Jump to content


Photo
- - - - -

Infected PC?


  • This topic is locked This topic is locked
12 replies to this topic

#1 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 06 January 2013 - 12:16 AM

It appears that my PC is infected with something, and I am hoping someone here can help me out. Symptoms are as follows.

High CPU usage with no applications apparently running.
Unable to open (or more appropriately keep open) Task Manager.
Unable to open a DOS prompt (cmd.exe).

I have Malware Bytes Pro, it is updated, and scan finds nothing malicious. However, I am getting an occasional popup about blocked outgoing access to 209.85.229.104. It was actually happening so frequently that Malware Bytes was actually shutting down my internet access. I took the temporary step of blocking the web address in my router and temporarly disabling website blocking in Malware Bytes.

I also have MSE, which is also updated and finds nothing malicious.

I followed the "I'm Infected, what do I do now" sticky and was able to download and run dds.com. However, it does not appear to be creating the dds.txt or the attach.txt files when run.

Thanks in advance for any help.

Troy.

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,398 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 January 2013 - 09:17 AM

Hello tjotto1! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please try again with DDS in Safe mode with Networking. I don't know which is your Windows OS, so chech these links:
http://www.microsoft...e.mspx?mfr=true
http://windows.micro...er-in-safe-mode
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 06 January 2013 - 10:38 AM

Maniac,

Thanks for the assistance, my name is Troy. I was unaware of the customer support available, so will keep that in mind if I cannot solve this fairly quickly. For the moment I would like to continue to utilize your expertise if possible.

