tjotto1

Members

View Profile See their activity

Posts
15
Joined
December 27, 2010
Last visited
May 24, 2013

Reputation

0 Neutral

Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Maurice, Thanks for checking in. All systems are go. Maniac was very kind and helped me remove the problem. I no longer need assistance with this problem. Thanks again.
- February 2, 2013
- 12 replies
Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Manic, Another good result. No issues found. Log below. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6668d60f27bc084495f8d90640cee5cc # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-07 03:19:04 # local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0 # scanned=184425 # found=3 # cleaned=2 # scan_time=3760 C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6668d60f27bc084495f8d90640cee5cc # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-11 06:22:45 # local_time=2013-01-10 11:22:45 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 36412342 109428815 0 0 # scanned=186919 # found=0 # cleaned=0 # scan_time=2241
- January 12, 2013
- 12 replies
Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Maniac, Thanks for the reply. Log info is below. I am now able to access Task Manager etc., and my CPU usage is back to what appears to be near normal. I am getting a bit of sluggishness with the website here, but I have not yet restarted the PC after the ComboFix run, so not sure if that is an issue, or if the website is just a bit slow this evening. Anyway, let me know what's next. ComboFix 13-01-08.01 - Troy 01/09/2013 23:13:39.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2903 [GMT -7:00] Running from: c:\users\Troy\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 ))))))))))))))))))))))))))))))) . . 2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-10 06:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DEE807-F880-4260-A5CB-D0F8C3BDD5ED}\mpengine.dll 2013-01-09 05:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-07 14:06 . 2013-01-07 14:06 -------- d-----w- c:\program files (x86)\ESET 2013-01-06 05:32 . 2013-01-06 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-06 03:25 . 2013-01-06 03:25 -------- d-----w- c:\users\Troy\AppData\Local\ElevatedDiagnostics 2012-12-22 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 13:25 . 2012-10-04 17:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 02:00 . 2012-05-20 13:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 02:00 . 2011-10-28 03:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:49 . 2011-10-27 05:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 13:28 . 2011-10-28 04:35 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-28 13:32 . 2012-11-28 13:32 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2285ED3-31C5-4B2C-8A5A-B8F82BC5A505}\gapaengine.dll 2012-11-27 02:54 . 2012-11-27 02:54 90112 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe 2012-11-27 02:54 . 2012-11-27 02:54 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe 2012-11-02 22:38 . 2012-11-02 22:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll 2012-11-02 22:38 . 2012-11-02 22:38 828872 ----a-w- c:\windows\system32\msvcr110.dll 2012-11-02 22:38 . 2012-11-02 22:38 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys 2012-11-02 22:38 . 2012-11-02 22:38 661448 ----a-w- c:\windows\system32\msvcp110.dll 2012-11-02 22:38 . 2012-11-02 22:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll 2012-11-02 22:38 . 2012-11-02 22:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys 2012-11-02 22:38 . 2012-11-02 22:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll 2012-11-02 22:38 . 2012-11-02 22:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll 2012-11-02 04:52 . 2012-11-02 04:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2012-10-16 08:38 . 2012-11-28 06:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 06:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 06:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "NuonSoft Wallpaper Cycler"="c:\program files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [2009-06-30 4734008] "NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712] "NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760] "DataFinder"="c:\program files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" [2011-06-22 2063456] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Canon IJ Status Monitor Canon iP4700 series.lnk - c:\windows\system32\rundll32.exe [2009-7-13 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\Troy\AppData\Local\Temp\ALSysIO64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776] R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-09 30800] R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-09 11856] R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-09 26704] R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-13 11864] R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976] R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936] R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944] R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-23 12944] R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952] R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944] R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944] R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960] R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-23 13000] R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-23 12976] R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968] R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-15 12992] R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-15 12992] R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680] R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936] R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 12984] R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952] R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 12984] R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824] R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936] R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872] R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-24 12936] R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968] R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968] R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944] R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736] R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-07-30 15224] S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984] S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-09 82568] S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-09 54424] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-07-30 8515544] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336] S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696] S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664] S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224] S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032] S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-14 11928] S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-06-20 12968] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [2012-07-31 17408] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-07-30 318840] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-28 18568] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944] S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 38064] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-23 12968] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-06-20 12968] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] . . Contents of the 'Scheduled Tasks' folder . 2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 02:00] . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000Core.job - c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16] . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000UA.job - c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* Trusted Zone: hegre-art.com\www TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-09 23:19:25 ComboFix-quarantined-files.txt 2013-01-10 06:19 . Pre-Run: 181,261,676,544 bytes free Post-Run: 182,223,167,488 bytes free . - - End Of File - - 7DCC8BB883CB4719F241249DABF9C112
- January 10, 2013
- 12 replies
Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Maniac, Hate to pester, but what's next. Would really like to get to the bottom of this before the weekend. I also found I am unable to open RegEdit. Something is definatley hijacking my system.
- January 9, 2013
- 12 replies
Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Maniac, The two requested logs follow. ESET found 3 items, but was only able to remove two of them. No options were given to remove the third. I still have the high CPU usage, and am still unable to open Task Manager or a command prompt. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Troy :: DESKTOP [administrator] Protection: Enabled 1/7/2013 7:00:52 AM mbam-log-2013-01-07 (07-00-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234269 Time elapsed: 3 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6668d60f27bc084495f8d90640cee5cc # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-07 03:19:04 # local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0 # scanned=184425 # found=3 # cleaned=2 # scan_time=3760 C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C
- January 8, 2013
- 12 replies
Infected PC?

