Jump to content

Marveloussearchsystem.com virus


BrianS

Recommended Posts

I was hit with this virus about a day or two ago. I think its a RootKit infection. The infection causes Internet explorer to randomly launch on its own showing search page results with the URL marveloussearchsystem.com.

I have up-to-date Trend Micro Internet Security virus protection and it did not prevent or detect it. I scanned with up-to-date Malwarebytes and it was able to detect it. I get this in the log:

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

I tried removing it, but the problem continues to show up on reboot. I have tried scanning in safe mode and performing a system recovery to the last recovery point. No luck.

I scanned with DDS and attached the DDS.txt and Attach.txt files. My system is Windows 7 Professional 64-bit.

Thanks for the help,

Brian

DDS.txt

Attach.txt

Link to post
Share on other sites

I think I was supposed to copy/paste the DDS and Attach file

Here's the DDS file:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Brian at 17:25:01 on 2011-11-06

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3884.2213 [GMT -8:00]

.

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\explorer.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWinlogon: Shell=C:\Users\Brian\AppData\Local\e1d6344e\X

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{1C429827-1E53-4221-8013-9BCED1480CAB} : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{2294425A-3774-45AC-A26B-DED9469799D3} : DhcpNameServer = 205.172.19.193 205.172.19.79

TCP: Interfaces\{F38A8763-E431-4065-A4CA-7E5130F570C6} : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{F38A8763-E431-4065-A4CA-7E5130F570C6}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\qw5usts2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-4-10 9663848]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-8-27 1620584]

R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-27 2314240]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MOSUMAC;USB-Ethernet Driver;C:\Windows\system32\DRIVERS\USBMAC64.SYS --> C:\Windows\system32\DRIVERS\USBMAC64.SYS [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-8-27 917768]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-07 00:52:02 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EB1ECBF-1FD3-45A3-A72E-25C0707FBABB}\mpengine.dll

2011-11-07 00:50:39 -------- d-----w- C:\Users\Brian\AppData\Local\{B4B20EC3-BF5D-40DF-BBE3-AC31E296F319}

2011-11-07 00:50:29 -------- d-----w- C:\Users\Brian\AppData\Local\{6A774BE2-4D68-41CC-9234-377B9E1DE14E}

2011-11-06 20:15:01 -------- d-----w- C:\Users\Brian\AppData\Local\{7C8A13DF-3CE1-41A5-BEC8-66A577960291}

2011-11-06 20:14:51 -------- d-----w- C:\Users\Brian\AppData\Local\{CEA78A51-F8CA-4C32-A41A-108AD8BB2BC6}

2011-11-06 04:36:17 -------- d-----w- C:\Users\Brian\AppData\Local\{92D3AE9D-AE64-48E2-90EA-FFAE8618C738}

2011-11-06 04:36:06 -------- d-----w- C:\Users\Brian\AppData\Local\{A2C9CF7A-F97A-4E50-99F7-DB21549CEE91}

2011-11-05 16:35:54 -------- d-----w- C:\Users\Brian\AppData\Local\{D3CCA1B4-242D-4E14-B9D3-EE2DBBC6F721}

2011-11-05 16:35:43 -------- d-----w- C:\Users\Brian\AppData\Local\{3DAAF76B-2716-477D-B35F-B3842E192B99}

2011-11-05 01:28:29 -------- d-----w- C:\Users\Brian\AppData\Local\{A999C282-4B95-426D-85EC-DD38CB470CA0}

2011-11-05 01:28:18 -------- d-----w- C:\Users\Brian\AppData\Local\{9EF08676-5FE1-4A4F-A214-90BFDF8F6B07}

2011-11-04 04:47:42 -------- d-----w- C:\Users\Brian\AppData\Local\{C228D7B0-1C28-41BB-AA3B-E609A7898934}

2011-11-03 16:47:18 -------- d-----w- C:\Users\Brian\AppData\Local\{3FCA77B6-423A-4F50-AECF-B84A927D8D58}