The following are the DDS results run in Safe Mode with Networking as requested. I apologized that I failed to mention the OS, but I have Win7 Pro64.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Troy at 8:30:16 on 2013-01-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.3456 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
mRun: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe"
StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONI~1.LNK - C:\Windows\System32\rundll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{1BD64BFE-CD2E-4922-B3F6-86E5F501D48B} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2012-9-23 15224]
R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\System32\drivers\niede.sys [2010-6-15 38064]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-4-8 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-4-8 54424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 682344]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]
S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336]
S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-6-19 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224]
S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-6-10 121032]
S2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-7-13 11928]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2011-6-19 12968]
S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-16 65657]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408]
S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2012-9-23 318840]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-11-7 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-11-7 9096]
S3 lvalarmk;lvalarmk;C:\Windows\System32\drivers\lvalarmk.sys [2008-12-5 25224]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-26 24176]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2011-4-8 30800]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2011-4-8 11856]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2011-4-8 26704]
S3 ni488lock;NI-488.2 Locking Service;C:\Windows\System32\drivers\ni488lock.sys [2010-7-27 18568]
S3 nicdrk;nicdrk;C:\Windows\System32\drivers\nicdrkl.sys [2010-8-12 11864]
S3 nicmrk;nicmrk;C:\Windows\System32\drivers\nicmrkl.sys [2011-4-1 12976]
S3 nicondrk;nicondrk;C:\Windows\System32\drivers\nicondrkl.sys [2011-4-1 12936]
S3 nicsrk;nicsrk;C:\Windows\System32\drivers\nicsrkl.sys [2011-4-1 12944]
S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944]
S3 nidmxfk;nidmxfk;C:\Windows\System32\drivers\nidmxfkl.sys [2011-3-22 12944]
S3 nidsark;nidsark;C:\Windows\System32\drivers\nidsarkl.sys [2011-3-23 12952]
S3 niemrk;niemrk;C:\Windows\System32\drivers\niemrkl.sys [2011-3-23 12944]
S3 niesrk;niesrk;C:\Windows\System32\drivers\niesrkl.sys [2011-3-23 12944]
S3 nifslk;nifslk;C:\Windows\System32\drivers\nifslkl.sys [2011-6-15 12960]
S3 nimru2k;nimru2k;C:\Windows\System32\drivers\nimru2kl.sys [2009-8-24 11872]
S3 nimsdrk;nimsdrk;C:\Windows\System32\drivers\nimsdrkl.sys [2011-3-23 13000]
S3 nimstsk;nimstsk;C:\Windows\System32\drivers\nimstskl.sys [2011-3-22 12968]
S3 nimxpk;nimxpk;C:\Windows\System32\drivers\nimxpkl.sys [2011-3-22 12976]
S3 ninshsdk;ninshsdk;C:\Windows\System32\drivers\ninshsdkl.sys [2010-7-14 12968]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2011-2-14 12992]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2011-2-14 12992]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680]
S3 niraptrk;niraptrk;C:\Windows\System32\drivers\niraptrkl.sys [2011-4-1 12936]
S3 niscdk;niscdk;C:\Windows\System32\drivers\niscdkl.sys [2010-7-12 12984]
S3 nisdigk;nisdigk;C:\Windows\System32\drivers\nisdigkl.sys [2010-10-1 12960]
S3 nisftk;nisftk;C:\Windows\System32\drivers\nisftkl.sys [2010-7-14 12952]
S3 nispdk;nispdk;C:\Windows\System32\drivers\nispdkl.sys [2010-7-12 12984]
S3 nissrk;nissrk;C:\Windows\System32\drivers\nissrkl.sys [2011-3-23 12944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 nistc2k;nistc2k;C:\Windows\System32\drivers\nistc2kl.sys [2009-1-5 11824]
S3 nistc3rk;nistc3rk;C:\Windows\System32\drivers\nistc3rkl.sys [2011-3-23 12936]
S3 nistcrk;nistcrk;C:\Windows\System32\drivers\nistcrkl.sys [2009-8-31 11872]
S3 niswdk;niswdk;C:\Windows\System32\drivers\niswdkl.sys [2011-3-23 12936]
S3 nitiork;nitiork;C:\Windows\System32\drivers\nitiorkl.sys [2011-3-23 12968]
S3 niufurk;niufurk;C:\Windows\System32\drivers\niufurkl.sys [2011-3-23 12968]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2011-6-19 12968]
S3 niwfrk;niwfrk;C:\Windows\System32\drivers\niwfrkl.sys [2011-3-23 12944]
S3 nixsrk;nixsrk;C:\Windows\System32\drivers\nixsrkl.sys [2011-3-23 12944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256]
