Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"dfrgui.exe - Ordinal Not Found" Malware at play?


  • Please log in to reply
11 replies to this topic

#1 smegward

smegward

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 29 April 2014 - 02:44 PM

Good Evening everyone!

 

First time poster in this forum and seeking some help/advice please.

 

I am currently having problems on a Sony Vaio laptop running Windows 7 Home Premium Service Pack 1.  I have Norton Internet Security 2014 installed which I have had installed since within the first fortnight of owning it (owned it for just under two years now) and regularly scan my laptop.

 

I went to defrag the C drive and an error pop up entitled "dfrgui.exe - Ordinal Not Found" came up with the message "The ordinal 345 could not be located in the dynamic link library COMCTL32.dll". I have browsed various places on the internet and contacted MS support. I have not recently installed any new drivers or programs so haven't tried to undo any changes since there haven't been any for a few months now. Having browsed I decided to run 'sfc /scannow' in the cmd prompt, this came back with errors which it said were contained within 'CBS.log'. I navigated to the folder containing the log but have been unable to open it as the administrator.

 

Looking through my Norton history (aside from tracking cookie removal) there have been 4 high severity events.

 

1. 05/12/2013 19:22:05

    "egm9v007.htm (Joker) detected by Download Insight STATUS = Quarantined

 

2. 05/12/2013 19:22:07

    "Download insight analysed EGM9Voo7.htm" STATUS = Removed

 

3. 11/12/2013 02:29:25

    "armaccess.dll (Trojan.Gen) detected by Virus scanner" STATUS = Quarantined

 

4. 11/12/2013 08:02:14

     "Risks in compressed file "crack.rar" detected by Virus Scanner" STATUS = Removed

 

I have tried to provide as much data as possible and have tried to (hopefully!) post this in the most appropriate board. Any help anyone could offer would be greatly appreciated as I am slowly getting to my wits end :)

 

Thanks a lot!

 

Eddie



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 03 May 2014 - 05:28 AM

Hello -
It seems that your topic was left for a day or so. Lets try and look at it -
 

Download all programs to Desktop, Temporarily Disable Your Anti-virus if needed and Copy and Paste all logs.

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

Next -

Please download and run RKill by Grinler.
A black DOS box will flash and then disappear.
This is normal and indicates the tool ran successfully.

Please Copy and paste the small log it leaves.

 

Important: Do not reboot your computer until you complete the next step.

 

Now: Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and the paste this log in your next post.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Malwarebytes Anti-Malware Free version 1.75.0.1300 has now been upgraded to Version 2.0.1

Please follow Free version removal methods. (link is to Malwarebytes site) if required -

If not installed, please follow this guide -

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
----------
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply

 

Also include any current Norton logs -

 

Just F.Y.I. dfrgui.exe was often a defragment error in XP, but not very usual in Windows 7 systems -



#3 smegward

smegward
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 03 May 2014 - 05:44 AM

Thanks for the reply. May take me a day or two to action all that but I'll get on it when I get back to my laptop and post up the results! Thanks again :)

#4 smegward

smegward
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 03 May 2014 - 07:37 AM

OK ran everything you stated here are all the results!

 

Ok so the Security check came back with:

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````

Java™ 7 Update 1
Java version out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

The mini toolkit result file came back saying:

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by Eddie's (administrator) on 03-05-2014 at 12:44:09

Running from "C:\Users\Eddie's\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

 

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/03/2014 00:32:18 PM) (Source: IAStorDataMgrSvc) (User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/03/2014 00:30:47 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15584

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/01/2014 05:06:53 PM) (Source: IAStorDataMgrSvc) (User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/01/2014 05:05:21 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/01/2014 10:56:25 AM) (Source: IAStorDataMgrSvc) (User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/01/2014 10:55:07 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/29/2014 06:31:47 PM) (Source: IAStorDataMgrSvc) (User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

 

System errors:

=============

Error: (05/01/2014 10:14:03 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:14:03 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:14:03 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:14:03 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:13:47 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:13:31 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:12:42 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:12:24 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.

