tjotto1 Posted January 6, 2013 ID:630957 Share Posted January 6, 2013 It appears that my PC is infected with something, and I am hoping someone here can help me out. Symptoms are as follows.High CPU usage with no applications apparently running.Unable to open (or more appropriately keep open) Task Manager.Unable to open a DOS prompt (cmd.exe).I have Malware Bytes Pro, it is updated, and scan finds nothing malicious. However, I am getting an occasional popup about blocked outgoing access to 209.85.229.104. It was actually happening so frequently that Malware Bytes was actually shutting down my internet access. I took the temporary step of blocking the web address in my router and temporarly disabling website blocking in Malware Bytes.I also have MSE, which is also updated and finds nothing malicious.I followed the "I'm Infected, what do I do now" sticky and was able to download and run dds.com. However, it does not appear to be creating the dds.txt or the attach.txt files when run.Thanks in advance for any help. Troy. Link to post Share on other sites More sharing options...
Maniac Posted January 6, 2013 ID:631044 Share Posted January 6, 2013 Hello tjotto1! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please try again with DDS in Safe mode with Networking. I don't know which is your Windows OS, so chech these links:http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=truehttp://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode Link to post Share on other sites More sharing options...
tjotto1 Posted January 6, 2013 Author ID:631059 Share Posted January 6, 2013 Maniac,Thanks for the assistance, my name is Troy. I was unaware of the customer support available, so will keep that in mind if I cannot solve this fairly quickly. For the moment I would like to continue to utilize your expertise if possible.The following are the DDS results run in Safe Mode with Networking as requested. I apologized that I failed to mention the OS, but I have Win7 Pro64.DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORKInternet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1Run by Troy at 8:30:16 on 2013-01-06Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.3456 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dlluRun: [AdobeBridge] <no file>mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exemRun: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTaskmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimizedmRun: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /automRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe"StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONI~1.LNK - C:\Windows\System32\rundll32.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{1BD64BFE-CD2E-4922-B3F6-86E5F501D48B} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1SSODL: WebCheck - <orphaned>x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2012-9-23 15224]R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\System32\drivers\niede.sys [2010-6-15 38064]S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984]S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-4-8 82568]S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-4-8 54424]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 398184]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 682344]S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336]S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-6-19 233664]S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224]S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-6-10 121032]S2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-7-13 11928]S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2011-6-19 12968]S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-16 65657]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408]S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2012-9-23 318840]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-11-7 16776]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-11-7 9096]S3 lvalarmk;lvalarmk;C:\Windows\System32\drivers\lvalarmk.sys [2008-12-5 25224]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-26 24176]S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2011-4-8 30800]S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2011-4-8 11856]S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2011-4-8 26704]S3 ni488lock;NI-488.2 Locking Service;C:\Windows\System32\drivers\ni488lock.sys [2010-7-27 18568]S3 nicdrk;nicdrk;C:\Windows\System32\drivers\nicdrkl.sys [2010-8-12 11864]S3 nicmrk;nicmrk;C:\Windows\System32\drivers\nicmrkl.sys [2011-4-1 12976]S3 nicondrk;nicondrk;C:\Windows\System32\drivers\nicondrkl.sys [2011-4-1 