.
=============== Created Last 30 ================
.
2013-01-06 05:32:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-06 05:05:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EA08F8-22BC-4915-83EE-E14E2D1A3771}\mpengine.dll
2013-01-06 04:02:43 -------- d-----w- C:\Windows\pss
2013-01-06 03:25:48 -------- d-----w- C:\Users\Troy\AppData\Local\ElevatedDiagnostics
2013-01-06 02:30:25 104176 ----a-w- C:\ProgramData\ifgxpers.exe
2013-01-05 02:48:34 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-22 14:19:58 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 14:19:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 14:19:57 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 14:19:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 13:25:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
.
==================== Find3M ====================
.
2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 13:24:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 13:24:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 22:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-11-02 22:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-11-02 22:38:36 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2012-11-02 22:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-11-02 22:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-11-02 22:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-11-02 22:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-11-02 22:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 04:52:50 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 04:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 04:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 04:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 04:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 04:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 04:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 04:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 04:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 8:30:25.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2011 8:51:41 PM
System Uptime: 1/6/2013 8:29:21 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CT017
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 157.137 GiB free.
F: is CDROM ()
Z: is NetworkDisk (NTFS) - 914 GiB total, 675.742 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NIPALK
Device ID: ROOT\LEGACY_NIPALK\0000
Manufacturer:
Name: NIPALK
PNP Device ID: ROOT\LEGACY_NIPALK\0000
Service: NIPALK
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS6
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon iP4700 series Printer Driver
DisplayLink Core Software
EASEUS Partition Master 9.1.0 Home Edition
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Lifetime Updater
Garmin USB Drivers
Google Chrome
HP Tuners VCM Suite 2.22
ISO to USB
iTunes
IVI Shared Component 64-bit
IVI Shared Components 2.2.1
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 5
JavaFX 2.1.1
KENWOOD Music Editor Light
Kneson YottaPrint [Enhanced]
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
National Instruments Software
NI-488.2 2.8.1
NI-488.2 for Windows x64 version 2.8.1
NI-488.2 Provider for MAX version 2.8.1
NI-653x Installer 1.9.4
NI-653x Installer for 64 Bit Windows 1.9.4
NI-APAL 2.1 64-Bit Error Files
NI-APAL 2.1 Error Files
NI-APAL 2.1 Error Files for LabVIEW RT
NI-DAQ C and VB6 API 2.3.0
NI-DAQ Document Set 9.3.5
NI-DAQ INF Files 19.3.5
NI-DAQmx 9.3.5
NI-DAQmx ADE Support 9.3.5
NI-DAQmx Documentation 9.3.5
NI-DAQmx Documentation for 64 bit Windows 9.3.5
NI-DAQmx MAX Configuration Support 9.3.5
NI-DAQmx MAX Support 64-bit 2.2.0
NI-DAQmx support for LabVIEW 2.1.0
NI-DAQmx Switch Core 2.2.0
NI-DAQmx Switch Core for 64 Bit Windows 2.2.0
NI-DAQmx/LabVIEW shared documentation 1.9.5
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5
NI-DIM 1.11.0f0
NI-DIM 1.11.0f0 for 64 Bit Windows
NI-MDBG 1.10.0f0
NI-MDBG 1.10.0f0 for 64 Bit Windows
NI-MRU 2.11.1f0
NI-MRU 2.11.1f0 for 64 Bit Windows
NI-MX Expert Framework 2.8.0
NI-MX Expert Framework for 64 Bit Windows 2.8.0
NI-MXDF 1.11.5f1
NI-MXDF 1.11.5f1 for 64 Bit Windows
NI-MXLC Core (32-bit)
NI-MXLC Core (64-bit)
NI-MXLC LabVIEW 2009 Support
NI-MXLC LabVIEW 2010 Support
NI-MXLC LabVIEW 2011 Support
NI-MXLC LabVIEW 8.6 Support
NI-ORB 1.9.3f0
NI-ORB 1.9.3f0 for 64 Bit Windows
NI-PAL 2.6.5f0
NI-PAL 2.6.5f0 for 64 Bit Windows
NI-RPC 4.2.0f0 for Phar Lap ETS
NI-RPC 4.2.2f0
NI-RPC 4.2.2f0 for 64 Bit Windows
NI-RPC 4.2.2f0 for Phar Lap ETS
NI-VISA 5.1.0
NI-VISA 5.1.0 64-bit Support
NI-VISA 5.1.0 MAX Provider
NI-VISA 5.1.0 Provider 64-bit Support
NI-VISA Runtime 5.1.0