2011-11-03 16:47:06 -------- d-----w- C:\Users\Brian\AppData\Local\{2B01BFD0-3F46-40F7-A112-0B03A2A43F78}

2011-11-03 04:46:40 -------- d-----w- C:\Users\Brian\AppData\Local\{7D2B0CC0-DED7-427D-B743-C3D7B9EA0B3F}

2011-11-03 04:46:29 -------- d-----w- C:\Users\Brian\AppData\Local\{86DEBF4C-97D5-4C38-B22B-ABC995799244}

2011-11-02 16:46:16 -------- d-----w- C:\Users\Brian\AppData\Local\{012F5C13-131E-4EDE-87AC-76A6B8F0DC6C}

2011-11-02 16:46:05 -------- d-----w- C:\Users\Brian\AppData\Local\{A5307257-C4BB-4CF5-BD34-8D0EFCB081A5}

2011-11-02 04:45:38 -------- d-----w- C:\Users\Brian\AppData\Local\{9871A5D0-3462-44A9-AE52-9E1AB9943559}

2011-11-01 16:45:12 -------- d-----w- C:\Users\Brian\AppData\Local\{4B86A22D-5898-4F89-B6B1-6DF0FB651A3E}

2011-11-01 16:44:59 -------- d-----w- C:\Users\Brian\AppData\Local\{681D3BF3-52E1-41DE-B007-4CF0D28FE8B1}

2011-11-01 04:44:33 -------- d-----w- C:\Users\Brian\AppData\Local\{3C238A6A-01BB-4890-85B7-6D04788C1C73}

2011-10-31 16:44:10 -------- d-----w- C:\Users\Brian\AppData\Local\{C0AD4395-4B8C-49D0-BF22-B7FE42E36904}

2011-10-31 16:43:59 -------- d-----w- C:\Users\Brian\AppData\Local\{A27DAC29-42FD-4A51-8935-48993B0D5549}

2011-10-31 04:43:32 -------- d-----w- C:\Users\Brian\AppData\Local\{B192FEF3-B145-4ACA-84A8-A17962E98EFB}

2011-10-30 16:43:08 -------- d-----w- C:\Users\Brian\AppData\Local\{D87427F5-3AB7-40DF-B375-2C1D4B10612D}

2011-10-30 16:42:57 -------- d-----w- C:\Users\Brian\AppData\Local\{19FCA7AA-CB8A-4F2E-9613-41393B031C0B}

2011-10-30 04:38:33 -------- d-----w- C:\Users\Brian\AppData\Local\{72B7288C-DA73-45B3-BFEF-E9C58CBD0881}

2011-10-29 16:38:11 -------- d-----w- C:\Users\Brian\AppData\Local\{0FEB95F0-998B-42F8-9DB5-433E6C6299F6}

2011-10-29 16:38:01 -------- d-----w- C:\Users\Brian\AppData\Local\{F98C1A2B-3F2D-41BD-82CC-A393B7F3476D}

2011-10-29 04:27:58 -------- d-----w- C:\Users\Brian\AppData\Local\{D8436CB1-D3A8-49B8-9178-9994A9216B49}

2011-10-28 16:27:34 -------- d-----w- C:\Users\Brian\AppData\Local\{D6D8A70C-311C-4319-90EE-F1277D2B2DCD}

2011-10-28 16:27:23 -------- d-----w- C:\Users\Brian\AppData\Local\{8866008C-AE39-43C7-9E09-76CC401B1DC8}

2011-10-28 04:26:58 -------- d-----w- C:\Users\Brian\AppData\Local\{9E06029D-A7FF-470B-BE0E-CC8A5C0A1DC4}

2011-10-27 16:26:33 -------- d-----w- C:\Users\Brian\AppData\Local\{8E4B7539-7901-46F6-AD58-656F6B5A57F0}

2011-10-27 16:26:23 -------- d-----w- C:\Users\Brian\AppData\Local\{C3B8090B-2D06-490F-B96B-2D7B26E44422}

2011-10-27 04:25:53 -------- d-----w- C:\Users\Brian\AppData\Local\{A27B8137-1984-4DB1-BC9F-E259F3043FBB}