12936]S3 nicsrk;nicsrk;C:\Windows\System32\drivers\nicsrkl.sys [2011-4-1 12944]S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944]S3 nidmxfk;nidmxfk;C:\Windows\System32\drivers\nidmxfkl.sys [2011-3-22 12944]S3 nidsark;nidsark;C:\Windows\System32\drivers\nidsarkl.sys [2011-3-23 12952]S3 niemrk;niemrk;C:\Windows\System32\drivers\niemrkl.sys [2011-3-23 12944]S3 niesrk;niesrk;C:\Windows\System32\drivers\niesrkl.sys [2011-3-23 12944]S3 nifslk;nifslk;C:\Windows\System32\drivers\nifslkl.sys [2011-6-15 12960]S3 nimru2k;nimru2k;C:\Windows\System32\drivers\nimru2kl.sys [2009-8-24 11872]S3 nimsdrk;nimsdrk;C:\Windows\System32\drivers\nimsdrkl.sys [2011-3-23 13000]S3 nimstsk;nimstsk;C:\Windows\System32\drivers\nimstskl.sys [2011-3-22 12968]S3 nimxpk;nimxpk;C:\Windows\System32\drivers\nimxpkl.sys [2011-3-22 12976]S3 ninshsdk;ninshsdk;C:\Windows\System32\drivers\ninshsdkl.sys [2010-7-14 12968]S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2011-2-14 12992]S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2011-2-14 12992]S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680]S3 niraptrk;niraptrk;C:\Windows\System32\drivers\niraptrkl.sys [2011-4-1 12936]S3 niscdk;niscdk;C:\Windows\System32\drivers\niscdkl.sys [2010-7-12 12984]S3 nisdigk;nisdigk;C:\Windows\System32\drivers\nisdigkl.sys [2010-10-1 12960]S3 nisftk;nisftk;C:\Windows\System32\drivers\nisftkl.sys [2010-7-14 12952]S3 nispdk;nispdk;C:\Windows\System32\drivers\nispdkl.sys [2010-7-12 12984]S3 nissrk;nissrk;C:\Windows\System32\drivers\nissrkl.sys [2011-3-23 12944]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]S3 nistc2k;nistc2k;C:\Windows\System32\drivers\nistc2kl.sys [2009-1-5 11824]S3 nistc3rk;nistc3rk;C:\Windows\System32\drivers\nistc3rkl.sys [2011-3-23 12936]S3 nistcrk;nistcrk;C:\Windows\System32\drivers\nistcrkl.sys [2009-8-31 11872]S3 niswdk;niswdk;C:\Windows\System32\drivers\niswdkl.sys [2011-3-23 12936]S3 nitiork;nitiork;C:\Windows\System32\drivers\nitiorkl.sys [2011-3-23 12968]S3 niufurk;niufurk;C:\Windows\System32\drivers\niufurkl.sys [2011-3-23 12968]S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2011-6-19 12968]S3 niwfrk;niwfrk;C:\Windows\System32\drivers\niwfrkl.sys [2011-3-23 12944]S3 nixsrk;nixsrk;C:\Windows\System32\drivers\nixsrkl.sys [2011-3-23 12944]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256].=============== Created Last 30 ================.2013-01-06 05:32:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2013-01-06 05:05:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EA08F8-22BC-4915-83EE-E14E2D1A3771}\mpengine.dll2013-01-06 04:02:43 -------- d-----w- C:\Windows\pss2013-01-06 03:25:48 -------- d-----w- C:\Users\Troy\AppData\Local\ElevatedDiagnostics2013-01-06 02:30:25 104176 ----a-w- C:\ProgramData\ifgxpers.exe2013-01-05 02:48:34 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-12-22 14:19:58 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-22 14:19:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-22 14:19:57 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-22 14:19:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-12 13:25:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe.==================== Find3M ====================.2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-12 13:24:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-12-12 13:24:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-11-02 22:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll2012-11-02 22:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll2012-11-02 22:38:36 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys2012-11-02 22:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll2012-11-02 22:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll2012-11-02 22:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys2012-11-02 22:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll2012-11-02 22:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll2012-11-02 04:52:50 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll2012-10-11 04:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll2012-10-11 04:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll2012-10-11 04:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll2012-10-11 04:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll2012-10-11 04:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll2012-10-11 04:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll2012-10-11 04:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys2012-10-11 04:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll.============= FINISH: 8:30:25.14 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/26/2011 8:51:41 PMSystem Uptime: 1/6/2013 8:29:21 AM (0 hours ago).Motherboard: Dell Inc. | | 0CT017Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 223 GiB total, 157.137 GiB free.F: is CDROM ()Z: is NetworkDisk (NTFS) - 914 GiB total, 675.742 GiB free..==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer:Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: NIPALKDevice ID: ROOT\LEGACY_NIPALK\0000Manufacturer:Name: NIPALKPNP Device ID: ROOT\LEGACY_NIPALK\0000Service: NIPALK.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Download AssistantAdobe Flash Player 11 ActiveXAdobe Photoshop CS6Adobe Reader X (10.1.4)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourCanon iP4700 series Printer DriverDisplayLink Core SoftwareEASEUS Partition Master 9.1.0 Home EditionGarmin Communicator PluginGarmin Communicator Plugin x64Garmin Lifetime UpdaterGarmin USB DriversGoogle ChromeHP Tuners VCM Suite 2.22ISO to USBiTunesIVI Shared Component 64-bitIVI Shared Components 2.2.1Java Auto UpdaterJava 6 Update 29Java 7 Update 5JavaFX 2.1.1KENWOOD Music Editor LightKneson YottaPrint [Enhanced]Malwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Standard 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Motorola Device ManagerMotorola Device Software UpdateMotorola Mobile Drivers Installation 5.9.0MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)National Instruments SoftwareNI-488.2 2.8.1NI-488.2 for Windows x64 version 2.8.1NI-488.2 Provider for MAX version 2.8.1NI-653x Installer 1.9.4NI-653x Installer for 64 Bit Windows 1.9.4NI-APAL 2.1 64-Bit Error FilesNI-APAL 2.1 Error FilesNI-APAL 2.1 Error Files for LabVIEW RTNI-DAQ C and VB6 API 2.3.0NI-DAQ Document Set 9.3.5NI-DAQ INF Files 19.3.5NI-DAQmx 9.3.5NI-DAQmx ADE Support 9.3.5NI-DAQmx Documentation 9.3.5NI-DAQmx Documentation for 64 bit Windows 9.3.5NI-DAQmx MAX Configuration Support 9.3.5NI-DAQmx MAX Support 64-bit 2.2.0NI-DAQmx support for LabVIEW 2.1.0NI-DAQmx Switch Core 2.2.0NI-DAQmx Switch Core for 64 Bit Windows 2.2.0NI-DAQmx/LabVIEW shared documentation 1.9.5NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5NI-DIM 1.11.0f0NI-DIM 1.11.0f0 for 64 Bit WindowsNI-MDBG 1.10.0f0NI-MDBG 1.10.0f0 for 64 Bit WindowsNI-MRU 2.11.1f0NI-MRU 2.11.1f0 for 64 Bit WindowsNI-MX Expert Framework 2.8.0NI-MX Expert Framework for 64 Bit Windows 2.8.0NI-MXDF 1.11.5f1NI-MXDF 1.11.5f1 for 64 Bit WindowsNI-MXLC Core (32-bit)NI-MXLC Core (64-bit)NI-MXLC LabVIEW 2009 SupportNI-MXLC LabVIEW 2010 SupportNI-MXLC LabVIEW 2011 SupportNI-MXLC LabVIEW 8.6 SupportNI-ORB 1.9.3f0NI-ORB 1.9.3f0 for 64 Bit WindowsNI-PAL 2.6.5f0NI-PAL 2.6.5f0 for 64 Bit WindowsNI-RPC 4.2.0f0 for Phar Lap ETSNI-RPC 4.2.2f0NI-RPC 4.2.2f0 for 64 Bit WindowsNI-RPC 4.2.2f0 for Phar Lap ETSNI-VISA 5.1.0NI-VISA 5.1.0 64-bit SupportNI-VISA 5.1.0 MAX ProviderNI-VISA 5.1.0 Provider 64-bit SupportNI-VISA Runtime 5.1.0NI-VISA Server 5.1.0NI-VISA x64 support 5.1.0NI .NET Framework 3.5 SP1NI Advanced Signal Processing Toolkit Old RT CompatibilityNI AFW Channel Configuration ToolNI AFW Custom UINI AFW Custom UI AssembliesNI AFW UI AssembliesNI AOP5 DataPlugin 1.8.3NI Assistant FrameworkNI Assistant Framework 64-bitNI Assistant Framework LabVIEW 2011 SupportNI Assistant Framework LabVIEW Code Generator 2011NI Audio DataPlugin 1.1.1NI Authentication 2.0NI Authentication 2.0 (64-bit)NI Calibration Provider for MAX 5.0.0NI Calibration Provider Help for 64 Bit WindowsNI Certificates Deployment SupportNI CodeSignAPINI Common Digital 1.13.0NI Common Digital for 64 Bit Windows 1.13.0NI Curl 1.1NI Curl 1.1 (64-bit)NI DAQ Assistant 2.0.0NI DAQ Assistant 64-bit 2.0.0NI DataFinder Client 3.0NI DataFinder Desktop 3.0NI DataSocket 4.9NI DataSocket 4.9 (64-bit)NI DIAdem 2011NI DIAdem 2011 (Core)NI DIAdem 2011 Documentation (TDM)NI Distributed System Manager 2011NI DN 2.0 SP1 installerNI DN 2.0 x64 SP1 installerNI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0NI Dynamic Signal Acquisition Installer 2.2.0NI Error Reporting 2011NI Ethernet Device EnumeratorNI Ethernet Device Enumerator 64-BitNI EulaDepotNI Example Finder 11.0NI FSL Installer 1.13.0NI FSL Installer for 64-Bit Windows 1.13.0NI GMP Windows 32-bit Installer 11.0.0NI GMP Windows 64-bit Installer 11.0.0NI Help AssistantNI Help Assistant (64bit)NI I/O Trace API LV2011NI Instrument I/O AssistantNI Instrument IO Assistant for LabVIEW 2011 32-bitNI IO Trace 3.0.0NI IVI Class Driver LabVIEW 2011 SupportNI IVI Class DriversNI IVI Class Drivers (64-bit)NI IVI Class Simulation DriversNI IVI Class Simulation Drivers (64-bit)NI IVI Compliance Package 4.4NI IVI Compliance Package 4.4 (64-bit)NI IVI EngineNI IVI Engine (64-bit)NI IVI Online HelpNI IVI Provider for MAXNI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time