 

Error: (05/01/2014 10:12:15 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (05/01/2014 10:12:06 PM) (Source: DCOM) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

 

 

Microsoft Office Sessions:

=========================

Error: (05/03/2014 00:32:18 PM) (Source: IAStorDataMgrSvc)(User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/03/2014 00:30:47 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15584

 

Error: (05/01/2014 08:21:48 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/01/2014 05:06:53 PM) (Source: IAStorDataMgrSvc)(User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/01/2014 05:05:21 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/01/2014 10:56:25 AM) (Source: IAStorDataMgrSvc)(User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

Error: (05/01/2014 10:55:07 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/29/2014 06:31:47 PM) (Source: IAStorDataMgrSvc)(User: )

Description: Service cannot be started. System.BadImageFormatException: Could not load file or assembly 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91' or one of its dependencies. The module was expected to contain an assembly manifest.

File name: 'IAStorDataMgr, Version=11.0.0.1032, Culture=neutral, PublicKeyToken=0864863fcbc5bc91'

   at IAStorDataMgr.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

WRN: Assembly binding logging is turned OFF.

To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.

Note: There is some performance penalty associated with assembly bind failure logging.

To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

 

 

=========================== Installed Programs ============================

 

?????? Windows Live (Version: 15.4.3502.0922)

??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ?????????? (Version: 15.4.5722.2)

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (Version: 15.4.5722.2)

???????? ?????????? Windows Live (Version: 15.4.3502.0922)

?????????? Windows Live (Version: 15.4.3502.0922)

??????????? ?? Windows Live (Version: 15.4.3502.0922)

???????????? Windows Live (Version: 15.4.3502.0922)

3MobileWiFi (Version: 1.09.01.156)

AccessData FTK Imager (Version: 3.1.2.0)

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (Version: 15.4.5722.2)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (Version: 15.4.5722.2)

Adobe Acrobat XI Pro (Version: 11.0.06)

Adobe AIR (Version: 2.7.0.19460)

Adobe Download Assistant (Version: 1.2.6)

Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)

Adobe Flash Player 13 Plugin (Version: 13.0.0.206)

Adobe Reader X (10.1.9) MUI (Version: 10.1.9)

Agatha Christie - Death on the Nile (Version: 2.2.0.98)

Aloha TriPeaks (Version: 2.2.0.98)

Any Audio Converter 4.0.1

Apple Application Support (Version: 3.0.1)

Apple Mobile Device Support (Version: 7.1.1.3)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.161)

ArcSoft WebCam Companion 4 (Version: 4.0.21.457)

Atheros Bluetooth Suite (64) (Version: 7.4.0.125)

Backup Manager

BBC iPlayer Desktop (Version: 3.2.15)

Bejeweled 3 (Version: 2.2.0.98)

Bing Bar (Version: 7.3.132.0)

Bing Desktop (Version: 1.3.174.0)

Bonjour (Version: 3.0.0.10)

BT Desktop Help

Build-a-lot 2 (Version: 2.2.0.98)

Cake Mania (Version: 2.2.0.98)

Chuzzle Deluxe (Version: 2.2.0.95)

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (Version: 15.4.5722.2)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)

CopyTrans Suite Remove Only (Version: 2.37)

CyberLink PowerDVD (Version: 9.0.5009.52)

D3DX10 (Version: 15.4.2368.0902)

Data Transfer Accelerator

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DisplayFusion 5.0.1 (Version: 5.0.1.0)

DLL Suite 2013

Evernote v. 4.5.2 (Version: 4.5.2.5904)

FDUx86 (Version: 1.0.0)

Fishdom ™ 2 (Version: 2.2.0.98)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (Version: 15.4.5722.2)

Fotogalerija Windows Live (Version: 15.4.3502.0922)

Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)

Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Galerie foto Windows Live (Version: 15.4.3502.0922)

Garmin ANT Agent (Version: 2.3.4)

Garmin Communicator Plugin (Version: 4.0.4)

Garmin Communicator Plugin x64 (Version: 4.0.4)

Garmin USB Drivers (Version: 2.3.1.0)

HandBrake 0.9.9.1 (Version: 0.9.9.1)

iCloud (Version: 3.1.0.40)

Insaniquarium Deluxe (Version: 2.2.0.97)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 8.0.2.1410)