2011-10-27 04:25:42 -------- d-----w- C:\Users\Brian\AppData\Local\{6890DB5C-8C93-4DE3-8395-6BF75557DDE6}

2011-10-26 19:14:06 5632 --sha-w- C:\Users\Brian\wevtapi.dll

2011-10-26 19:14:06 257024 ----a-w- C:\Users\Brian\taskmgr.exe

2011-10-26 19:14:05 -------- d-sh--w- C:\Users\Brian\AppData\Local\e1d6344e

2011-10-26 16:25:15 -------- d-----w- C:\Users\Brian\AppData\Local\{E234BBCD-9F11-450E-A7F6-F468793A68FB}

2011-10-26 16:25:05 -------- d-----w- C:\Users\Brian\AppData\Local\{2D351CB0-7AC4-432C-A1DC-C445766F4475}

2011-10-25 15:14:42 -------- d-----w- C:\Users\Brian\AppData\Local\{9DE7AD49-2E46-463C-8D87-7C9BD8B91D73}

2011-10-25 15:14:32 -------- d-----w- C:\Users\Brian\AppData\Local\{09ED4393-7A02-4218-869E-D82496B4E143}

2011-10-25 00:32:57 -------- d-----w- C:\Users\Brian\AppData\Local\{13CF6161-1B22-4F4C-AF39-0437245A116F}

2011-10-25 00:32:47 -------- d-----w- C:\Users\Brian\AppData\Local\{BA236602-F953-4132-B714-2ADA8F341DC6}

2011-10-24 05:18:14 -------- d-----w- C:\Users\Brian\AppData\Local\{ABBCBCC9-26EA-4386-AD7E-512BF7F9DED4}

2011-10-23 17:17:52 -------- d-----w- C:\Users\Brian\AppData\Local\{C3B94473-7AD6-4AB6-B2E6-0212311F63A6}

2011-10-23 17:17:42 -------- d-----w- C:\Users\Brian\AppData\Local\{721E80DB-4664-48AA-AE44-9DF2BCED323A}

2011-10-23 05:10:52 -------- d-----w- C:\Users\Brian\AppData\Local\{A29716BD-192B-411B-B807-FEF990EFA17A}

2011-10-23 05:10:41 -------- d-----w- C:\Users\Brian\AppData\Local\{D0F92D9F-8AF9-4F72-8C41-3B6B905824BD}

2011-10-22 17:10:17 -------- d-----w- C:\Users\Brian\AppData\Local\{0D8EE31A-FC72-45F2-8057-83B753B40AD3}

2011-10-22 17:10:07 -------- d-----w- C:\Users\Brian\AppData\Local\{57EFDC35-0B8C-424A-9FCA-1253A2AA5ED1}

2011-10-22 03:48:25 -------- d-----w- C:\Users\Brian\AppData\Local\{A5CA92AB-0476-4DEF-8BAB-EA2F57B035F9}

2011-10-21 15:48:03 -------- d-----w- C:\Users\Brian\AppData\Local\{332F681B-4C12-4B83-896F-329BA0D49C6D}

2011-10-21 15:47:53 -------- d-----w- C:\Users\Brian\AppData\Local\{6DDF7A28-1596-46ED-B0E3-38F8159D81DD}

2011-10-21 13:45:39 -------- d-----w- C:\Users\Brian\AppData\Local\{31E4343F-6706-4903-9119-68B0ECDC1669}

2011-10-21 13:45:28 -------- d-----w- C:\Users\Brian\AppData\Local\{129B8C35-CB27-48F6-927B-DEFD54FDC37E}

2011-10-21 01:45:02 -------- d-----w- C:\Users\Brian\AppData\Local\{56B53E6F-292D-4C05-BB3D-D606C1C1094B}

2011-10-21 01:44:51 -------- d-----w- C:\Users\Brian\AppData\Local\{A4210757-5F3F-4D6B-9CC5-68A6C2A69969}

2011-10-20 13:44:25 -------- d-----w- C:\Users\Brian\AppData\Local\{2B39AD93-5F88-4799-B287-31F1634BE2CE}