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Maniac, Thanks for the assistance, my name is Troy. I was unaware of the customer support available, so will keep that in mind if I cannot solve this fairly quickly. For the moment I would like to continue to utilize your expertise if possible. The following are the DDS results run in Safe Mode with Networking as requested. I apologized that I failed to mention the OS, but I have Win7 Pro64. DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1 Run by Troy at 8:30:16 on 2013-01-06 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.3456 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [AdobeBridge] <no file> mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe mRun: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONI~1.LNK - C:\Windows\System32\rundll32.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{1BD64BFE-CD2E-4922-B3F6-86E5F501D48B} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 SSODL: WebCheck - <orphaned> x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2012-9-23 15224] R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\System32\drivers\niede.sys [2010-6-15 38064] S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984] S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-4-8 82568] S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-4-8 54424] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 682344] S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696] S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336] S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696] S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-6-19 233664] S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224] S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-6-10 121032] S2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-7-13 11928] S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2011-6-19 12968] S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-16 65657] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408] S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2012-9-23 318840] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-11-7 16776] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-11-7 9096] S3 lvalarmk;lvalarmk;C:\Windows\System32\drivers\lvalarmk.sys [2008-12-5 25224] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-26 24176] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776] S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2011-4-8 30800] S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2011-4-8 11856] S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2011-4-8 26704] S3 ni488lock;NI-488.2 Locking Service;C:\Windows\System32\drivers\ni488lock.sys [2010-7-27 18568] S3 nicdrk;nicdrk;C:\Windows\System32\drivers\nicdrkl.sys [2010-8-12 11864] S3 nicmrk;nicmrk;C:\Windows\System32\drivers\nicmrkl.sys [2011-4-1 12976] S3 nicondrk;nicondrk;C:\Windows\System32\drivers\nicondrkl.sys [2011-4-1 12936] S3 nicsrk;nicsrk;C:\Windows\System32\drivers\nicsrkl.sys [2011-4-1 12944] S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944] S3 nidmxfk;nidmxfk;C:\Windows\System32\drivers\nidmxfkl.sys [2011-3-22 12944] S3 nidsark;nidsark;C:\Windows\System32\drivers\nidsarkl.sys [2011-3-23 12952] S3 niemrk;niemrk;C:\Windows\System32\drivers\niemrkl.sys [2011-3-23 