Intel® OpenCL CPU Runtime

Intel® Processor Graphics (Version: 8.15.10.2618)

Intel® Rapid Storage Technology (Version: 11.0.0.1032)

Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)

Intel® Trusted Connect Service Client (Version: 1.23.605.1)

iTunes (Version: 11.1.5.5)

Java Auto Updater (Version: 2.1.5.1)

Java™ 7 Update 1 (64-bit) (Version: 7.0.10)

Java™ 7 Update 1 (Version: 7.0.10)

Jewel Quest Solitaire 2 (Version: 2.2.0.98)

Junk Mail filter update (Version: 15.4.3502.0922)

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (Version: 15.4.5722.2)

KUx86 (Version: 1.0.0)

Mahjongg Artifacts (Version: 2.2.0.95)

MakeMKV v1.8.5 (Version: v1.8.5)

Media Gallery (Version: 2.1.0.13300)

Media Go (Version: 2.0.317)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook Connector (Version: 14.0.6123.5001)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Minefield (4.0a1pre) (Version: 4.0a1pre (en-US))

Mozilla Firefox 28.0 (x86 en-GB) (Version: 28.0)

Mozilla Maintenance Service (Version: 28.0)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT Redists (Version: 1.0)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Mystery of Mortlake Mansion (Version: 2.2.0.98)

Mystery P.I. - The London Caper (Version: 2.2.0.95)

Norton Bootable Recovery Tool Wizard (Version: 6.0.0.74)

Norton Internet Security (Version: 21.2.0.38)

Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)

OSForensics

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (Version: 15.4.5722.2)

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (Version: 15.4.5722.2)

Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)

PlayMemories Home (Version: 6.1.01.14210)

PlayStation®Network Downloader (Version: 2.07.00849)

PlayStation®Store (Version: 4.5.15.13232)

Poczta uslugi Windows Live (Version: 15.4.3502.0922)

Podstawowe programy Windows Live (Version: 15.4.3502.0922)

Polar Bowler (Version: 2.2.0.97)

Pošta Windows Live (Version: 15.4.3502.0922)

PYV_x86 (Version: 1.0.0)

Qualcomm Atheros Direct Connect (Version: 3.1)

Qualcomm Atheros WiFi Driver Installation (Version: 3.0)

Raccolta foto di Windows Live (Version: 15.4.3502.0922)

Realtek High Definition Audio Driver (Version: 6.0.1.6564)

Realtek PCIE Card Reader (Version: 6.1.7601.91)

Remote Keyboard (Version: 1.2.0.09270)

Remote Play with PlayStation®3 (Version: 1.1.0.21090)

Roxio Creator LJ (Version: 1.0.524)

Roxio Creator LJ (Version: 12.1.13.13)

Roxio Creator LJ (Version: 5.0.0)

S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Shared C Run-time for x64 (Version: 10.0.0)

Skype™ 6.11 (Version: 6.11.102)

SSLx64 (Version: 1.0.0)

SSLx86 (Version: 1.0.0)

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (Version: 15.4.5722.2)

Steam (Version: 1.0.0.0)

Synaptics Pointing Device Driver (Version: 16.0.1.0)

The Hidden Object Game Show (Version: 2.2.0.97)

TrackID™ with BRAVIA (Version: 1.2.0.09270)

TriDef 3D (Sony) 2.0.5 (Version: 2.0.5)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update Installer for WildTangent Games App

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (Version: 15.4.5722.2)

V3DPx86 (Version: 1.0.0)

VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: 1.0.00.01300)

VAIO - PlayMemories Home Plug-in (Version: 2.0.00.14200)

VAIO - Remote Keyboard (Version: 1.2.0.09270)

VAIO - Remote Keyboard with PlayStation®3 (Version: 1.2.0.09210)

VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.21090)

VAIO - TrackID™ with BRAVIA (Version: 1.2.0.09270)

VAIO 3D Portal (Version: 1.2.0.10131)

VAIO Care (Version: 8.4.0.14281)

VAIO Control Center (Version: 5.2.1.15070)

VAIO CPU Fan Diagnostic (Version: 1.1.0.09200)

