Win 7 <something>

deltacoolguy · January 14, 2012

Got a virus/malware/trojan this morning. Started as something claiming to be "Win 7 <something> (didn't write down the name). I ran Malwarebytes and Outpost AV a couple times, and they both found stuff. However, whatever it was has wreaked havoc. My current computer status is...

- Cannot boot normally. Get's stuck in a continuous loop.

- Can boot to Safe Mode.

- Early on, no .exe files would work, including Malwarebytes (MWB). Was able to right-click and pick 'start', and MWB would then run. MWB will now run fine, but Outpost AV will not.

- Most other .exe programs will now run (in Safe Mode), but my Microsoft Office says it has lost the identification information, or something like that, and kicks me out.

- Did run SuperAnti-spyware and it did not find anything.

- MWB finds no more threats.

You should be aware of...

- I cannot now open Outpost AV, so I could not disable scripts or disable the program itself when running DDS.

- I did clean out the temp files with Ccleaner, and now realize that I should not have.

Without further ado...

**************************************************************************************

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.13.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Ken :: KEN-PC [administrator]

1/14/2012 3:25:24 AM

mbam-log-2012-01-14 (03-25-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 177514

Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*************************************************************************************

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22

Run by Ken at 3:32:32 on 2012-01-14

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8125.7186 [GMT -6:00]

.

AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}

SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [PowerPanel Personal Edition User Interaction] "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AdobeBridge]

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: blueearth.net\graderdev

Trusted Zone: blueearth.net\snapdev2010

Trusted Zone: blueearth.net\snappreview2010

Trusted Zone: blueearth.net\snapstage

Trusted Zone: emcp.com\snap2010

Trusted Zone: blueearth.net\graderdev

Trusted Zone: blueearth.net\snapdev2010

Trusted Zone: blueearth.net\snappreview2010

Trusted Zone: blueearth.net\snapstage

Trusted Zone: emcp.com\snap2010

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{38CA03F6-4A92-48AF-A06E-05C77AF33903} : DhcpNameServer = 192.168.0.1 205.171.3.25

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

AppInit_DLLs-X64: c:\progra~1\agnitum\outpos~1\wl_hook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\8x6zx5hs.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

S1 SandBox;SandBox;\??\C:\Windows\system32\drivers\SandBox64.sys --> C:\Windows\system32\drivers\SandBox64.sys [?]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2011-6-20 3501696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]

S3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys --> C:\Windows\system32\drivers\afwcore.sys [?]

S3 ASWFilt;ASWFilt;\??\C:\Windows\system32\Filt\ASWFilt64.dll --> C:\Windows\system32\Filt\ASWFilt64.dll [?]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-3-18 245760]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-17 1436424]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VBEngNT;VBEngNT;\??\C:\Windows\system32\drivers\VBEngNT.sys --> C:\Windows\system32\drivers\VBEngNT.sys [?]

S3 VBFilt;VBFilt;\??\C:\Windows\system32\Filt\VBFilt64.dll --> C:\Windows\system32\Filt\VBFilt64.dll [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-01-14 08:59:09 -------- d-----w- C:\Users\Ken\AppData\Roaming\SUPERAntiSpyware.com

2012-01-14 08:58:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-01-14 08:58:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-12-15 16:57:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 16:57:59 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-16 19:53:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-18 14:16:30 1390072 ----a-w- C:\Windows\System32\drivers\vbcorent-x64.sys

.

============= FINISH: 3:32:59.66 ===============

******************************************************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/16/2011 1:35:02 PM

System Uptime: 1/14/2012 3:24:15 AM (0 hours ago)

.

Motherboard: Intel Corporation | | DP35DP

Processor: Pentium® Dual-Core CPU E6300 @ 2.80GHz | CPU1 | 2800/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 396.902 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is FIXED (NTFS) - 466 GiB total, 296.847 GiB free.

L: is FIXED (NTFS) - 466 GiB total, 282.663 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID:

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18

Service:

.

==== System Restore Points ===================

.