12944] S3 niesrk;niesrk;C:\Windows\System32\drivers\niesrkl.sys [2011-3-23 12944] S3 nifslk;nifslk;C:\Windows\System32\drivers\nifslkl.sys [2011-6-15 12960] S3 nimru2k;nimru2k;C:\Windows\System32\drivers\nimru2kl.sys [2009-8-24 11872] S3 nimsdrk;nimsdrk;C:\Windows\System32\drivers\nimsdrkl.sys [2011-3-23 13000] S3 nimstsk;nimstsk;C:\Windows\System32\drivers\nimstskl.sys [2011-3-22 12968] S3 nimxpk;nimxpk;C:\Windows\System32\drivers\nimxpkl.sys [2011-3-22 12976] S3 ninshsdk;ninshsdk;C:\Windows\System32\drivers\ninshsdkl.sys [2010-7-14 12968] S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2011-2-14 12992] S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2011-2-14 12992] S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680] S3 niraptrk;niraptrk;C:\Windows\System32\drivers\niraptrkl.sys [2011-4-1 12936] S3 niscdk;niscdk;C:\Windows\System32\drivers\niscdkl.sys [2010-7-12 12984] S3 nisdigk;nisdigk;C:\Windows\System32\drivers\nisdigkl.sys [2010-10-1 12960] S3 nisftk;nisftk;C:\Windows\System32\drivers\nisftkl.sys [2010-7-14 12952] S3 nispdk;nispdk;C:\Windows\System32\drivers\nispdkl.sys [2010-7-12 12984] S3 nissrk;nissrk;C:\Windows\System32\drivers\nissrkl.sys [2011-3-23 12944] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 nistc2k;nistc2k;C:\Windows\System32\drivers\nistc2kl.sys [2009-1-5 11824] S3 nistc3rk;nistc3rk;C:\Windows\System32\drivers\nistc3rkl.sys [2011-3-23 12936] S3 nistcrk;nistcrk;C:\Windows\System32\drivers\nistcrkl.sys [2009-8-31 11872] S3 niswdk;niswdk;C:\Windows\System32\drivers\niswdkl.sys [2011-3-23 12936] S3 nitiork;nitiork;C:\Windows\System32\drivers\nitiorkl.sys [2011-3-23 12968] S3 niufurk;niufurk;C:\Windows\System32\drivers\niufurkl.sys [2011-3-23 12968] S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2011-6-19 12968] S3 niwfrk;niwfrk;C:\Windows\System32\drivers\niwfrkl.sys [2011-3-23 12944] S3 nixsrk;nixsrk;C:\Windows\System32\drivers\nixsrkl.sys [2011-3-23 12944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736] S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256] . =============== Created Last 30 ================ . 2013-01-06 05:32:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-01-06 05:05:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EA08F8-22BC-4915-83EE-E14E2D1A3771}\mpengine.dll 2013-01-06 04:02:43 -------- d-----w- C:\Windows\pss 2013-01-06 03:25:48 -------- d-----w- C:\Users\Troy\AppData\Local\ElevatedDiagnostics 2013-01-06 02:30:25 104176 ----a-w- C:\ProgramData\ifgxpers.exe 2013-01-05 02:48:34 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-22 14:19:58 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 14:19:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 14:19:57 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 14:19:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-12 13:25:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe . ==================== Find3M ==================== . 