Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Program Has Stopped Working Errors - Malware?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Irkd

Irkd

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 PM

Posted 14 September 2013 - 03:09 PM

I get the "program has stopped working" error dialog box with Notepad, Outlook, Word, Excel, Powerpoint, Adobe Acrobat and even with DDS while I was following the preparation steps before posting here.  At first, I got a dialog box that said an add-in was the problem and asked me if I wanted to remove it by clicking.  I did this a few times but still could not launch the program I was trying to open which was Outlook.  I'm sure now that I should not have clicked.  At this point, I only get the Program has stopped working dialog box with an option to close program.  This all started yesterday.

 

Also, when I was backing up my Outlook.pst file following the forum prep instructions, I noticed that the file format is no longer ".pst" but rather it's in adobe acrobat "PDF" format.  I think I need help in uncorrupting or resetting the format of my Outlook file.

 

The dds.txt info is below and the attach.txt file is attached, per the instructions.  Thank you in advance for all of your help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.5.1
Run by Administrator at 15:20:40 on 2013-09-14
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.6135.4096 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081024
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://relativity.fiosdiscovery.com/Relativity/ActiveX/webclientmanager.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity4.cdslegal.com/Relativity/ActiveX/webclientmanager.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3345AC1D-B1DE-4153-B5DE-09EF485B8113} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4B169A39-2C3A-4078-95B1-1AC92FC473BB} : DHCPNameServer = 192.168.1.1 68.237.161.12
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zi30ng5t.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 cpuz133;cpuz133;C:\WINDOWS\System32\Drivers\cpuz133_x64.sys [2010-5-4 20968]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-3 13336]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-6-12 2348472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW76.sys [2012-5-14 96896]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\Drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem60.inf,%PID_082D_DD%(UVC);Logitech HD Pro Webcam C920(UVC);C:\WINDOWS\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\Drivers\rzudd.sys [2013-3-4 117248]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-9-7 476936]
S3 cpuz132;cpuz132;C:\WINDOWS\System32\Drivers\cpuz132_x64.sys [2010-5-13 19432]
S3 RzSynapse;Razer Driver;C:\WINDOWS\System32\Drivers\RzSynapse.sys [2011-3-31 126464]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-1-23 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-18 239616]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-12 25824]
S4 RsFx0200;RsFx0200 Driver;C:\WINDOWS\System32\Drivers\RsFx0200.sys [2012-2-11 334936]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-12 608696]
S4 TSScheduleBackup;TimeslipsBackup;C:\Windows\SysWOW64\TSSchBkpService.exe [2010-5-28 705024]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-14 16:06:49 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD62FEB5-94E3-451C-9BB0-9546523C2E7A}\mpengine.dll
2013-09-13 07:00:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-12 14:39:24 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 02:51:01 4917760 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2013-09-12 02:51:00 2371728 ----a-w- C:\WINDOWS\System32\WSService.dll
2013-09-12 02:51:00 209200 ----a-w- C:\WINDOWS\System32\NotificationUI.exe
2013-09-12 02:48:28 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-09-12 02:48:20 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-09-08 02:33:13 -------- d-----w- C:\ProgramData\BitRaider
2013-09-08 02:32:22 -------- d-----w- C:\Users\Administrator\AppData\Local\SWTORPerf
2013-09-08 02:31:26 4991496 ----a-w- C:\WINDOWS\System32\D3DX9_38.dll
2013-09-08 02:31:26 3850760 ----a-w- C:\WINDOWS\SysWow64\D3DX9_38.dll
2013-09-08 02:30:53 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-02 21:29:34 941720 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FFE75C5-46FC-45D5-B130-DD63FBBD18E5}\gapaengine.dll
2013-08-19 16:12:01 694272 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2013-08-19 16:12:01 1314816 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2013-08-19 16:12:00 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-08-19 16:11:09 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll
2013-08-19 16:11:09 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2013-08-19 16:11:09 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-08-19 16:11:09 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-08-19 16:11:08 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2013-08-19 16:11:08 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2013-08-19 16:11:08 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2013-08-19 16:11:08 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-08-19 16:11:08 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2013-08-19 15:17:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-19 15:17:20 -------- d-----w- C:\Program Files\iTunes
2013-08-19 15:17:20 -------- d-----w- C:\Program Files\iPod
2013-08-19 15:17:20 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-09-05 20:09:17 78296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
2013-08-16 05:22:22 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
2013-08-16 05:20:30 105984 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\WINDOWS\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\WINDOWS\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\WINDOWS\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\WINDOWS\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\WINDOWS\SysWow64\sppc.dll
2013-07-09 08:04:07 120144 ----a-w- C:\WINDOWS\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\WINDOWS\System32\WerFault.exe
2013-07-09 04:25:45 385768 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\WINDOWS\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\WINDOWS\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\WINDOWS\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\WINDOWS\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\WINDOWS\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\WINDOWS\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\WINDOWS\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\WINDOWS\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\WINDOWS\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\WINDOWS\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2013-06-19 05:36:21 183808 ----a-w- C:\WINDOWS\System32\winmmbase.dll
2013-06-19 05:36:21 115712 ----a-w- C:\WINDOWS\System32\winmm.dll
2013-06-18 22:38:00 160256 ----a-w- C:\WINDOWS\SysWow64\winmmbase.dll
2013-06-18 22:38:00 125440 ----a-w- C:\WINDOWS\SysWow64\winmm.dll
2013-06-16 22:41:31 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2009-06-24 16:30:52 23004456 ----a-w- C:\Program Files\timeslip.exe
2009-06-03 21:13:00 156968 ----a-w- C:\Program Files\TSRptDsc.dll
2009-06-03 21:02:42 81408 ----a-w- C:\Program Files\WPos32.dll
2009-06-03 21:02:42 286208 ----a-w- C:\Program Files\wPDF010A.dll
2009-06-03 21:02:40 86016 ----a-w- C:\Program Files\WGram32.dll
2009-06-03 21:02:40 3916840 ----a-w- C:\Program Files\TSReports.dll
2009-06-03 21:02:06 326656 ----a-w- C:\Program Files\MSVcrt40.dll
2009-06-03 21:02:06 267536 ----a-w- C:\Program Files\MSVcrt.dll
2009-06-03 21:02:06 253952 ----a-w- C:\Program Files\MSVcrt20.dll
2009-06-03 20:55:42 172032 ----a-w- C:\Program Files\SSCE5332.dll
2008-03-28 15:10:08 1523040 ----a-w- C:\Program Files\flashplayer9.exe
.
============= FINISH: 15:20:46.42 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 19 September 2013 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507836 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Irkd