NI-VISA Server 5.1.0
NI-VISA x64 support 5.1.0
NI .NET Framework 3.5 SP1
NI Advanced Signal Processing Toolkit Old RT Compatibility
NI AFW Channel Configuration Tool
NI AFW Custom UI
NI AFW Custom UI Assemblies
NI AFW UI Assemblies
NI AOP5 DataPlugin 1.8.3
NI Assistant Framework
NI Assistant Framework 64-bit
NI Assistant Framework LabVIEW 2011 Support
NI Assistant Framework LabVIEW Code Generator 2011
NI Audio DataPlugin 1.1.1
NI Authentication 2.0
NI Authentication 2.0 (64-bit)
NI Calibration Provider for MAX 5.0.0
NI Calibration Provider Help for 64 Bit Windows
NI Certificates Deployment Support
NI CodeSignAPI
NI Common Digital 1.13.0
NI Common Digital for 64 Bit Windows 1.13.0
NI Curl 1.1
NI Curl 1.1 (64-bit)
NI DAQ Assistant 2.0.0
NI DAQ Assistant 64-bit 2.0.0
NI DataFinder Client 3.0
NI DataFinder Desktop 3.0
NI DataSocket 4.9
NI DataSocket 4.9 (64-bit)
NI DIAdem 2011
NI DIAdem 2011 (Core)
NI DIAdem 2011 Documentation (TDM)
NI Distributed System Manager 2011
NI DN 2.0 SP1 installer
NI DN 2.0 x64 SP1 installer
NI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0
NI Dynamic Signal Acquisition Installer 2.2.0
NI Error Reporting 2011
NI Ethernet Device Enumerator
NI Ethernet Device Enumerator 64-Bit
NI EulaDepot
NI Example Finder 11.0
NI FSL Installer 1.13.0
NI FSL Installer for 64-Bit Windows 1.13.0
NI GMP Windows 32-bit Installer 11.0.0
NI GMP Windows 64-bit Installer 11.0.0
NI Help Assistant
NI Help Assistant (64bit)
NI I/O Trace API LV2011
NI Instrument I/O Assistant
NI Instrument IO Assistant for LabVIEW 2011 32-bit
NI IO Trace 3.0.0
NI IVI Class Driver LabVIEW 2011 Support
NI IVI Class Drivers
NI IVI Class Drivers (64-bit)
NI IVI Class Simulation Drivers
NI IVI Class Simulation Drivers (64-bit)
NI IVI Compliance Package 4.4
NI IVI Compliance Package 4.4 (64-bit)
NI IVI Engine
NI IVI Engine (64-bit)
NI IVI Online Help
NI IVI Provider for MAX
NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine
NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine 64Bit
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW 2010 Real-Time NBFifo
NI LabVIEW 2011
NI LabVIEW 2011 Advanced Signal Processing Toolkit
NI LabVIEW 2011 Advanced Signal Processing Toolkit License
NI LabVIEW 2011 Advanced Signal Processing Toolkit RT Support
NI LabVIEW 2011 Database Connectivity Toolkit
NI LabVIEW 2011 Database Connectivity Toolkit License
NI LabVIEW 2011 Deployable License
NI LabVIEW 2011 Deployment Framework
NI LabVIEW 2011 Digital Filter Design Toolkit
NI LabVIEW 2011 Digital Filter Design Toolkit License
NI LabVIEW 2011 Digital Filter Design Toolkit RT Support
NI LabVIEW 2011 Help
NI LabVIEW 2011 Help File
NI LabVIEW 2011 Internet Toolkit
NI LabVIEW 2011 Internet Toolkit License
NI LabVIEW 2011 License
NI LabVIEW 2011 Manuals
NI LabVIEW 2011 MeasAppChm File
NI LabVIEW 2011 PID and Fuzzy Logic Toolkit
NI LabVIEW 2011 PID and Fuzzy Logic Toolkit License
NI LabVIEW 2011 PID and Fuzzy Logic Toolkit RT Support
NI LabVIEW 2011 Real-Time Error Dialog
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2011 Report Generation Toolkit for Microsoft Office
NI LabVIEW 2011 Report Generation Toolkit License
NI LabVIEW 2011 Run-Time Engine Non-English Support.
NI LabVIEW 2011 Search
NI LabVIEW 2011 Simulation
NI LabVIEW 2011 VI Analyzer Toolkit
NI LabVIEW 2011 VI Analyzer Toolkit License
NI LabVIEW 2011 VIPM Helper
NI LabVIEW 2011 Web Server
NI LabVIEW Broker
NI LabVIEW Broker (64 bit)
NI LabVIEW C Interface
NI LabVIEW Compare Utility 11.0.0
NI LabVIEW EWB DeviceHandler 2010
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 11.0.0
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine 2010 SP1
NI LabVIEW Run-Time Engine 2011
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Interop 2010
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW SignalExpress 2011
NI LabVIEW SignalExpress 2011 Core
NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support
NI LabVIEW SignalExpress 2011 Core LabVIEW Support
NI LabVIEW SignalExpress 2011 Datatypes
NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support
NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support
NI LabVIEW SignalExpress 2011 LabVIEW Support
NI LabVIEW SignalExpress 2011 Licenses
NI LabVIEW SignalExpress 2011 Steps
NI LabVIEW SignalExpress 2011 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2009 Run-Time Engine
NI LabWindows/CVI 2009 Run-Time Engine (64-bit)
NI LabWindows/CVI 2010 Analysis Library
NI LabWindows/CVI 2010 Analysis Library (64-bit)
NI LabWindows/CVI 2010 Code Generator
NI LabWindows/CVI 2010 LabVIEW DLL Builder
NI License Manager
NI Logos 5.3.0
NI Logos LabVIEW 2011 Support
NI Logos XT Support
NI Logos64 5.3.0