VAIO Data Restore Tool (Version: 1.9.0.13190)

VAIO Easy Connect (Version: 1.1.2.01120)

VAIO Gate (Version: 2.4.1.09230)

VAIO Gate Default (Version: 2.5.2.02090)

VAIO Gesture Control (Version: 1.0.0.12300)

VAIO Improvement (Version: 1.3.0.12280)

VAIO Improvement Validation (Version: 1.0.4.01190)

VAIO Manual (Version: 2.3.0.12300)

VAIO Sample Contents (Version: 1.4.2.09010)

VAIO Smart Network (Version: 3.14.1.07010)

VAIO Transfer Support (Version: 1.7.1.06040)

VAIO Update (Version: 6.3.1.10120)

VCCx64 (Version: 1.0.0)

VCCx86 (Version: 1.0.0)

Vegas Pro 12.0 (64-bit) (Version: 12.0.770)

VHD (Version: 1.0.0)

Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)

VIx64 (Version: 1.0.0)

VIx86 (Version: 1.0.0)

VLC media player 2.1.3 (Version: 2.1.3)

VMLx86 (Version: 1.0.0)

VPMx64 (Version: 1.0.0)

VSNx64 (Version: 1.0.0)

VSNx86 (Version: 1.0.0)

VSSTx64 (Version: 1.0.0)

VSSTx86 (Version: 1.0.0)

VU5x64 (Version: 1.1.0)

VU5x86 (Version: 1.0.0)

VU5x86 (Version: 1.1.0)

VWSTx86 (Version: 1.0.0)

WildTangent Games (Version: 1.0.2.5)

WildTangent Games App (Version: 4.0.5.36)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (Version: 02/06/2007 3.1)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live Fotogaléria (Version: 15.4.3502.0922)

Windows Live Fotogalerie (Version: 15.4.3502.0922)

Windows Live Fotogalleri (Version: 15.4.3502.0922)

Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)

Windows Live Fotótár (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (Version: 15.4.5722.2)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (Version: 15.4.5722.2)

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (Version: 15.4.5722.2)

Windows Live Meshin etäyhteyksien ActiveX-komponentti (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Temel Parçalar (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Liven asennustyökalu (Version: 15.4.3502.0922)

Windows Liven sähköposti (Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)

WinPcap 4.1.3 (Version: 4.1.0.2980)

Wireshark 1.8.7 (64-bit) (Version: 1.8.7)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 32%

Total physical RAM: 8092.36 MB

Available physical RAM: 5480.67 MB

Total Pagefile: 16182.9 MB

Available Pagefile: 13205.68 MB

Total Virtual: 4095.88 MB

Available Virtual: 3961.68 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:448.19 GB) (Free:34.11 GB) NTFS

2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.23 GB) (Free:0 GB) UDF

3 Drive e: () (Removable) (Total:29.71 GB) (Free:19.63 GB) FAT32

4 Drive f: (PHONE CARD) (Removable) (Total:0.93 GB) (Free:0.57 GB) FAT

 

========================= Users: ========================================

 

User accounts for \\EDDIES-VAIO

 

Administrator            Eddie's                  Guest                    

 

 

**** End of log ****

 

The rkill result came back with:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 05/03/2014 12:51:16 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/03/2014 12:51:58 PM
Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)

 

 

 

The AdwCleaner results came back with:

 

# AdwCleaner v3.205 - Report created 03/05/2014 at 13:06:04

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Eddie's - EDDIES-VAIO

# Running from : C:\Users\Eddie's\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Eddie's\AppData\Local\Wajam

File Deleted : C:\Users\Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\mfjlfby7.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

File Deleted : C:\Users\Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\mfjlfby7.default\searchplugins\safesearch.xml

File Deleted : C:\Users\Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\mfjlfby7.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16521

 

 

-\\ Mozilla Firefox v28.0 (en-GB)

 

[ File : C:\Users\Eddie's\AppData\Roaming\Mozilla\Firefox\Profiles\mfjlfby7.default\prefs.js ]

 

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395356962517");

 

*************************

 

AdwCleaner[R0].txt - [2441 octets] - [03/05/2014 12:58:01]

AdwCleaner[S0].txt - [2197 octets] - [03/05/2014 13:06:04]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2257 octets] ##########

 

The MBAM log came back with:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 03/05/2014

Scan Time: 13:25:29

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.03.04.09

Rootkit Database: v2014.02.20.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Eddie's

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 262318

Time Elapsed: 10 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Thanks for the help so far!