EngineNI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine 64BitNI LabVIEW 2009 SP1 Run-Time Engine Web ServicesNI LabVIEW 2010 Real-Time NBFifoNI LabVIEW 2011NI LabVIEW 2011 Advanced Signal Processing ToolkitNI LabVIEW 2011 Advanced Signal Processing Toolkit LicenseNI LabVIEW 2011 Advanced Signal Processing Toolkit RT SupportNI LabVIEW 2011 Database Connectivity ToolkitNI LabVIEW 2011 Database Connectivity Toolkit LicenseNI LabVIEW 2011 Deployable LicenseNI LabVIEW 2011 Deployment FrameworkNI LabVIEW 2011 Digital Filter Design ToolkitNI LabVIEW 2011 Digital Filter Design Toolkit LicenseNI LabVIEW 2011 Digital Filter Design Toolkit RT SupportNI LabVIEW 2011 HelpNI LabVIEW 2011 Help FileNI LabVIEW 2011 Internet ToolkitNI LabVIEW 2011 Internet Toolkit LicenseNI LabVIEW 2011 LicenseNI LabVIEW 2011 ManualsNI LabVIEW 2011 MeasAppChm FileNI LabVIEW 2011 PID and Fuzzy Logic ToolkitNI LabVIEW 2011 PID and Fuzzy Logic Toolkit LicenseNI LabVIEW 2011 PID and Fuzzy Logic Toolkit RT SupportNI LabVIEW 2011 Real-Time Error DialogNI LabVIEW 2011 Real-Time NBFifoNI LabVIEW 2011 Report Generation Toolkit for Microsoft OfficeNI LabVIEW 2011 Report Generation Toolkit LicenseNI LabVIEW 2011 Run-Time Engine Non-English Support.NI LabVIEW 2011 SearchNI LabVIEW 2011 SimulationNI LabVIEW 2011 VI Analyzer ToolkitNI LabVIEW 2011 VI Analyzer Toolkit LicenseNI LabVIEW 2011 VIPM HelperNI LabVIEW 2011 Web ServerNI LabVIEW BrokerNI LabVIEW Broker (64 bit)NI LabVIEW C InterfaceNI LabVIEW Compare Utility 11.0.0NI LabVIEW EWB DeviceHandler 2010NI LabVIEW MAX XMLNI LabVIEW Merge Utility 11.0.0NI LabVIEW Real-Time FIFO for RuntimeNI LabVIEW Real-Time NBFifoNI LabVIEW Run-Time Engine 2009 SP1NI LabVIEW Run-Time Engine 2010 SP1NI LabVIEW Run-Time Engine 2011NI LabVIEW Run-Time Engine 8.2.1NI LabVIEW Run-Time Engine 8.6.1NI LabVIEW Run-Time Engine Interop 2009NI LabVIEW Run-Time Engine Interop 2010NI LabVIEW Run-Time Engine Interop 2011NI LabVIEW SignalExpress 2011NI LabVIEW SignalExpress 2011 CoreNI LabVIEW SignalExpress 2011 Core LabVIEW 2011 SupportNI LabVIEW SignalExpress 2011 Core LabVIEW SupportNI LabVIEW SignalExpress 2011 DatatypesNI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 SupportNI LabVIEW SignalExpress 2011 LabVIEW 2011 SupportNI LabVIEW SignalExpress 2011 LabVIEW SupportNI LabVIEW SignalExpress 2011 LicensesNI LabVIEW SignalExpress 2011 StepsNI LabVIEW SignalExpress 2011 ToolsNI LabVIEW Web Server for Run-Time EngineNI LabVIEW Web Services RuntimeNI LabWindows/CVI 2009 Run-Time EngineNI LabWindows/CVI 2009 Run-Time Engine (64-bit)NI LabWindows/CVI 2010 Analysis LibraryNI LabWindows/CVI 2010 Analysis Library (64-bit)NI LabWindows/CVI 2010 Code GeneratorNI LabWindows/CVI 2010 LabVIEW DLL BuilderNI License ManagerNI Logos 5.3.0NI Logos LabVIEW 2011 SupportNI Logos XT SupportNI Logos64 5.3.0NI Logos64 XT SupportNI Math Kernel LibrariesNI Math Kernel Libraries (64-bit)NI MAX Remote Configuration 64-bit Installer 5.0NI MAX Remote Configuration Installer 5.0NI MAX Support for 64 Bit WindowsNI MDF SupportNI mDNS Responder 1.6 for Windows 64-bitNI mDNS Responder 1.6.0NI Measurement & Automation Explorer 5.0.0NI Measurement Studio 8.6 Enterprise RunTime for VS2005NI Measurement Studio Common .NET Assemblies for .NET 2.0NI Measurement Studio Recipe ProcessorNI MetaSuite InstallerNI Microsoft Silverlight WrapperNI MIO Device Drivers 2.6.0NI MIO Device Drivers for 64 Bit Windows 2.6.0NI MXS 5.0.0NI MXS 5.0.0 for 64 Bit WindowsNI Network Browser 5.0.0NI Network Discovery 5.0NI Network Discovery 5.0 for Windows 64-bitNI OPC SupportNI Portable Configuration 5.0.0NI Portable Configuration for 64 Bit Windows 5.0.0NI PXI Hardware 64-bit Support 2.6.2NI PXI Platform Framework 1.3.2NI PXI Platform Framework 1.3.2 64-bitNI PXI Platform Services 2.6.2NI PXI Platform Services 2.6.2 Configuration SupportNI PXI Platform Services 2.6.2 ExpertNI PXI SystemAPI Expert 2.6.2NI PXI SystemAPI Expert 64-bit 2.6.2NI Registration WizardNI Remote Provider for MAX 5.0.0NI Remote PXI Provider for MAX 5.0.0NI RTSI Cable Core Installer 1.0.0NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0NI RTSI PAL Device Library Installer 1.0.0NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0NI RTSI UI Provider 1.0.0NI RTSI UI Provider for 64 Bit Windows 1.0.0NI SCXI 1.15.0NI SCXI for 64 Bit Windows 1.15.0NI Search SharedNI Software Provider for MAX 5.0.0NI Sound and Vibration Frequency Analysis 2010NI Sound and Vibration Frequency Analysis LabVIEW 2011 SupportNI Spy Windows 64 Support 3.0.0NI SSL LabVIEW 2011 SupportNI SSL SupportNI SSL Support (64-bit)NI STC 1.10.0NI STC for 64 Bit Windows 1.10.0NI System API Client for WIF 5.0.0NI System API Web-Servce 32-bit 