Irkd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 PM

Posted 19 September 2013 - 06:40 PM

I included a description of the problem I'm having in my original post.  The most significant problem is that I can't get Outlook to run.  I get the program has stopped working error.  I get that error with all the other programs I mentioned in the OP but I use Outlook the most so it's the biggest problem for me.  Also, as mentioned, my Outlook.pst file appears to be corrupted or at least converted to PDF format and is not in .pst format.  I have not taken any steps beyond following the forum instructions - I'm hoping you guys will help me and I'm afraid I'll make things worse if I try to fix this myself.  I installed Windows 8 64 bit from a MicroSoft download but have a backup CD somewhere in a box - I just moved recently. 

 

Thank you in advance for your help.

 

Here is the new DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.5.1
Run by Administrator at 19:30:36 on 2013-09-19
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.6135.4351 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081024
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://relativity.fiosdiscovery.com/Relativity/ActiveX/webclientmanager.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity4.cdslegal.com/Relativity/ActiveX/webclientmanager.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3345AC1D-B1DE-4153-B5DE-09EF485B8113} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4B169A39-2C3A-4078-95B1-1AC92FC473BB} : DHCPNameServer = 192.168.1.1 68.237.161.12
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zi30ng5t.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 cpuz133;cpuz133;C:\WINDOWS\System32\Drivers\cpuz133_x64.sys [2010-5-4 20968]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-3 13336]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-6-12 2348472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW76.sys [2012-5-14 96896]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\Drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem60.inf,%PID_082D_DD%(UVC);Logitech HD Pro Webcam C920(UVC);C:\WINDOWS\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\Drivers\rzudd.sys [2013-3-4 117248]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-9-7 476936]
S3 cpuz132;cpuz132;C:\WINDOWS\System32\Drivers\cpuz132_x64.sys [2010-5-13 19432]
S3 RzSynapse;Razer Driver;C:\WINDOWS\System32\Drivers\RzSynapse.sys [2011-3-31 126464]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-1-23 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-18 239616]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-12 25824]
S4 RsFx0200;RsFx0200 Driver;C:\WINDOWS\System32\Drivers\RsFx0200.sys [2012-2-11 334936]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-12 608696]
S4 TSScheduleBackup;TimeslipsBackup;C:\Windows\SysWOW64\TSSchBkpService.exe [2010-5-28 705024]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-14 16:06:49 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD62FEB5-94E3-451C-9BB0-9546523C2E7A}\mpengine.dll
2013-09-13 07:00:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-12 14:39:24 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 02:51:01 4917760 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2013-09-12 02:51:00 2371728 ----a-w- C:\WINDOWS\System32\WSService.dll
2013-09-12 02:51:00 209200 ----a-w- C:\WINDOWS\System32\NotificationUI.exe
2013-09-12 02:48:28 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-09-12 02:48:20 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-09-08 02:33:13 -------- d-----w- C:\ProgramData\BitRaider
2013-09-08 02:32:22 -------- d-----w- C:\Users\Administrator\AppData\Local\SWTORPerf
2013-09-08 02:31:26 4991496 ----a-w- C:\WINDOWS\System32\D3DX9_38.dll
2013-09-08 02:31:26 3850760 ----a-w- C:\WINDOWS\SysWow64\D3DX9_38.dll
2013-09-08 02:30:53 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-02 21:29:34 941720 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FFE75C5-46FC-45D5-B130-DD63FBBD18E5}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-09-05 20:09:17 78296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
2013-08-16 05:22:22 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
2013-08-16 05:20:30 105984 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\WINDOWS\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\WINDOWS\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\WINDOWS\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\WINDOWS\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\WINDOWS\SysWow64\sppc.dll
2013-07-13 06:18:21 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\WINDOWS\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\WINDOWS\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\WINDOWS\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\WINDOWS\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\WINDOWS\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\WINDOWS\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\WINDOWS\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\WINDOWS\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\WINDOWS\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\WINDOWS\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\WINDOWS\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\WINDOWS\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2009-06-24 16:30:52 23004456 ----a-w- C:\Program Files\timeslip.exe
2009-06-03 21:13:00 156968 ----a-w- C:\Program Files\TSRptDsc.dll
2009-06-03 21:02:42 81408 ----a-w- C:\Program Files\WPos32.dll
2009-06-03 21:02:42 286208 ----a-w- C:\Program Files\wPDF010A.dll
2009-06-03 21:02:40 86016 ----a-w- C:\Program Files\WGram32.dll
2009-06-03 21:02:40 3916840 ----a-w- C:\Program Files\TSReports.dll
2009-06-03 21:02:06 326656 ----a-w- C:\Program Files\MSVcrt40.dll
2009-06-03 21:02:06 267536 ----a-w- C:\Program Files\MSVcrt.dll
2009-06-03 21:02:06 253952 ----a-w- C:\Program Files\MSVcrt20.dll
2009-06-03 20:55:42 172032 ----a-w- C:\Program Files\SSCE5332.dll
2008-03-28 15:10:08 1523040 ----a-w- C:\Program Files\flashplayer9.exe
.
============= FINISH: 19:31:24.03 ===============
 



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 21 September 2013 - 03:18 AM

Hello, my name is Elise and I'll assist you with this issue.