 

Eddie


Edited by smegward, 03 May 2014 - 11:17 AM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 03 May 2014 - 06:39 PM

egm9v007.htm <= is not listed in Google ?? It may be a "dead" or made up program -

 

armaccess.dll is part of Windows Operating System.
Your Norton may be giving you a false positive. I wouldnt delete it.
STATUS = Quarantined <= Do you know how to access the Quarantine and re-install it ??

 

Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Java™ 7 Update 1 (Version: 7.0.10)
If you wish to use Java, please visit HERE and read the directions to Update.
Uninstall all Older versions, and Do Not accept the Chrome add-on offered with it.

 

Run DiskCleanup -> Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup
This is a "Mini Defrag" tool and will help remove many old items.

 

Download Auslogics Defrag tool from HERE and ONLY use the Defrag section.

 

How to analyze the log file entries that the Microsoft Windows Resource Checker, (SFC.exe) program generates in Windows Vista / 7 cbs.log
http://support.microsoft.com/kb/928228

 

Download TDSSKiller and save it to your desktop.

* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 03 May 2014 - 07:10 PM

I apologize for the interruption but want to say about armaccess.dll that according to Virus Total is not safe:

https://www.virustotal.com/bg/file/e77a582613780dd7a4133111b55bbffd45987334596352b004ffe9345e5a5b69/analysis/1289815771/



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 03 May 2014 - 07:16 PM

Great pick-up, thanks for that one - Always post if you find these ...... :)

 

armaccess.dll - 32 / 43 Detection



#8 smegward

smegward
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 07 May 2014 - 12:43 PM

Hey,
 
Thanks for getting back to me, sorry for the late reply, been mad busy at work!
 
I have updated Java now, ran the cleaner and downloaded and ran the defragger. Once it had finished it said it was still 29% fragmented.
 
The MS link was useful and carried out what it said but the cmd prompt basically did nothing.
 
Ran TDSSKiller and it found no threats.
 
Just tried the original problem and it's still present.
 
Thanks for the help so far, really appreciate it!
 
Eddie

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 07 May 2014 - 05:08 PM

OK -

You may need to run Auslogics Defrag several times to complete what you want.

I run it every few days, as it will not fully drfrag your HDD -

 

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<== Full Directions Here (only post the link)



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 10 May 2014 - 07:26 PM

The problem may be found with System File Check -

 

1. Open a Command Window in Administrator mode:

* ClickStart
* Click All Programs > Accessories
* Right click on the Command Prompt option,
* On the drop down menu which appears, click on the Run as Administratoroption.

* If you haven’t disabled User Account Control (and you shouldn’t!) you may be asked for authorisation. Click the Continue button if you are the administrator or insert the administrator password.

2. Start the System File Checker

* In the Command Prompt window, type:sfc /scannow,
* Note the space between c and / as it must be there.

* Now : Press Enter.
* You willll see “the system scan will begin”.

This will take (on average) 15 to 20 minutes depending on your system

Please allow the program to fully finish (do not use the computer while this runs)

If this is a Laptop make sure it ix plugged into a reliable power source, as batteries do fail -



#11 smegward

smegward
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 11 May 2014 - 08:01 AM

Here was the results from Speccy:

 

http://speccy.piriform.com/results/sRayNlMhYl6cjbbdQYI146h

 

Ran SFC /SCANNOW and that came back with:

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:57 PM

Posted 11 May 2014 - 06:27 PM

Hi -

Silly question usually -

 

Do you have any Genuine Install or Reinstall DVDs for your system ??

The missing / problem files will be from dfrgui.exe, and are on a Genuine DVD.

 

Do you know anyone with the same Home Premium 64-bit system as yours, that may have an install DVD ??

The install Dates are not related, but you may need to install Windows Updates once finished !!

 

This is the Simple Method -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users