2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-12 13:24:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:24:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 22:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-11-02 22:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-11-02 22:38:36 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys 2012-11-02 22:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-11-02 22:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-11-02 22:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys 2012-11-02 22:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-11-02 22:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-02 04:52:50 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-11 04:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll 2012-10-11 04:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll 2012-10-11 04:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll 2012-10-11 04:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2012-10-11 04:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll 2012-10-11 04:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll 2012-10-11 04:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2012-10-11 04:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 8:30:25.14 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/26/2011 8:51:41 PM System Uptime: 1/6/2013 8:29:21 AM (0 hours ago) . Motherboard: Dell Inc. | | 0CT017 Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 157.137 GiB free. F: is CDROM () Z: is NetworkDisk (NTFS) - 914 GiB total, 675.742 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: NIPALK Device ID: ROOT\LEGACY_NIPALK\0000 Manufacturer: Name: NIPALK PNP Device ID: ROOT\LEGACY_NIPALK\0000 Service: NIPALK . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Photoshop CS6 Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Canon iP4700 series Printer Driver DisplayLink Core Software EASEUS Partition Master 9.1.0 Home Edition Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Lifetime Updater Garmin USB Drivers Google Chrome HP Tuners VCM Suite 2.22 ISO to USB iTunes IVI Shared Component 64-bit IVI Shared Components 2.2.1 Java Auto Updater Java 6 Update 29 Java 7 Update 5 JavaFX 2.1.1 KENWOOD Music Editor Light Kneson YottaPrint [Enhanced] Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Motorola Device Manager Motorola Device Software Update Motorola Mobile Drivers Installation 5.9.0 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) National Instruments Software NI-488.2 2.8.1 NI-488.2 for Windows x64 version 2.8.1 NI-488.2 Provider for MAX version 2.8.1 NI-653x Installer 1.9.4 NI-653x Installer for 64 Bit Windows 1.9.4 NI-APAL 2.1 64-Bit Error Files NI-APAL 2.1 Error Files NI-APAL 2.1 Error Files for LabVIEW RT NI-DAQ C and VB6 API 2.3.0 NI-DAQ Document Set 9.3.5 NI-DAQ INF Files 19.3.5 NI-DAQmx 9.3.5 NI-DAQmx ADE Support 9.3.5 NI-DAQmx Documentation 9.3.5 NI-DAQmx Documentation for 64 bit Windows 9.3.5 NI-DAQmx MAX Configuration Support 9.3.5 NI-DAQmx MAX Support 64-bit 2.2.0 NI-DAQmx support for LabVIEW 2.1.0 NI-DAQmx Switch Core 2.2.0 NI-DAQmx Switch Core for 64 Bit Windows 2.2.0 NI-DAQmx/LabVIEW shared documentation 1.9.5 NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5 NI-DIM 1.11.0f0 NI-DIM 1.11.0f0 for 64 Bit Windows NI-MDBG 1.10.0f0 NI-MDBG 1.10.0f0 for 64 Bit Windows NI-MRU 2.11.1f0 NI-MRU 2.11.1f0 for 64 Bit Windows NI-MX Expert Framework 2.8.0 NI-MX Expert Framework for 64 Bit Windows 2.8.0 NI-MXDF 1.11.5f1 NI-MXDF 1.11.5f1 for 64 Bit Windows NI-MXLC Core (32-bit) NI-MXLC Core (64-bit) NI-MXLC LabVIEW 2009 Support NI-MXLC LabVIEW 2010 Support NI-MXLC LabVIEW 2011 Support NI-MXLC LabVIEW 8.6 Support NI-ORB 1.9.3f0 NI-ORB 1.9.3f0 