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MAX Remote Configuration 64-bit Installer 5.0
NI MAX Remote Configuration Installer 5.0
NI MAX Support for 64 Bit Windows
NI MDF Support
NI mDNS Responder 1.6 for Windows 64-bit
NI mDNS Responder 1.6.0
NI Measurement & Automation Explorer 5.0.0
NI Measurement Studio 8.6 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Assemblies for .NET 2.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI Microsoft Silverlight Wrapper
NI MIO Device Drivers 2.6.0
NI MIO Device Drivers for 64 Bit Windows 2.6.0
NI MXS 5.0.0
NI MXS 5.0.0 for 64 Bit Windows
NI Network Browser 5.0.0
NI Network Discovery 5.0
NI Network Discovery 5.0 for Windows 64-bit
NI OPC Support
NI Portable Configuration 5.0.0
NI Portable Configuration for 64 Bit Windows 5.0.0
NI PXI Hardware 64-bit Support 2.6.2
NI PXI Platform Framework 1.3.2
NI PXI Platform Framework 1.3.2 64-bit
NI PXI Platform Services 2.6.2
NI PXI Platform Services 2.6.2 Configuration Support
NI PXI Platform Services 2.6.2 Expert
NI PXI SystemAPI Expert 2.6.2
NI PXI SystemAPI Expert 64-bit 2.6.2
NI Registration Wizard
NI Remote Provider for MAX 5.0.0
NI Remote PXI Provider for MAX 5.0.0
NI RTSI Cable Core Installer 1.0.0
NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0
NI RTSI PAL Device Library Installer 1.0.0
NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0
NI RTSI UI Provider 1.0.0
NI RTSI UI Provider for 64 Bit Windows 1.0.0
NI SCXI 1.15.0
NI SCXI for 64 Bit Windows 1.15.0
NI Search Shared
NI Software Provider for MAX 5.0.0
NI Sound and Vibration Frequency Analysis 2010
NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support
NI Spy Windows 64 Support 3.0.0
NI SSL LabVIEW 2011 Support
NI SSL Support
NI SSL Support (64-bit)
NI STC 1.10.0
NI STC for 64 Bit Windows 1.10.0
NI System API Client for WIF 5.0.0
NI System API Web-Servce 32-bit 5.0.0
NI System API Windows 32-bit 5.0.0
NI System API Windows 64-bit 5.0.0
NI System Configuration 5.0.0 LabVIEW Support
NI System Configuration CVI Support 5.0.0
NI System Configuration LV2011 Support 5.0.0
NI System Configuration Runtime 5.0.0
NI System Configuration Runtime 5.0.0 for Windows 64-bit
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 2.0
NI System Web Server Base 2.0
NI System Web Server Base 2.0 (64-bit)
NI TDM Excel Add-In 3.3
NI TDM Excel Add-In 3.3 64-bit
NI TDMS
NI TDMS (64-bit)
NI Timing for 64 Bit Windows 2.3.0
NI Timing Installer 2.3.0
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service 2.0
NI USI 1.9.0
NI USI 1.9.0 64-Bit
NI Variable Engine (64-bit)
NI Variable Engine 2.5.0
NI Variable Engine LabVIEW 2011 Support
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI Web Application Server 2.0
NI Web Application Server 2.0 (64-bit)
NI Web Interface Framework 2.0
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
NI Xalan Delay Load 1.10.1
NI Xalan Delay Load 1.10.1 64-bit
NI Xerces Delay Load 2.7.3
NI Xerces Delay Load 2.7.3 64-bit
NuonSoft Wallpaper Cycler 3.6
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
PDF Settings CS6
Reset NI Config 5.0.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
TagScanner 5.1.625
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VISA Shared Components 64-Bit
vLite
WIF Core Dependencies Windows 5.0.0
Windows Automated Installation Kit
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
WinRAR 4.10 (64-bit)
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
1/6/2013 8:29:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
1/6/2013 8:29:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2013 8:29:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2013 8:29:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/6/2013 8:29:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/6/2013 8:29:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/6/2013 8:29:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/6/2013 8:29:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter NIPALK nipbcfk nipxibaf nipxibrc spldr Wanarpv6
1/6/2013 8:25:18 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/6/2013 8:25:18 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 9:03:08 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/5/2013 8:51:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/5/2013 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/5/2013 8:43:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:42:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/5/2013 8:41:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT NIPALK nipbcfk nipxibaf nipxibrc nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2013 8:27:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
.
==== End Of File ===========================