5.0.0NI System API Windows 32-bit 5.0.0NI System API Windows 64-bit 5.0.0NI System Configuration 5.0.0 LabVIEW SupportNI System Configuration CVI Support 5.0.0NI System Configuration LV2011 Support 5.0.0NI System Configuration Runtime 5.0.0NI System Configuration Runtime 5.0.0 for Windows 64-bitNI System State PublisherNI System State Publisher (64-bit)NI System Web Server 2.0NI System Web Server Base 2.0NI System Web Server Base 2.0 (64-bit)NI TDM Excel Add-In 3.3NI TDM Excel Add-In 3.3 64-bitNI TDMSNI TDMS (64-bit)NI Timing for 64 Bit Windows 2.3.0NI Timing Installer 2.3.0NI Trace EngineNI Trace Engine (64-bit)NI UninstallerNI Update Service 2.0NI USI 1.9.0NI USI 1.9.0 64-BitNI Variable Engine (64-bit)NI Variable Engine 2.5.0NI Variable Engine LabVIEW 2011 SupportNI VC2005MSMs x64NI VC2005MSMs x86NI VC2008MSMs x64NI VC2008MSMs x86NI Web Application Server 2.0NI Web Application Server 2.0 (64-bit)NI Web Interface Framework 2.0NI Web Pipeline 2.0.1NI Web Pipeline 2.0.1 64-bit supportNI Xalan Delay Load 1.10.1NI Xalan Delay Load 1.10.1 64-bitNI Xerces Delay Load 2.7.3NI Xerces Delay Load 2.7.3 64-bitNuonSoft Wallpaper Cycler 3.6NVIDIA 3D Vision Controller Driver 301.42NVIDIA 3D Vision Driver 306.97NVIDIA Control Panel 306.97NVIDIA Graphics Driver 306.97NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.10.8NVIDIA Update ComponentsPDF Settings CS6Reset NI Config 5.0.0Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionTagScanner 5.1.625Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VISA Shared Components 64-BitvLiteWIF Core Dependencies Windows 5.0.0Windows Automated Installation KitWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Media Player Firefox PluginWindows Mobile Device Updater ComponentWinRAR 4.10 (64-bit)ZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.1/6/2013 8:29:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}1/6/2013 8:29:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.1/6/2013 8:29:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.1/6/2013 8:29:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/6/2013 8:29:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/6/2013 8:29:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/6/2013 8:29:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/6/2013 8:29:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter NIPALK nipbcfk nipxibaf nipxibrc spldr Wanarpv61/6/2013 8:25:18 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).1/6/2013 8:25:18 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 9:03:08 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.1/5/2013 8:51:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode1/5/2013 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}1/5/2013 8:43:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:42:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/5/2013 8:41:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT NIPALK nipbcfk nipxibaf nipxibrc nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/5/2013 8:27:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted January 7, 2013 ID:631198 Share Posted January 7, 2013 Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
tjotto1 Posted January 8, 2013 Author ID:631534 Share Posted January 8, 2013 Maniac,The two requested logs follow. ESET found 3 items, but was only able to remove two of them. No options were given to remove the third. I still have the high CPU usage, and am still unable to open Task Manager or a command prompt. Malwarebytes Anti-Malware (PRO) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.07.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Troy :: DESKTOP [administrator]Protection: Enabled1/7/2013 7:00:52 AMmbam-log-2013-01-07 (07-00-52).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 234269Time elapsed: 3 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# version=8# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6844# api_version=3.0.2# EOSSerial=6668d60f27bc084495f8d90640cee5cc# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-01-07 03:19:04# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0# scanned=184425# found=3# cleaned=2# scan_time=3760C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B IC:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B CC:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C Link to post Share on other sites More sharing options...
tjotto1 Posted January 9, 2013 Author ID:631960 Share Posted January 9, 2013 Maniac,Hate to pester, but what's next. Would really like to get to the bottom of this before the weekend.I also found I am unable to open RegEdit. Something is definatley hijacking my system. Link to post Share on other sites More sharing options...