 

Have you tried already to reboot in Safe Mode and start any of the affected applications there? Do they start fine or do they give the same error?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Irkd

Irkd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 PM

Posted 21 September 2013 - 02:44 PM

Elise:  Thank you for your reply.  When I boot in Safe Mode, the programs either give a dialog box saying they failed to start or they just close. 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 22 September 2013 - 01:52 AM

Lets do an additional rootkit scan, just to be sure.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Irkd

Irkd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 PM

Posted 22 September 2013 - 09:19 AM

Elise:  Thank you.  I ran TDSSKiller and it didn't find anything.  I'm still having the "program has stopped working" error when I try to open Word, Outlook, Excel, Powerpoint, Adobe, etc.  I'm starting to get worried.  An OS reinstall will cause me a boatload of pain.

 

10:07:21.0684 0x1940  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
10:07:21.0944 0x1940  ============================================================
10:07:21.0944 0x1940  Current date / time: 2013/09/22 10:07:21.0944
10:07:21.0944 0x1940  SystemInfo:
10:07:21.0944 0x1940 
10:07:21.0944 0x1940  OS Version: 6.2.9200 ServicePack: 0.0
10:07:21.0944 0x1940  Product type: Workstation
10:07:21.0944 0x1940  ComputerName: CM-WORK
10:07:21.0944 0x1940  UserName: Administrator
10:07:21.0944 0x1940  Windows directory: C:\WINDOWS
10:07:21.0944 0x1940  System windows directory: C:\WINDOWS
10:07:21.0944 0x1940  Running under WOW64
10:07:21.0944 0x1940  Processor architecture: Intel x64
10:07:21.0944 0x1940  Number of processors: 8
10:07:21.0944 0x1940  Page size: 0x1000
10:07:21.0944 0x1940  Boot type: Normal boot
10:07:21.0944 0x1940  ============================================================
10:07:22.0584 0x1940  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:07:22.0584 0x1940  Drive \Device\Harddisk1\DR1 - Size: 0x1AC882A000 (107.13 Gb), SectorSize: 0x200, Cylinders: 0x36A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:07:22.0594 0x1940  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:07:22.0594 0x1940  Drive \Device\Harddisk3\DR3 - Size: 0x7470800000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:07:22.0624 0x1940  ============================================================
10:07:22.0624 0x1940  \Device\Harddisk0\DR0:
10:07:22.0624 0x1940  MBR partitions:
10:07:22.0624 0x1940  \Device\Harddisk1\DR1:
10:07:22.0624 0x1940  MBR partitions:
10:07:22.0624 0x1940  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xD643000
10:07:22.0624 0x1940  \Device\Harddisk2\DR2:
10:07:22.0624 0x1940  MBR partitions:
10:07:22.0624 0x1940  \Device\Harddisk3\DR3:
10:07:22.0624 0x1940  MBR partitions:
10:07:22.0624 0x1940  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
10:07:22.0624 0x1940  ============================================================
10:07:22.0624 0x1940  D: <-> \Device\Harddisk1\DR1\Partition1
10:07:22.0654 0x1940  F: <-> \Device\Harddisk3\DR3\Partition1
10:07:22.0654 0x1940  ============================================================
10:07:22.0654 0x1940  Initialize success
10:07:22.0654 0x1940  ============================================================
10:07:26.0304 0x127c  ============================================================
10:07:26.0304 0x127c  Scan started
10:07:26.0304 0x127c  Mode: Manual;
10:07:26.0304 0x127c  ============================================================
10:07:26.0504 0x127c  ================ Scan system memory ========================
10:07:26.0504 0x127c  System memory - ok
10:07:26.0504 0x127c  ================ Scan services =============================
10:07:26.0514 0x127c  1394ohci - ok
10:07:26.0514 0x127c  3ware - ok
10:07:26.0514 0x127c  ACPI - ok
10:07:26.0524 0x127c  acpiex - ok