2011-10-20 13:44:14 -------- d-----w- C:\Users\Brian\AppData\Local\{038EB6F4-41FD-4EF4-B4A0-0A9B8FD2CE50}

2011-10-20 01:43:49 -------- d-----w- C:\Users\Brian\AppData\Local\{F2D46D77-493E-4A67-B5A0-5114906EA015}

2011-10-20 01:43:37 -------- d-----w- C:\Users\Brian\AppData\Local\{6FDABE00-830C-4154-AE8C-4AD9A9AD6223}

2011-10-19 13:43:12 -------- d-----w- C:\Users\Brian\AppData\Local\{04167BB1-AF86-4B91-A95E-3C43DBCA2738}

2011-10-19 13:43:02 -------- d-----w- C:\Users\Brian\AppData\Local\{A2119036-4C19-43F2-9E2A-541E53CF3E2C}

2011-10-18 18:02:47 -------- d-----w- C:\Users\Brian\AppData\Local\{41EE2995-1021-4BEA-9EC4-8D781F12C3AD}

2011-10-18 18:02:36 -------- d-----w- C:\Users\Brian\AppData\Local\{F57E2DBE-84BD-4E22-9C26-75EA46A799C7}

2011-10-18 06:02:11 -------- d-----w- C:\Users\Brian\AppData\Local\{0FB9ADC8-FE6E-44BE-A07F-F588D0410E74}

2011-10-17 18:01:49 -------- d-----w- C:\Users\Brian\AppData\Local\{FD4FD085-0CB0-4A67-BCE8-86B8945C4110}

2011-10-17 18:01:39 -------- d-----w- C:\Users\Brian\AppData\Local\{227B1EE2-1E5F-44FC-B5FF-FC12BB678F3F}

2011-10-16 17:16:16 -------- d-----w- C:\Users\Brian\AppData\Local\{FA5FAAD8-D697-4E89-BFBB-4495E786DDED}

2011-10-16 17:15:36 -------- d-----w- C:\Users\Brian\AppData\Local\{8128B7ED-3EA7-4085-899D-636D4DAF093D}

2011-10-16 01:27:15 -------- d-----w- C:\Users\Brian\AppData\Local\{5B59F6E9-665C-4518-B5E1-43F71B2CBA1D}

2011-10-16 01:23:37 -------- d-----w- C:\Users\Brian\AppData\Local\{52FD4461-9A90-4D34-8EE1-234574A2F26C}

2011-10-15 02:17:28 -------- d-----w- C:\Users\Brian\AppData\Local\{8371CF92-8B57-4721-8E52-200139956375}

2011-10-15 02:17:18 -------- d-----w- C:\Users\Brian\AppData\Local\{43B7C761-598D-4A3C-8353-38D304BF6CFC}

2011-10-14 05:20:29 -------- d-----w- C:\Users\Brian\AppData\Local\{BBCA18B3-94A8-442B-8F84-661F49DD8E09}

2011-10-14 05:18:27 -------- d-----w- C:\Users\Brian\AppData\Local\{11FFE3A9-925D-49D4-90E2-800DC164C75F}

2011-10-13 17:18:03 -------- d-----w- C:\Users\Brian\AppData\Local\{3B1E796F-5DAE-4E8B-A30F-8E582C86B53D}

2011-10-13 17:17:53 -------- d-----w- C:\Users\Brian\AppData\Local\{613327D4-06DC-4BFD-898C-E3E0B8BF4045}

2011-10-12 18:00:39 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-12 18:00:37 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-12 18:00:37 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-12 18:00:37 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-12 18:00:36 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-12 18:00:24 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-12 18:00:24 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-12 18:00:24 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-12 18:00:24 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-12 17:40:54 -------- d-----w- C:\Users\Brian\AppData\Local\{DA67C963-26CE-4923-8697-78CF31BFE058}

2011-10-12 17:40:43 -------- d-----w- C:\Users\Brian\AppData\Local\{15EACA4E-8F66-4473-826A-92C5D62A3ABA}