Maniac Posted January 9, 2013 ID:632070 Share Posted January 9, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
tjotto1 Posted January 10, 2013 Author ID:632375 Share Posted January 10, 2013 Maniac,Thanks for the reply. Log info is below. I am now able to access Task Manager etc., and my CPU usage is back to what appears to be near normal. I am getting a bit of sluggishness with the website here, but I have not yet restarted the PC after the ComboFix run, so not sure if that is an issue, or if the website is just a bit slow this evening. Anyway, let me know what's next.ComboFix 13-01-08.01 - Troy 01/09/2013 23:13:39.1.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2903 [GMT -7:00]Running from: c:\users\Troy\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))..2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp2013-01-10 06:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DEE807-F880-4260-A5CB-D0F8C3BDD5ED}\mpengine.dll2013-01-09 05:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-01-07 14:06 . 2013-01-07 14:06 -------- d-----w- c:\program files (x86)\ESET2013-01-06 05:32 . 2013-01-06 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-01-06 03:25 . 2013-01-06 03:25 -------- d-----w- c:\users\Troy\AppData\Local\ElevatedDiagnostics2012-12-22 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-22 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-22 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-22 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-12 13:25 . 2012-10-04 17:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-01-09 02:00 . 2012-05-20 13:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-01-09 02:00 . 2011-10-28 03:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-12-14 23:49 . 2011-10-27 05:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-12 13:28 . 2011-10-28 04:35 67413224 ----a-w- c:\windows\system32\MRT.exe2012-11-28 13:32 . 2012-11-28 13:32 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2285ED3-31C5-4B2C-8A5A-B8F82BC5A505}\gapaengine.dll2012-11-27 02:54 . 2012-11-27 02:54 90112 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe2012-11-27 02:54 . 2012-11-27 02:54 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe2012-11-02 22:38 . 2012-11-02 22:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll2012-11-02 22:38 . 2012-11-02 22:38 828872 ----a-w- c:\windows\system32\msvcr110.dll2012-11-02 22:38 . 2012-11-02 22:38 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys2012-11-02 22:38 . 2012-11-02 22:38 661448 ----a-w- c:\windows\system32\msvcp110.dll2012-11-02 22:38 . 2012-11-02 22:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll2012-11-02 22:38 . 2012-11-02 22:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys2012-11-02 22:38 . 2012-11-02 22:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll2012-11-02 22:38 . 2012-11-02 22:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll2012-11-02 04:52 . 2012-11-02 04:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll2012-10-16 08:38 . 2012-11-28 06:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 08:38 . 2012-11-28 06:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 07:39 . 2012-11-28 06:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"NuonSoft Wallpaper Cycler"="c:\program files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [2009-06-30 4734008]"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]"DataFinder"="c:\program files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" [2011-06-22 2063456]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312].c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4700 series.lnk - c:\windows\system32\rundll32.exe [2009-7-13 45568].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 ALSysIO;ALSysIO;c:\users\Troy\AppData\Local\Temp\ALSysIO64.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-09 30800]R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-09 11856]R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-09 26704]R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-13 11864]R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976]R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936]R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944]R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-23 12944]R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952]R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944]R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944]R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960]R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-23 13000]R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-23 