10:07:26.0524 0x127c  acpipagr - ok
10:07:26.0524 0x127c  AcpiPmi - ok
10:07:26.0524 0x127c  acpitime - ok
10:07:26.0524 0x127c  AdobeARMservice - ok
10:07:26.0534 0x127c  adp94xx - ok
10:07:26.0534 0x127c  adpahci - ok
10:07:26.0534 0x127c  adpu320 - ok
10:07:26.0534 0x127c  AeLookupSvc - ok
10:07:26.0534 0x127c  AFD - ok
10:07:26.0544 0x127c  agp440 - ok
10:07:26.0544 0x127c  ALG - ok
10:07:26.0544 0x127c  AllUserInstallAgent - ok
10:07:26.0544 0x127c  AMD External Events Utility - ok
10:07:26.0544 0x127c  AmdK8 - ok
10:07:26.0554 0x127c  amdkmdag - ok
10:07:26.0554 0x127c  amdkmdap - ok
10:07:26.0554 0x127c  AmdPPM - ok
10:07:26.0554 0x127c  amdsata - ok
10:07:26.0554 0x127c  amdsbs - ok
10:07:26.0554 0x127c  amdxata - ok
10:07:26.0564 0x127c  AppHostSvc - ok
10:07:26.0564 0x127c  AppID - ok
10:07:26.0564 0x127c  AppIDSvc - ok
10:07:26.0564 0x127c  Appinfo - ok
10:07:26.0564 0x127c  Apple Mobile Device - ok
10:07:26.0574 0x127c  AppMgmt - ok
10:07:26.0574 0x127c  arc - ok
10:07:26.0574 0x127c  arcsas - ok
10:07:26.0584 0x127c  aspnet_state - ok
10:07:26.0584 0x127c  asusgsb - ok
10:07:26.0584 0x127c  AsyncMac - ok
10:07:26.0584 0x127c  atapi - ok
10:07:26.0584 0x127c  AtiHDAudioService - ok
10:07:26.0594 0x127c  AtiHdmiService - ok
10:07:26.0594 0x127c  AudioEndpointBuilder - ok
10:07:26.0594 0x127c  Audiosrv - ok
10:07:26.0594 0x127c  Avgboota - ok
10:07:26.0594 0x127c  Avgdiska - ok
10:07:26.0604 0x127c  AVGIDSAgent - ok
10:07:26.0604 0x127c  AVGIDSDriver - ok
10:07:26.0604 0x127c  AVGIDSHA - ok
10:07:26.0604 0x127c  Avgldx64 - ok
10:07:26.0604 0x127c  Avgloga - ok
10:07:26.0614 0x127c  Avgmfx64 - ok
10:07:26.0614 0x127c  Avgrkx64 - ok
10:07:26.0614 0x127c  avgwd - ok
10:07:26.0614 0x127c  Avgwfpa - ok
10:07:26.0614 0x127c  AxInstSV - ok
10:07:26.0624 0x127c  b06bdrv - ok
10:07:26.0624 0x127c  BasicDisplay - ok
10:07:26.0624 0x127c  BasicRender - ok
10:07:26.0624 0x127c  BDESVC - ok
10:07:26.0624 0x127c  Beep - ok
10:07:26.0634 0x127c  BFE - ok
10:07:26.0644 0x127c  BITS - ok
10:07:26.0644 0x127c  Bonjour Service - ok
10:07:26.0644 0x127c  bowser - ok
10:07:26.0644 0x127c  BRDriver64 - ok
10:07:26.0644 0x127c  BrokerInfrastructure - ok
10:07:26.0654 0x127c  Browser - ok
10:07:26.0654 0x127c  BRSptSvc - ok
10:07:26.0654 0x127c  BthAvrcpTg - ok
10:07:26.0654 0x127c  BthHFEnum - ok
10:07:26.0664 0x127c  bthhfhid - ok
10:07:26.0664 0x127c  BTHMODEM - ok
10:07:26.0664 0x127c  bthserv - ok
10:07:26.0664 0x127c  cdfs - ok
10:07:26.0674 0x127c  cdrom - ok
10:07:26.0674 0x127c  CertPropSvc - ok
10:07:26.0674 0x127c  circlass - ok
10:07:26.0674 0x127c  CLFS - ok
10:07:26.0684 0x127c  CmBatt - ok
10:07:26.0684 0x127c  CNG - ok
10:07:26.0684 0x127c  CompositeBus - ok
10:07:26.0694 0x127c  COMSysApp - ok
10:07:26.0694 0x127c  condrv - ok
10:07:26.0694 0x127c  cpuz132 - ok
10:07:26.0694 0x127c  cpuz133 - ok
10:07:26.0694 0x127c  CryptSvc - ok
10:07:26.0704 0x127c  CSC - ok
10:07:26.0704 0x127c  CscService - ok
10:07:26.0704 0x127c  dam - ok
10:07:26.0704 0x127c  DcomLaunch - ok
10:07:26.0714 0x127c  defragsvc - ok
10:07:26.0714 0x127c  DeviceAssociationService - ok
10:07:26.0714 0x127c  DeviceInstall - ok
10:07:26.0714 0x127c  Dfsc - ok
10:07:26.0714 0x127c  Dhcp - ok
10:07:26.0714 0x127c  discache - ok
10:07:26.0724 0x127c  disk - ok
10:07:26.0724 0x127c  dmvsc - ok
10:07:26.0724 0x127c  Dnscache - ok
10:07:26.0724 0x127c  dot3svc - ok
10:07:26.0724 0x127c  DPS - ok
10:07:26.0734 0x127c  drmkaud - ok
10:07:26.0754 0x127c  DsmSvc - ok
10:07:26.0764 0x127c  DXGKrnl - ok
10:07:26.0764 0x127c  Eaphost - ok
10:07:26.0764 0x127c  ebdrv - ok
10:07:26.0764 0x127c  EFS - ok
10:07:26.0764 0x127c  ehRecvr - ok
10:07:26.0774 0x127c  ehSched - ok
10:07:26.0774 0x127c  EhStorClass - ok
10:07:26.0774 0x127c  EhStorTcgDrv - ok
10:07:26.0774 0x127c  ErrDev - ok
10:07:26.0784 0x127c  EventSystem - ok
10:07:26.0784 0x127c  exfat - ok
10:07:26.0784 0x127c  fastfat - ok