2011-10-12 05:40:19 -------- d-----w- C:\Users\Brian\AppData\Local\{407C9A4F-D2E5-4D96-B11E-56D57EDBB7A0}

2011-10-12 05:40:09 -------- d-----w- C:\Users\Brian\AppData\Local\{E5FFD308-9B10-4E40-9959-322E12344408}

2011-10-11 17:13:11 -------- d-----w- C:\Users\Brian\AppData\Local\{FFD13598-8FB4-451D-ABA8-4282CC023444}

2011-10-11 05:04:29 -------- d-----w- C:\Users\Brian\AppData\Local\{A58B29A0-B7A7-4557-A4D2-C4D86315CB75}

2011-10-11 05:04:19 -------- d-----w- C:\Users\Brian\AppData\Local\{D54F6109-4568-44BD-974A-E42E283877DC}

2011-10-10 16:40:56 -------- d-----w- C:\Users\Brian\AppData\Local\{9FD73850-FDF9-47E4-9C34-AF9C636C213E}

2011-10-10 16:40:15 -------- d-----w- C:\Users\Brian\AppData\Local\{5B5970B9-8232-49A4-A33C-ED936C9CA070}

2011-10-10 04:39:16 -------- d-----w- C:\Users\Brian\AppData\Local\{CF0B068B-B24E-42CC-A121-BEA6AA642D97}

2011-10-08 21:20:41 -------- d-----w- C:\Users\Brian\AppData\Local\{34224FB8-0CA1-42A9-96AE-1CECEE7AC56A}

2011-10-08 21:20:31 -------- d-----w- C:\Users\Brian\AppData\Local\{ADC22D2C-4FC2-4FC9-A1F0-9678976F6B82}

.

==================== Find3M ====================

.

2011-10-31 13:14:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-25 18:00:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:25:25.51 ===============

Link to post
Share on other sites

And the Attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/27/2010 5:24:34 AM

System Uptime: 11/6/2011 4:49:17 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K42Jc

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | Socket 989 | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 204.608 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP200: 9/28/2011 10:55:09 PM - Windows Update

RP201: 10/4/2011 6:38:42 AM - Windows Update

RP202: 10/11/2011 10:13:19 AM - Windows Update

RP203: 10/12/2011 11:34:30 AM - Windows Update

RP204: 10/18/2011 6:02:46 AM - Windows Update

RP205: 10/21/2011 6:14:02 AM - Windows Update

RP206: 10/25/2011 8:17:45 AM - Windows Update

RP207: 10/26/2011 12:14:40 PM - Windows Update

RP208: 11/1/2011 8:33:48 AM - Windows Update

RP209: 11/6/2011 5:42:56 PM - Restore Operation

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.2

AIO_Scan

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS MultiFrame

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ATK Package

Better Homes and Gardens Home Designer Suite 7.0

BioWare Premium Module: Neverwinter Nights Kingmaker

BufferChm

C4200

c4200_Help

Chinese Simplified Fonts Support For Adobe Reader 9

Chinese Traditional Fonts Support For Adobe Reader 9

Comcast Desktop Software (v1.2.0.9)

ControlDeck

Copy

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDVD

CyberLink PowerProducer

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocProc

GPBaseService2

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

K_Series_ScreenSaver_EN

LG Tool Kit

Malwarebytes' Anti-Malware version 1.51.0.1200

MarketResearch

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.6.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Neverwinter Nights

Neverwinter Nights 2

NVIDIA Updatus

PS_AIO_Software_min

Realtek High Definition Audio Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SmartWebPrinting

SolutionCenter

Status

Toolbox

TrayApp

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Outlook Social Connector (KB2583935)

WebReg

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

11/6/2011 9:54:27 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

11/6/2011 8:04:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

11/6/2011 1:46:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/6/2011 1:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/6/2011 1:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/6/2011 1:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/6/2011 1:46:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/6/2011 1:46:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/6/2011 1:46:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/6/2011 1:46:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/31/2011 7:27:47 PM, Error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).

10/31/2011 6:38:06 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.