12976]R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968]R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-15 12992]R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-15 12992]R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936]R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 12984]R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952]R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 12984]R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824]R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936]R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872]R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-24 12936]R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968]R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968]R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944]R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-07-30 15224]S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-09 82568]S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-09 54424]S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-07-30 8515544]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-14 11928]S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-06-20 12968]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [2012-07-31 17408]S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-07-30 318840]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-28 18568]S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 38064]S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872]S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-23 12968]S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-06-20 12968]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]..Contents of the 'Scheduled Tasks' folder.2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 02:00].2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000Core.job- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16].2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000UA.job- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*Trusted Zone: hegre-art.com\wwwTCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-01-09 23:19:25ComboFix-quarantined-files.txt 2013-01-10 06:19.Pre-Run: 181,261,676,544 bytes freePost-Run: 182,223,167,488 bytes free.- - End Of File - - 7DCC8BB883CB4719F241249DABF9C112 Link to post Share on other sites More sharing options...
Maniac Posted January 10, 2013 ID:632609 Share Posted January 10, 2013 That's good! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
tjotto1 Posted January 12, 2013 Author ID:633174 Share Posted January 12, 2013 Manic,Another good result. No issues found. Log below.ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# version=8# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6844# api_version=3.0.2# EOSSerial=6668d60f27bc084495f8d90640cee5cc# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-01-07 03:19:04# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0# scanned=184425# found=3# cleaned=2# scan_time=3760C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B IC:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B CC:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C# version=8# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6844# api_version=3.0.2# EOSSerial=6668d60f27bc084495f8d90640cee5cc# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-01-11 06:22:45# local_time=2013-01-10 11:22:45 (-0700, Mountain Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 36412342 109428815 0 0# scanned=186919# found=0# cleaned=0# scan_time=2241 Link to post Share on other sites More sharing options...
Maniac Posted January 12, 2013 ID:633270 Share Posted January 12, 2013 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.Upgrading Java :Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, then click Remove JRE.Run the built-in uninstallers for all copies of java listedClick the Next buttonClick the Next button againClick the Java Manual Download linkA browser window will open with the Java download pageClick the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)Run the installerClose JavaRa Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 1, 2013 ID:642126 Share Posted February 1, 2013 Hello tjotto1.Are you still with us? Do you still need help? Link to post Share on other sites More sharing options...
tjotto1 Posted February 2, 2013 Author ID:642536 Share Posted February 2, 2013 Maurice,Thanks for checking in. All systems are go. Maniac was very kind and helped me remove the problem. I no longer need assistance with this problem. Thanks again. Link to post Share on other sites More sharing options...
Recommended Posts