PC

Amazon MP3 Downloader 1.0.12

Apple Software Update

Application Profiles

Audacity 1.3.13 (Unicode)

Belarc Advisor 8.1

BVS Solitaire Collection version 7.2

BVS Solitaire Plus Pack

calibre

CameraHelperMsi

Canon IJ Network Scan Utility

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MP Navigator EX 4.1

Canon My Printer

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

Creative Vado AAC Codec

Creative Vado Codec

Creative Vado Effects Plugin

Creative Vado HD Codec

Creative Vado MP4 Reader

Crysis Warhead

Crysis®

Crysis® 2

CyberPower PowerPanel Personal Edition 1.3

D3DX10

Dead Space™ 2

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Driver Sweeper version 3.0.0

DVD Shrink 3.2

erLT

FileZilla Client 3.5.1

Fraps

Google Chrome

Google Earth

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Watchdog Timer Driver (Intel® WDT)

JMicron JMB36X Driver

Junk Mail filter update

Logitech Harmony Remote Software 7

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Macrium Reflect Additions

MailWasherPro

Malwarebytes' Anti-Malware version 1.51.2.1300

marvell 91xx driver

Marvell Storage Utility V4

McAfee SecurityCenter

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Web 2

Microsoft Expression Web 2 MUI (English)

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MobiKindle

MotoHelper MergeModules

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

ooVoo

Origin

Pinnacle Instant DVD Recorder

Pinnacle Studio 12

Portal

Portal 2

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Remote Control USB Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SpywareBlaster 4.4

Steam

SureThing Express Labeler

The Complete National Geographic

UltraISO Premium V9.36

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Expression Web 2 (KB957827)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Outlook Social Connector (KB2583935)

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinX DVD Author 5.5.8

Xilisoft HD Video Converter 6

yProxy

.

==== Event Viewer Messages From Past Week ========

.

10/28/2011 12:54:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/28/2011 12:16:55 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume My Passport 500GB.

10/28/2011 1:00:23 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

10/27/2011 9:54:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

10/27/2011 7:08:09 PM, Error: RTL8167 [5003] - Realtek PCIe GBE Family Controller : Could not find a network adapter.

10/26/2011 12:22:47 AM, Error: RTL8167 [5003] - Realtek PCIe GBE Family Controller #3 : Could not find a network adapter.

10/24/2011 4:22:59 PM, Error: mv91xx [9] - The device, \Device\Scsi\mv91xx1, did not respond within the timeout period.

10/23/2011 5:01:04 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

.

==== End Of File ===========================

Also I have a complete clone I run weekly. This started on Tuesday and my last backup is from Sunday. And will run again this Sunday. Is this easy fix or should I restore my hard drive?

Thanks,

Steve

Attach.txt

DDS.txt

mbam-log-2011-10-28 (13-03-28).txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

More importantly, I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Staff

Thanks for letting us know.

For the future, I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.