10:07:26.0784 0x127c  Fax - ok
10:07:26.0804 0x127c  fdc - ok
10:07:26.0804 0x127c  fdPHost - ok
10:07:26.0804 0x127c  FDResPub - ok
10:07:26.0804 0x127c  fhsvc - ok
10:07:26.0814 0x127c  FileInfo - ok
10:07:26.0814 0x127c  Filetrace - ok
10:07:26.0814 0x127c  flpydisk - ok
10:07:26.0814 0x127c  FltMgr - ok
10:07:26.0814 0x127c  FontCache - ok
10:07:26.0824 0x127c  FontCache3.0.0.0 - ok
10:07:26.0824 0x127c  FsDepends - ok
10:07:26.0824 0x127c  Fs_Rec - ok
10:07:26.0824 0x127c  fvevol - ok
10:07:26.0824 0x127c  FxPPM - ok
10:07:26.0834 0x127c  gagp30kx - ok
10:07:26.0834 0x127c  GEARAspiWDM - ok
10:07:26.0834 0x127c  gencounter - ok
10:07:26.0834 0x127c  GPIOClx0101 - ok
10:07:26.0844 0x127c  gpsvc - ok
10:07:26.0844 0x127c  gupdate - ok
10:07:26.0844 0x127c  gupdatem - ok
10:07:26.0844 0x127c  HdAudAddService - ok
10:07:26.0844 0x127c  HDAudBus - ok
10:07:26.0844 0x127c  HidBatt - ok
10:07:26.0854 0x127c  HidBth - ok
10:07:26.0854 0x127c  hidi2c - ok
10:07:26.0854 0x127c  HidIr - ok
10:07:26.0854 0x127c  hidserv - ok
10:07:26.0854 0x127c  HidUsb - ok
10:07:26.0864 0x127c  hkmsvc - ok
10:07:26.0864 0x127c  HomeGroupListener - ok
10:07:26.0864 0x127c  HomeGroupProvider - ok
10:07:26.0864 0x127c  HpSAMD - ok
10:07:26.0864 0x127c  HTTP - ok
10:07:26.0874 0x127c  hwpolicy - ok
10:07:26.0874 0x127c  hyperkbd - ok
10:07:26.0874 0x127c  HyperVideo - ok
10:07:26.0874 0x127c  i8042prt - ok
10:07:26.0874 0x127c  IAStorDataMgrSvc - ok
10:07:26.0884 0x127c  iaStorV - ok
10:07:26.0884 0x127c  IDriverT - ok
10:07:26.0884 0x127c  iirsp - ok
10:07:26.0884 0x127c  IKEEXT - ok
10:07:26.0894 0x127c  intelide - ok
10:07:26.0894 0x127c  intelppm - ok
10:07:26.0894 0x127c  IpFilterDriver - ok
10:07:26.0894 0x127c  iphlpsvc - ok
10:07:26.0894 0x127c  IPMIDRV - ok
10:07:26.0894 0x127c  IPNAT - ok
10:07:26.0904 0x127c  iPod Service - ok
10:07:26.0904 0x127c  IRENUM - ok
10:07:26.0904 0x127c  isapnp - ok
10:07:26.0904 0x127c  iScsiPrt - ok
10:07:26.0904 0x127c  kbdclass - ok
10:07:26.0914 0x127c  kbdhid - ok
10:07:26.0914 0x127c  kdnic - ok
10:07:26.0914 0x127c  KeyIso - ok
10:07:26.0914 0x127c  KSecDD - ok
10:07:26.0914 0x127c  KSecPkg - ok
10:07:26.0914 0x127c  ksthunk - ok
10:07:26.0924 0x127c  KtmRm - ok
10:07:26.0924 0x127c  LanmanServer - ok
10:07:26.0924 0x127c  LanmanWorkstation - ok
10:07:26.0924 0x127c  lltdio - ok
10:07:26.0934 0x127c  lltdsvc - ok
10:07:26.0934 0x127c  lmhosts - ok
10:07:26.0934 0x127c  LSI_SAS - ok
10:07:26.0934 0x127c  LSI_SAS2 - ok
10:07:26.0934 0x127c  LSI_SCSI - ok
10:07:26.0944 0x127c  LSI_SSS - ok
10:07:26.0944 0x127c  LSM - ok
10:07:26.0944 0x127c  luafv - ok
10:07:26.0944 0x127c  LVRS64 - ok
10:07:26.0944 0x127c  LVUVC64 - ok
10:07:26.0944 0x127c  Mcx2Svc - ok
10:07:26.0954 0x127c  megasas - ok
10:07:26.0954 0x127c  MegaSR - ok
10:07:26.0954 0x127c  MemeoBackgroundService - ok
10:07:26.0954 0x127c  MMCSS - ok
10:07:26.0954 0x127c  Modem - ok
10:07:26.0964 0x127c  monitor - ok
10:07:26.0964 0x127c  mouclass - ok
10:07:26.0964 0x127c  mouhid - ok
10:07:26.0964 0x127c  mountmgr - ok
10:07:26.0964 0x127c  MozillaMaintenance - ok
10:07:26.0974 0x127c  mpsdrv - ok
10:07:26.0974 0x127c  MpsSvc - ok
10:07:26.0974 0x127c  MQAC - ok
10:07:26.0974 0x127c  MRxDAV - ok
10:07:26.0974 0x127c  mrxsmb - ok
10:07:26.0984 0x127c  mrxsmb10 - ok
10:07:26.0984 0x127c  mrxsmb20 - ok
10:07:26.0984 0x127c  MsBridge - ok
10:07:26.0984 0x127c  MSDTC - ok
10:07:26.0984 0x127c  Msfs - ok
10:07:26.0994 0x127c  msgpiowin32 - ok
10:07:26.0994 0x127c  mshidkmdf - ok
10:07:26.0994 0x127c  mshidumdf - ok
10:07:26.0994 0x127c  msisadrv - ok
10:07:26.0994 0x127c  MSiSCSI - ok
10:07:27.0004 0x127c  msiserver - ok
10:07:27.0004 0x127c  MSKSSRV - ok
10:07:27.0004 0x127c  MsLldp - ok
10:07:27.0004 0x127c  MSMQ - ok
10:07:27.0004 0x127c  msoidsvc - ok
10:07:27.0014 0x127c  MSPCLOCK - ok
10:07:27.0014 0x127c  MSPQM - ok
10:07:27.0014 0x127c  MsRPC - ok
10:07:27.0014 0x127c  mssmbios - ok