for 64 Bit Windows NI-PAL 2.6.5f0 NI-PAL 2.6.5f0 for 64 Bit Windows NI-RPC 4.2.0f0 for Phar Lap ETS NI-RPC 4.2.2f0 NI-RPC 4.2.2f0 for 64 Bit Windows NI-RPC 4.2.2f0 for Phar Lap ETS NI-VISA 5.1.0 NI-VISA 5.1.0 64-bit Support NI-VISA 5.1.0 MAX Provider NI-VISA 5.1.0 Provider 64-bit Support NI-VISA Runtime 5.1.0 NI-VISA Server 5.1.0 NI-VISA x64 support 5.1.0 NI .NET Framework 3.5 SP1 NI Advanced Signal Processing Toolkit Old RT Compatibility NI AFW Channel Configuration Tool NI AFW Custom UI NI AFW Custom UI Assemblies NI AFW UI Assemblies NI AOP5 DataPlugin 1.8.3 NI Assistant Framework NI Assistant Framework 64-bit NI Assistant Framework LabVIEW 2011 Support NI Assistant Framework LabVIEW Code Generator 2011 NI Audio DataPlugin 1.1.1 NI Authentication 2.0 NI Authentication 2.0 (64-bit) NI Calibration Provider for MAX 5.0.0 NI Calibration Provider Help for 64 Bit Windows NI Certificates Deployment Support NI CodeSignAPI NI Common Digital 1.13.0 NI Common Digital for 64 Bit Windows 1.13.0 NI Curl 1.1 NI Curl 1.1 (64-bit) NI DAQ Assistant 2.0.0 NI DAQ Assistant 64-bit 2.0.0 NI DataFinder Client 3.0 NI DataFinder Desktop 3.0 NI DataSocket 4.9 NI DataSocket 4.9 (64-bit) NI DIAdem 2011 NI DIAdem 2011 (Core) NI DIAdem 2011 Documentation (TDM) NI Distributed System Manager 2011 NI DN 2.0 SP1 installer NI DN 2.0 x64 SP1 installer NI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0 NI Dynamic Signal Acquisition Installer 2.2.0 NI Error Reporting 2011 NI Ethernet Device Enumerator NI Ethernet Device Enumerator 64-Bit NI EulaDepot NI Example Finder 11.0 NI FSL Installer 1.13.0 NI FSL Installer for 64-Bit Windows 1.13.0 NI GMP Windows 32-bit Installer 11.0.0 NI GMP Windows 64-bit Installer 11.0.0 NI Help Assistant NI Help Assistant (64bit) NI I/O Trace API LV2011 NI Instrument I/O Assistant NI Instrument IO Assistant for LabVIEW 2011 32-bit NI IO Trace 3.0.0 NI IVI Class Driver LabVIEW 2011 Support NI IVI Class Drivers NI IVI Class Drivers (64-bit) NI IVI Class Simulation Drivers NI IVI Class Simulation Drivers (64-bit) NI IVI Compliance Package 4.4 NI IVI Compliance Package 4.4 (64-bit) NI IVI Engine NI IVI Engine (64-bit) NI IVI Online Help NI IVI Provider for MAX NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine 64Bit NI LabVIEW 2009 SP1 Run-Time Engine Web Services NI LabVIEW 2010 Real-Time NBFifo NI LabVIEW 2011 NI LabVIEW 2011 Advanced Signal Processing Toolkit NI LabVIEW 2011 Advanced Signal Processing Toolkit License NI LabVIEW 2011 Advanced Signal Processing Toolkit RT Support NI LabVIEW 2011 Database Connectivity Toolkit NI LabVIEW 2011 Database Connectivity Toolkit License NI LabVIEW 2011 Deployable License NI LabVIEW 2011 Deployment Framework NI LabVIEW 2011 Digital Filter Design Toolkit NI LabVIEW 2011 Digital Filter Design Toolkit License NI LabVIEW 2011 Digital Filter Design Toolkit RT Support NI LabVIEW 2011 Help NI LabVIEW 2011 Help File NI LabVIEW 2011 Internet Toolkit NI LabVIEW 2011 Internet Toolkit License NI LabVIEW 2011 License NI LabVIEW 2011 Manuals NI LabVIEW 2011 MeasAppChm File NI LabVIEW 2011 PID and Fuzzy Logic Toolkit NI LabVIEW 2011 PID and Fuzzy Logic Toolkit License NI LabVIEW 2011 PID and Fuzzy Logic Toolkit RT Support NI LabVIEW 2011 Real-Time Error Dialog NI LabVIEW 2011 Real-Time NBFifo NI LabVIEW 2011 Report Generation Toolkit for Microsoft Office NI LabVIEW 