RP100: 11/30/2011 12:00:01 AM - Scheduled Checkpoint

RP101: 12/7/2011 2:27:26 AM - Scheduled Checkpoint

RP102: 12/15/2011 - Scheduled Checkpoint

RP103: 12/16/2011 3:00:26 AM - Windows Update

RP104: 12/24/2011 12:00:11 AM - Scheduled Checkpoint

RP105: 1/1/2012 12:00:02 AM - Scheduled Checkpoint

RP106: 1/9/2012 4:33:12 AM - Scheduled Checkpoint

RP107: 1/11/2012 3:00:11 AM - Windows Update

RP108: 1/12/2012 3:00:14 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Acrobat 9 Pro

Adobe AIR

Adobe Audition 1.0

Adobe Community Help

Adobe Media Player

Adobe Photoshop CS5

Aspen Creek Photo ROES

Autodesk Design Review 2011

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

Autodesk Vault 2011 (Client)

Brother MFL-Pro Suite MFC-9840CDW

Brother MFL-Pro Suite MFC-J6710DW

Brother P-touch Address Book 1.0

Brother P-touch Editor 4.2

Brother P-touch Software

Brother QL-Series User's Guide

Canon MP Navigator 2.2

Canon MP830 User Registration

Canon Utilities Easy-PhotoPrint

CDex extraction audio

Cisco Network Magic

CuteFTP 8 Professional

CyberPower PowerPanel Personal Edition

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX 9 Runtime

DivX Setup

EMC 10 Content

FARO LS 1.1.406.58

Inkscape 0.48.1

Java Auto Updater

Java 6 Update 22

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Report Viewer Redistributable 2008 (KB971118)

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual Basic Power Packs 3.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.14)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Network Magic

Nuance PaperPort 12

Nuance PDF Viewer Plus

Nvu 1.0

PDF Settings CS5

Presto! PageManager 7.15.14

Pure Networks Platform

Quicken 2006

QuikPik

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio PhotoShow

Roxio Update Manager

ScanSoft OmniPage SE 4.0

Scansoft PDF Professional

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SnapPlayer

Sonic CinePlayer Decoder Pack

TextPad 5

TextPad Lexicons

Turbo-Mailer

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VC80CRTRedist - 8.0.50727.4053

Visual Studio 2008 x64 Redistributables

WebEx

Winamp

WinZip

WordPerfect Office 11

.

==== Event Viewer Messages From Past Week ========

.

1/14/2012 3:28:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

1/14/2012 3:28:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/14/2012 3:25:03 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/14/2012 3:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/14/2012 3:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/14/2012 3:24:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/14/2012 3:24:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/14/2012 3:24:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter SandBox SASDIFSV SASKUTIL spldr Wanarpv6

1/14/2012 3:22:45 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/14/2012 3:22:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

1/14/2012 3:22:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.

1/14/2012 3:22:32 AM, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/14/2012 3:22:27 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

1/13/2012 8:34:38 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/13/2012 5:47:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/13/2012 5:42:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter SandBox spldr Wanarpv6

1/13/2012 3:31:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

1/13/2012 1:56:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/13/2012 1:56:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/13/2012 1:56:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD afw CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss RxFilter SandBox spldr tdx Wanarpv6 WfpLwf

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2012 1:56:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2012 1:42:58 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

1/13/2012 1:39:57 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/13/2012 1:04:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

.

==== End Of File ===========================

deltacoolguy · January 19, 2012

I know you guys are busy, and I know you offer your help for free, but time is an issue for me as well. I also posted at bleepingcomputer three days after I posted here and they answered within 8 hours.

The problem has run deep, and they have only been able to partially help. Since I use my computer for business and have already been down for almost a week, I have given up and will be doing an OS re-install. Work files are not an issue, I'll just have to re-install my programs. A hassle, but at this point I cannot afford to be waiting around anymore.

Maurice Naggar · January 20, 2012

Resolved by deltacoolguy with re-install.

References (in brief) for deltacoolguy and any other readers.
Read Tony Klein's article How Did I Get Infected In The First Place
MS Online Safety & Privacy Education
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

This topic is closed.

Sign In

Win 7 <something>

Recommended Posts

deltacoolguy

Link to post

Share on other sites

deltacoolguy

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information