10:07:27.0024 0x127c  MSSQL$SQLEXPRESS - ok
10:07:27.0024 0x127c  MSSQLFDLauncher$SQLEXPRESS - ok
10:07:27.0024 0x127c  MSTEE - ok
10:07:27.0024 0x127c  MTConfig - ok
10:07:27.0024 0x127c  Mup - ok
10:07:27.0034 0x127c  mvumis - ok
10:07:27.0034 0x127c  napagent - ok
10:07:27.0054 0x127c  NativeWifiP - ok
10:07:27.0054 0x127c  NcaSvc - ok
10:07:27.0054 0x127c  NcdAutoSetup - ok
10:07:27.0054 0x127c  NDIS - ok
10:07:27.0054 0x127c  NdisCap - ok
10:07:27.0064 0x127c  NdisImPlatform - ok
10:07:27.0064 0x127c  NdisTapi - ok
10:07:27.0074 0x127c  Ndisuio - ok
10:07:27.0074 0x127c  NdisWan - ok
10:07:27.0074 0x127c  NDISWANLEGACY - ok
10:07:27.0074 0x127c  NDProxy - ok
10:07:27.0074 0x127c  Ndu - ok
10:07:27.0084 0x127c  NetBIOS - ok
10:07:27.0084 0x127c  NetBT - ok
10:07:27.0084 0x127c  Netlogon - ok
10:07:27.0084 0x127c  Netman - ok
10:07:27.0084 0x127c  NetMsmqActivator - ok
10:07:27.0094 0x127c  NetPipeActivator - ok
10:07:27.0094 0x127c  netprofm - ok
10:07:27.0094 0x127c  NetTcpActivator - ok
10:07:27.0094 0x127c  NetTcpPortSharing - ok
10:07:27.0094 0x127c  nfrd960 - ok
10:07:27.0104 0x127c  NlaSvc - ok
10:07:27.0104 0x127c  Npfs - ok
10:07:27.0104 0x127c  npsvctrig - ok
10:07:27.0104 0x127c  nsi - ok
10:07:27.0104 0x127c  nsiproxy - ok
10:07:27.0114 0x127c  Ntfs - ok
10:07:27.0114 0x127c  Null - ok
10:07:27.0114 0x127c  nvraid - ok
10:07:27.0114 0x127c  nvstor - ok
10:07:27.0114 0x127c  nv_agp - ok
10:07:27.0124 0x127c  odserv - ok
10:07:27.0124 0x127c  ose - ok
10:07:27.0124 0x127c  p2pimsvc - ok
10:07:27.0124 0x127c  p2psvc - ok
10:07:27.0124 0x127c  Parport - ok
10:07:27.0134 0x127c  partmgr - ok
10:07:27.0134 0x127c  PcaSvc - ok
10:07:27.0134 0x127c  pci - ok
10:07:27.0134 0x127c  pciide - ok
10:07:27.0134 0x127c  pcmcia - ok
10:07:27.0134 0x127c  pcw - ok
10:07:27.0144 0x127c  pdc - ok
10:07:27.0144 0x127c  PEAUTH - ok
10:07:27.0144 0x127c  PeerDistSvc - ok
10:07:27.0144 0x127c  PerfHost - ok
10:07:27.0154 0x127c  pla - ok
10:07:27.0154 0x127c  PlugPlay - ok
10:07:27.0154 0x127c  PNRPAutoReg - ok
10:07:27.0154 0x127c  PNRPsvc - ok
10:07:27.0154 0x127c  PolicyAgent - ok
10:07:27.0164 0x127c  Power - ok
10:07:27.0164 0x127c  PptpMiniport - ok
10:07:27.0164 0x127c  PrintNotify - ok
10:07:27.0164 0x127c  Processor - ok
10:07:27.0174 0x127c  ProfSvc - ok
10:07:27.0174 0x127c  Psched - ok
10:07:27.0174 0x127c  QBCFMonitorService - ok
10:07:27.0174 0x127c  QBFCService - ok
10:07:27.0174 0x127c  QWAVE - ok
10:07:27.0174 0x127c  QWAVEdrv - ok
10:07:27.0184 0x127c  RasAcd - ok
10:07:27.0184 0x127c  RasAgileVpn - ok
10:07:27.0184 0x127c  RasAuto - ok
10:07:27.0184 0x127c  Rasl2tp - ok
10:07:27.0184 0x127c  RasMan - ok
10:07:27.0194 0x127c  RasPppoe - ok
10:07:27.0194 0x127c  RasSstp - ok
10:07:27.0194 0x127c  rdbss - ok
10:07:27.0194 0x127c  rdpbus - ok
10:07:27.0194 0x127c  RDPDR - ok
10:07:27.0204 0x127c  RdpVideoMiniport - ok
10:07:27.0204 0x127c  RDPWD - ok
10:07:27.0204 0x127c  rdyboost - ok
10:07:27.0204 0x127c  RemoteAccess - ok
10:07:27.0214 0x127c  RemoteRegistry - ok
10:07:27.0214 0x127c  ReportServer$SQLEXPRESS - ok
10:07:27.0214 0x127c  RimVSerPort - ok
10:07:27.0214 0x127c  RpcEptMapper - ok
10:07:27.0214 0x127c  RpcLocator - ok
10:07:27.0214 0x127c  RpcSs - ok
10:07:27.0224 0x127c  RsFx0200 - ok
10:07:27.0224 0x127c  rspndr - ok
10:07:27.0224 0x127c  RTCore64 - ok
10:07:27.0224 0x127c  RTL8168 - ok
10:07:27.0224 0x127c  RzSynapse - ok
10:07:27.0234 0x127c  rzudd - ok
10:07:27.0234 0x127c  s3cap - ok
10:07:27.0234 0x127c  SamSs - ok
10:07:27.0234 0x127c  sbp2port - ok
10:07:27.0234 0x127c  SCardSvr - ok
10:07:27.0244 0x127c  scfilter - ok
10:07:27.0244 0x127c  Schedule - ok
10:07:27.0244 0x127c  SCPolicySvc - ok
10:07:27.0244 0x127c  sdbus - ok
10:07:27.0244 0x127c  SDRSVC - ok
10:07:27.0244 0x127c  sdstor - ok
10:07:27.0254 0x127c  secdrv - ok
10:07:27.0254 0x127c  seclogon - ok
10:07:27.0254 0x127c  SENS - ok
10:07:27.0254 0x127c  SensrSvc - ok
10:07:27.0254 0x127c  SerCx - ok