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,398 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 January 2013 - 07:01 PM

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 January 2013 - 12:39 AM

Maniac,

The two requested logs follow. ESET found 3 items, but was only able to remove two of them. No options were given to remove the third. I still have the high CPU usage, and am still unable to open Task Manager or a command prompt.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Troy :: DESKTOP [administrator]
Protection: Enabled
1/7/2013 7:00:52 AM
mbam-log-2013-01-07 (07-00-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234269
Time elapsed: 3 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6668d60f27bc084495f8d90640cee5cc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-07 03:19:04
# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0
# scanned=184425
# found=3
# cleaned=2
# scan_time=3760
C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I
C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C
C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C

#6 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 09 January 2013 - 12:46 AM

Maniac,

Hate to pester, but what's next. :unsure: Would really like to get to the bottom of this before the weekend.

I also found I am unable to open RegEdit. Something is definatley hijacking my system.

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,398 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 January 2013 - 09:16 AM

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 10 January 2013 - 01:29 AM

Maniac,

Thanks for the reply. Log info is below. I am now able to access Task Manager etc., and my CPU usage is back to what appears to be near normal. I am getting a bit of sluggishness with the website here, but I have not yet restarted the PC after the ComboFix run, so not sure if that is an issue, or if the website is just a bit slow this evening.

Anyway, let me know what's next.

ComboFix 13-01-08.01 - Troy 01/09/2013 23:13:39.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2903 [GMT -7:00]
Running from: c:\users\Troy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 06:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DEE807-F880-4260-A5CB-D0F8C3BDD5ED}\mpengine.dll
2013-01-09 05:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 14:06 . 2013-01-07 14:06 -------- d-----w- c:\program files (x86)\ESET
2013-01-06 05:32 . 2013-01-06 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-06 03:25 . 2013-01-06 03:25 -------- d-----w- c:\users\Troy\AppData\Local\ElevatedDiagnostics
2012-12-22 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 13:25 . 2012-10-04 17:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 02:00 . 2012-05-20 13:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 02:00 . 2011-10-28 03:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 23:49 . 2011-10-27 05:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:28 . 2011-10-28 04:35 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-28 13:32 . 2012-11-28 13:32 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2285ED3-31C5-4B2C-8A5A-B8F82BC5A505}\gapaengine.dll
2012-11-27 02:54 . 2012-11-27 02:54 90112 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe
2012-11-27 02:54 . 2012-11-27 02:54 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe
2012-11-02 22:38 . 2012-11-02 22:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 22:38 . 2012-11-02 22:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 22:38 . 2012-11-02 22:38 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-11-02 22:38 . 2012-11-02 22:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 22:38 . 2012-11-02 22:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 22:38 . 2012-11-02 22:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 22:38 . 2012-11-02 22:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 22:38 . 2012-11-02 22:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-02 04:52 . 2012-11-02 04:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-16 08:38 . 2012-11-28 06:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NuonSoft Wallpaper Cycler"="c:\program files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [2009-06-30 4734008]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"DataFinder"="c:\program files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" [2011-06-22 2063456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon iP4700 series.lnk - c:\windows\system32\rundll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Troy\AppData\Local\Temp\ALSysIO64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-09 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-09 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-09 26704]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-13 11864]
R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976]
R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-23 12944]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-23 13000]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-23 12976]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-15 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-15 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]
R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 12984]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 12984]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824]
R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-24 12936]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-07-30 15224]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-09 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-09 54424]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-07-30 8515544]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-14 11928]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-06-20 12968]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [2012-07-31 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-07-30 318840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-28 18568]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 38064]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-23 12968]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-06-20 12968]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 02:00]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000Core.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000UA.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: hegre-art.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-09 23:19:25
ComboFix-quarantined-files.txt 2013-01-10 06:19
.
Pre-Run: 181,261,676,544 bytes free
Post-Run: 182,223,167,488 bytes free
.
- - End Of File - - 7DCC8BB883CB4719F241249DABF9C112

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,398 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 January 2013 - 05:23 PM

That's good! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 12 January 2013 - 08:00 AM

Manic,
Another good result. No issues found. Log below.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6668d60f27bc084495f8d90640cee5cc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-07 03:19:04
# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0
# scanned=184425
# found=3
# cleaned=2
# scan_time=3760
C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I
C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C
C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6668d60f27bc084495f8d90640cee5cc
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-11 06:22:45
# local_time=2013-01-10 11:22:45 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 36412342 109428815 0 0
# scanned=186919
# found=0
# cleaned=0
# scan_time=2241

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,398 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 12 January 2013 - 12:50 PM

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 February 2013 - 12:37 PM

Hello tjotto1.

Are you still with us? Do you still need help?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 tjotto1

tjotto1

    New Member

  • Members
  • Pip
  • 15 posts

Posted 02 February 2013 - 09:30 AM

Maurice,
Thanks for checking in. All systems are go. Maniac was very kind and helped me remove the problem. I no longer need assistance with this problem. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users