2011 Report Generation Toolkit License NI LabVIEW 2011 Run-Time Engine Non-English Support. NI LabVIEW 2011 Search NI LabVIEW 2011 Simulation NI LabVIEW 2011 VI Analyzer Toolkit NI LabVIEW 2011 VI Analyzer Toolkit License NI LabVIEW 2011 VIPM Helper NI LabVIEW 2011 Web Server NI LabVIEW Broker NI LabVIEW Broker (64 bit) NI LabVIEW C Interface NI LabVIEW Compare Utility 11.0.0 NI LabVIEW EWB DeviceHandler 2010 NI LabVIEW MAX XML NI LabVIEW Merge Utility 11.0.0 NI LabVIEW Real-Time FIFO for Runtime NI LabVIEW Real-Time NBFifo NI LabVIEW Run-Time Engine 2009 SP1 NI LabVIEW Run-Time Engine 2010 SP1 NI LabVIEW Run-Time Engine 2011 NI LabVIEW Run-Time Engine 8.2.1 NI LabVIEW Run-Time Engine 8.6.1 NI LabVIEW Run-Time Engine Interop 2009 NI LabVIEW Run-Time Engine Interop 2010 NI LabVIEW Run-Time Engine Interop 2011 NI LabVIEW SignalExpress 2011 NI LabVIEW SignalExpress 2011 Core NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support NI LabVIEW SignalExpress 2011 Core LabVIEW Support NI LabVIEW SignalExpress 2011 Datatypes NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support NI LabVIEW SignalExpress 2011 LabVIEW Support NI LabVIEW SignalExpress 2011 Licenses NI LabVIEW SignalExpress 2011 Steps NI LabVIEW SignalExpress 2011 Tools NI LabVIEW Web Server for Run-Time Engine NI LabVIEW Web Services Runtime NI LabWindows/CVI 2009 Run-Time Engine NI LabWindows/CVI 2009 Run-Time Engine (64-bit) NI LabWindows/CVI 2010 Analysis Library NI LabWindows/CVI 2010 Analysis Library (64-bit) NI LabWindows/CVI 2010 Code Generator NI LabWindows/CVI 2010 LabVIEW DLL Builder NI License Manager NI Logos 5.3.0 NI Logos LabVIEW 2011 Support NI Logos XT Support NI Logos64 5.3.0 NI Logos64 XT Support NI Math Kernel Libraries NI Math Kernel Libraries (64-bit) NI MAX Remote Configuration 64-bit Installer 5.0 NI MAX Remote Configuration Installer 5.0 NI MAX Support for 64 Bit Windows NI MDF Support NI mDNS Responder 1.6 for Windows 64-bit NI mDNS Responder 1.6.0 NI Measurement & Automation Explorer 5.0.0 NI Measurement Studio 8.6 Enterprise RunTime for VS2005 NI Measurement Studio Common .NET Assemblies for .NET 2.0 NI Measurement Studio Recipe Processor NI MetaSuite Installer NI Microsoft Silverlight Wrapper NI MIO Device Drivers 2.6.0 NI MIO Device Drivers for 64 Bit Windows 2.6.0 NI MXS 5.0.0 NI MXS 5.0.0 for 64 Bit Windows NI Network Browser 5.0.0 NI Network Discovery 5.0 NI Network Discovery 5.0 for Windows 64-bit NI OPC Support NI Portable Configuration 5.0.0 NI Portable Configuration for 64 Bit Windows 5.0.0 NI PXI Hardware 64-bit Support 2.6.2 NI PXI Platform Framework 1.3.2 NI PXI Platform Framework 1.3.2 64-bit NI PXI Platform Services 2.6.2 NI PXI Platform Services 2.6.2 Configuration Support NI PXI Platform Services 2.6.2 Expert NI PXI SystemAPI Expert 2.6.2 NI PXI SystemAPI Expert 64-bit 2.6.2 NI Registration Wizard NI Remote Provider for MAX 5.0.0 NI Remote PXI Provider for MAX 5.0.0 NI RTSI Cable Core Installer 1.0.0 NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0 NI RTSI PAL Device Library Installer 1.0.0 NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0 NI RTSI UI Provider 1.0.0 NI RTSI UI Provider for 64 Bit Windows 1.0.0 NI SCXI 1.15.0 NI SCXI for 64 Bit Windows 1.15.0 NI Search Shared NI Software Provider for MAX 5.0.0 NI Sound and Vibration Frequency Analysis 2010 NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support NI Spy Windows 64 Support 3.0.0 NI SSL LabVIEW 2011 Support NI SSL Support NI SSL Support (64-bit) NI STC 1.10.0 NI STC for 64 Bit Windows 1.10.0 NI System API Client for WIF 5.0.0 NI System API Web-Servce 32-bit 5.0.0 NI System API Windows 32-bit 5.0.0 NI System API Windows 64-bit 5.0.0 NI System Configuration 5.0.0 LabVIEW Support NI System Configuration CVI Support 5.0.0 NI System Configuration LV2011 Support 5.0.0 NI System Configuration Runtime 5.0.0 NI System Configuration Runtime 5.0.0 for Windows 64-bit NI System State Publisher NI System State Publisher (64-bit) NI System Web Server 2.0 NI System Web Server Base 2.0 NI System Web Server Base 2.0 (64-bit) NI TDM Excel Add-In 3.3 NI TDM Excel Add-In 3.3 64-bit NI TDMS NI TDMS (64-bit) NI Timing for 64 Bit Windows 2.3.0 NI Timing Installer 2.3.0 NI Trace Engine NI Trace Engine (64-bit) NI Uninstaller NI Update Service 2.0 NI USI 1.9.0 NI USI 1.9.0 64-Bit NI Variable Engine (64-bit) NI Variable Engine 2.5.0 NI Variable Engine LabVIEW 2011 Support NI VC2005MSMs x64 NI VC2005MSMs x86 NI VC2008MSMs x64 NI VC2008MSMs x86 NI Web Application Server 2.0 NI Web Application Server 2.0 (64-bit) NI Web Interface Framework 2.0 NI Web Pipeline 2.0.1 NI Web Pipeline 2.0.1 64-bit support NI Xalan Delay Load 1.10.1 NI Xalan Delay Load 1.10.1 64-bit NI Xerces Delay Load 2.7.3 NI Xerces Delay Load 2.7.3 64-bit NuonSoft Wallpaper Cycler 3.6 NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.10.8 NVIDIA Update Components PDF Settings CS6 Reset NI Config 5.0.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition TagScanner 5.1.625 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VISA Shared Components 64-Bit vLite WIF Core Dependencies Windows 5.0.0 Windows Automated Installation Kit Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Media Player Firefox Plugin Windows Mobile Device Updater Component WinRAR 4.10 (64-bit) Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 1/6/2013 8:29:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 1/6/2013 8:29:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/6/2013 8:29:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/6/2013 8:29:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/6/2013 8:29:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/6/2013 8:29:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/6/2013 8:29:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/6/2013 8:29:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter NIPALK nipbcfk nipxibaf nipxibrc spldr Wanarpv6 1/6/2013 8:25:18 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 1/6/2013 8:25:18 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 9:03:08 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 1/5/2013 8:51:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 1/5/2013 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 1/5/2013 8:43:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:42:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/5/2013 8:41:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT NIPALK nipbcfk nipxibaf nipxibrc nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/5/2013 8:27:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command. . ==== End Of File ===========================
- January 6, 2013
- 12 replies
Infected PC?