10:07:27.0264 0x127c  Serenum - ok
10:07:27.0264 0x127c  Serial - ok
10:07:27.0264 0x127c  sermouse - ok
10:07:27.0264 0x127c  SessionEnv - ok
10:07:27.0274 0x127c  sfloppy - ok
10:07:27.0274 0x127c  SharedAccess - ok
10:07:27.0274 0x127c  ShellHWDetection - ok
10:07:27.0274 0x127c  SiSRaid2 - ok
10:07:27.0284 0x127c  SiSRaid4 - ok
10:07:27.0284 0x127c  SNMPTRAP - ok
10:07:27.0284 0x127c  spaceport - ok
10:07:27.0284 0x127c  SpbCx - ok
10:07:27.0294 0x127c  Spooler - ok
10:07:27.0294 0x127c  sppsvc - ok
10:07:27.0294 0x127c  SQLAgent$SQLEXPRESS - ok
10:07:27.0294 0x127c  SQLBrowser - ok
10:07:27.0294 0x127c  SQLWriter - ok
10:07:27.0294 0x127c  srv - ok
10:07:27.0304 0x127c  srv2 - ok
10:07:27.0304 0x127c  srvnet - ok
10:07:27.0304 0x127c  SSDPSRV - ok
10:07:27.0304 0x127c  SstpSvc - ok
10:07:27.0304 0x127c  stexstor - ok
10:07:27.0314 0x127c  stisvc - ok
10:07:27.0314 0x127c  storahci - ok
10:07:27.0314 0x127c  storflt - ok
10:07:27.0314 0x127c  StorSvc - ok
10:07:27.0314 0x127c  storvsc - ok
10:07:27.0324 0x127c  storvsp - ok
10:07:27.0324 0x127c  svsvc - ok
10:07:27.0324 0x127c  swenum - ok
10:07:27.0324 0x127c  swprv - ok
10:07:27.0324 0x127c  SysMain - ok
10:07:27.0324 0x127c  SystemEventsBroker - ok
10:07:27.0334 0x127c  TabletInputService - ok
10:07:27.0334 0x127c  TapiSrv - ok
10:07:27.0334 0x127c  Tcpip - ok
10:07:27.0334 0x127c  TCPIP6 - ok
10:07:27.0334 0x127c  tcpipreg - ok
10:07:27.0344 0x127c  tdx - ok
10:07:27.0344 0x127c  terminpt - ok
10:07:27.0344 0x127c  TermService - ok
10:07:27.0344 0x127c  Themes - ok
10:07:27.0344 0x127c  THREADORDER - ok
10:07:27.0354 0x127c  TimeBroker - ok
10:07:27.0354 0x127c  TPM - ok
10:07:27.0354 0x127c  TrkWks - ok
10:07:27.0354 0x127c  TrustedInstaller - ok
10:07:27.0354 0x127c  TSScheduleBackup - ok
10:07:27.0364 0x127c  TsUsbFlt - ok
10:07:27.0364 0x127c  TsUsbGD - ok
10:07:27.0364 0x127c  tunnel - ok
10:07:27.0364 0x127c  uagp35 - ok
10:07:27.0364 0x127c  UASPStor - ok
10:07:27.0374 0x127c  UCX01000 - ok
10:07:27.0374 0x127c  udfs - ok
10:07:27.0374 0x127c  UI0Detect - ok
10:07:27.0374 0x127c  uliagpkx - ok
10:07:27.0384 0x127c  umbus - ok
10:07:27.0384 0x127c  UmPass - ok
10:07:27.0384 0x127c  UmRdpService - ok
10:07:27.0384 0x127c  upnphost - ok
10:07:27.0384 0x127c  USBAAPL64 - ok
10:07:27.0384 0x127c  usbaudio - ok
10:07:27.0394 0x127c  usbccgp - ok
10:07:27.0394 0x127c  usbcir - ok
10:07:27.0394 0x127c  usbehci - ok
10:07:27.0394 0x127c  usbhub - ok
10:07:27.0394 0x127c  USBHUB3 - ok
10:07:27.0404 0x127c  usbohci - ok
10:07:27.0404 0x127c  usbprint - ok
10:07:27.0404 0x127c  usbscan - ok
10:07:27.0404 0x127c  USBSTOR - ok
10:07:27.0404 0x127c  usbuhci - ok
10:07:27.0414 0x127c  usbvideo - ok
10:07:27.0414 0x127c  USBXHCI - ok
10:07:27.0414 0x127c  VaultSvc - ok
10:07:27.0414 0x127c  vdrvroot - ok
10:07:27.0414 0x127c  vds - ok
10:07:27.0414 0x127c  VerifierExt - ok
10:07:27.0424 0x127c  vhdmp - ok
10:07:27.0424 0x127c  vhidmini - ok
10:07:27.0424 0x127c  viaide - ok
10:07:27.0424 0x127c  Vid - ok
10:07:27.0424 0x127c  vmbus - ok
10:07:27.0434 0x127c  VMBusHID - ok
10:07:27.0434 0x127c  vmbusr - ok
10:07:27.0434 0x127c  vmicheartbeat - ok
10:07:27.0434 0x127c  vmickvpexchange - ok
10:07:27.0434 0x127c  vmicrdv - ok
10:07:27.0444 0x127c  vmicshutdown - ok
10:07:27.0444 0x127c  vmictimesync - ok
10:07:27.0444 0x127c  vmicvss - ok
10:07:27.0444 0x127c  volmgr - ok
10:07:27.0444 0x127c  volmgrx - ok
10:07:27.0444 0x127c  volsnap - ok
10:07:27.0454 0x127c  vpci - ok
10:07:27.0454 0x127c  vpcivsp - ok
10:07:27.0454 0x127c  vsmraid - ok
10:07:27.0454 0x127c  VSS - ok
10:07:27.0454 0x127c  VSTXRAID - ok
10:07:27.0484 0x127c  vToolbarUpdater15.5.0 - ok
10:07:27.0484 0x127c  vwifibus - ok
10:07:27.0484 0x127c  W32Time - ok
10:07:27.0484 0x127c  W3SVC - ok
10:07:27.0494 0x127c  WacomPen - ok
10:07:27.0494 0x127c  Wanarp - ok
10:07:27.0494 0x127c  Wanarpv6 - ok
10:07:27.0494 0x127c  WAS - ok
10:07:27.0494 0x127c  wbengine - ok
10:07:27.0504 0x127c  WbioSrvc - ok
10:07:27.0504 0x127c  Wcmsvc - ok
10:07:27.0504 0x127c  wcncsvc - ok
10:07:27.0504 0x127c  WcsPlugInService - ok
10:07:27.0514 0x127c  Wd - ok
10:07:27.0514 0x127c  WdBoot - ok
10:07:27.0514 0x127c  WDC_SAM - ok
10:07:27.0514 0x127c  Wdf01000 - ok
10:07:27.0514 0x127c  WdFilter - ok
10:07:27.0524 0x127c  WdiServiceHost - ok
10:07:27.0524 0x127c  WdiSystemHost - ok
10:07:27.0524 0x127c  WebClient - ok
10:07:27.0524 0x127c  Wecsvc - ok
10:07:27.0524 0x127c  wercplsupport - ok
10:07:27.0524 0x127c  WerSvc - ok
10:07:27.0534 0x127c  WFPLWFS - ok
10:07:27.0534 0x127c  WiaRpc - ok
10:07:27.0534 0x127c  WIMMount - ok
10:07:27.0534 0x127c  WinDefend - ok
10:07:27.0544 0x127c  WinHttpAutoProxySvc - ok
10:07:27.0544 0x127c  Winmgmt - ok
10:07:27.0544 0x127c  WinRM - ok
10:07:27.0544 0x127c  WinUsb - ok
10:07:27.0554 0x127c  WlanSvc - ok
10:07:27.0554 0x127c  wlidsvc - ok
10:07:27.0554 0x127c  WmiAcpi - ok
10:07:27.0554 0x127c  wmiApSrv - ok
10:07:27.0564 0x127c  WMPNetworkSvc - ok
10:07:27.0564 0x127c  wpcfltr - ok
10:07:27.0564 0x127c  WPCSvc - ok
10:07:27.0564 0x127c  WPDBusEnum - ok
10:07:27.0564 0x127c  WpdUpFltr - ok
10:07:27.0574 0x127c  ws2ifsl - ok
10:07:27.0574 0x127c  wscsvc - ok
10:07:27.0574 0x127c  WSDPrintDevice - ok
10:07:27.0574 0x127c  WSDScan - ok
10:07:27.0574 0x127c  WSearch - ok
10:07:27.0584 0x127c  WSService - ok
10:07:27.0584 0x127c  wuauserv - ok
10:07:27.0584 0x127c  WudfPf - ok
10:07:27.0584 0x127c  WUDFRd - ok
10:07:27.0584 0x127c  WUDFSensorLP - ok
10:07:27.0594 0x127c  wudfsvc - ok
10:07:27.0594 0x127c  WUDFWpdFs - ok
10:07:27.0594 0x127c  WUDFWpdMtp - ok
10:07:27.0594 0x127c  WwanSvc - ok
10:07:27.0604 0x127c  ================ Scan global ===============================
10:07:27.0604 0x127c  [Global] - ok
10:07:27.0604 0x127c  ================ Scan MBR ==================================
10:07:27.0604 0x127c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:07:27.0774 0x127c  \Device\Harddisk0\DR0 - ok
10:07:27.0774 0x127c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:07:27.0774 0x127c  \Device\Harddisk1\DR1 - ok
10:07:27.0774 0x127c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
10:07:27.0924 0x127c  \Device\Harddisk2\DR2 - ok
10:07:27.0944 0x127c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
10:07:27.0944 0x127c  \Device\Harddisk3\DR3 - ok
10:07:27.0944 0x127c  ================ Scan VBR ==================================
10:07:27.0954 0x127c  [ 7D8C848A617C33F2F3200C177B331EDC ] \Device\Harddisk1\DR1\Partition1
10:07:27.0954 0x127c  \Device\Harddisk1\DR1\Partition1 - ok
10:07:27.0954 0x127c  [ 99577ADFEE4914CB76A5BE72066E2D31 ] \Device\Harddisk3\DR3\Partition1
10:07:27.0954 0x127c  \Device\Harddisk3\DR3\Partition1 - ok
10:07:27.0954 0x127c  ============================================================
10:07:27.0954 0x127c  Scan finished
10:07:27.0954 0x127c  ============================================================
10:07:27.0954 0x1788  Detected object count: 0
10:07:27.0954 0x1788  Actual detected object count: 0
10:07:40.0904 0x0dc8  Deinitialize success
 



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 22 September 2013 - 09:32 AM

I see absolutely no sign of malware being involved, so at this point I'd recommend to use a recent system restore point to restore your computer to a known working state.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Irkd

Irkd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 PM

Posted 22 September 2013 - 01:28 PM

OK Elise thank you for the suggestion.  Trying system restore to an earlier pre-problem time now.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 22 September 2013 - 02:14 PM

Okay, good luck! If you run into any trouble, please let me know.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 PM

Posted 20 October 2013 - 09:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users