tjotto1 posted a topic in Resolved Malware Removal Logs

It appears that my PC is infected with something, and I am hoping someone here can help me out. Symptoms are as follows. High CPU usage with no applications apparently running. Unable to open (or more appropriately keep open) Task Manager. Unable to open a DOS prompt (cmd.exe). I have Malware Bytes Pro, it is updated, and scan finds nothing malicious. However, I am getting an occasional popup about blocked outgoing access to 209.85.229.104. It was actually happening so frequently that Malware Bytes was actually shutting down my internet access. I took the temporary step of blocking the web address in my router and temporarly disabling website blocking in Malware Bytes. I also have MSE, which is also updated and finds nothing malicious. I followed the "I'm Infected, what do I do now" sticky and was able to download and run dds.com. However, it does not appear to be creating the dds.txt or the attach.txt files when run. Thanks in advance for any help. Troy.
- January 6, 2013
- 12 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Sorry, I think i missed something. Where do I dowload OTL from?
- January 5, 2011
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

ok. file attached. combofixlog.txt
- January 3, 2011
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Apologies for the delayed response. Will run this tomorrow somtime and get you the results.
- January 2, 2011
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Also, I did a bit more looking at where the redirect sends the search. From google I did a random search and it would send me to Bing one time, GimmeAnswers, Bakespace blog, a yellow pages site, etc. I did notice that there is always one or two redirects before settling on the final pages above. Hope that help provide some insight.
- December 30, 2010
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

I dont see that file or anything resembling it in the tasks directory. I have 'Show hidden files and folders' checked, and I have 'Hide protected operating system files' unchecked. There are two scheduled tasks. McDefragTask and McQcTask.
- December 30, 2010
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

That is not something I recognize as being something we setup. The sites seem to be random placeholder sites from what I have seen. Ocassionaly it goes back to their home page, my.msn.com. If you would like specific sites I can get those. They are connected to a router/modem combo for the DSL.
- December 30, 2010
- 15 replies
Redirector help

tjotto1 replied to tjotto1's topic in Resolved Malware Removal Logs

Thanks for the help. Below are the contents of the logs from OTL. OTL Extras logfile created on: 12/29/2010 3:27:24 PM - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Jane Otto\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 436.00 Mb Available Physical Memory | 43.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.82 Gb Total Space | 114.77 Gb Free Space | 78.71% Space Free | Partition Type: NTFS Computer Name: D6HZQ391 | User Name: Jane Otto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server -- ( ) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{2223989A-31FA-40CF-8ACB-7E66DF8076A9}" = Microsoft Office Word 2003 Step by Step "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29DBCB14-49ED-4906-A440-CBC27B761051}" = Roxio MyDVD 9 Studio "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E5B5CC2-BE9E-42B7-AE3E-F534B82CD83A}" = Calendar Creator 8.0 Deluxe "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1 "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3D Home Architect Deluxe 3.0" = 3D Home Architect® Deluxe 3.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Bird Hunter Wild Wings Edition" = Bird Hunter Wild Wings Edition "Deer Hunt Challenge SE" = Deer Hunt Challenge SE "dh2" = Deer Hunter 2 "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "HaaliMkx" = Haali Media Splitter "hd3d32DeinstKey" = Expert Home Design 3D "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = InCD "InstallShield_{2223989A-31FA-40CF-8ACB-7E66DF8076A9}" = Microsoft Office Word 2003 Step by Step "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero OEM "Network Play System" = EA Network Play System "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control "Pheasant Hunt Challenge" = Pheasant Hunt Challenge "PROSet" = Intel® PRO Network Connections Drivers "QcDrv" = Logitech
- December 29, 2010
- 15 replies
Redirector help

tjotto1 posted a topic in Resolved Malware Removal Logs

I am hoping someone can help me out here. I am working on my parents computer and they have a bad "redirector" problem that I cannot seem to solve. Using about any search enging, and clicking on links from a search result sends you not to the link you wanted but some where off in cyberspace. Happens frequently, at least 50% or more of the time. I have read the "I'm Infected - What do I do now" and followed the instructions. I have attached all the files created, including a Hijackthis.log in the attached zip. A couple of notes. I did not receive the reboot prompt on the DeFogger tool. I rebooted anyway and included the log. Also, I was unable to find the refernced DDS in the steps. I skipped it, and ran the GMER regardless and included it's log. Any help would be greatly appreciated. Thanks in advance. Troy scanlogs.zip
- December 28, 2010
- 15 replies

Sign In

tjotto1

Posts

Joined

Last visited

Reputation

Infected PC?

Infected PC?

Infected PC?

Infected PC?

Infected PC?

Infected PC?

Infected PC?

Redirector help

Redirector help

Redirector help

Redirector help

Redirector help

Redirector help

Redirector help

Redirector help

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information