Jump to content

Infected PC?


Recommended Posts

It appears that my PC is infected with something, and I am hoping someone here can help me out. Symptoms are as follows.

High CPU usage with no applications apparently running.

Unable to open (or more appropriately keep open) Task Manager.

Unable to open a DOS prompt (cmd.exe).

I have Malware Bytes Pro, it is updated, and scan finds nothing malicious. However, I am getting an occasional popup about blocked outgoing access to 209.85.229.104. It was actually happening so frequently that Malware Bytes was actually shutting down my internet access. I took the temporary step of blocking the web address in my router and temporarly disabling website blocking in Malware Bytes.

I also have MSE, which is also updated and finds nothing malicious.

I followed the "I'm Infected, what do I do now" sticky and was able to download and run dds.com. However, it does not appear to be creating the dds.txt or the attach.txt files when run.

Thanks in advance for any help.

Troy.

Link to post
Share on other sites

Hello tjotto1! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please try again with DDS in Safe mode with Networking. I don't know which is your Windows OS, so chech these links:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode

Link to post
Share on other sites

Maniac,

Thanks for the assistance, my name is Troy. I was unaware of the customer support available, so will keep that in mind if I cannot solve this fairly quickly. For the moment I would like to continue to utilize your expertise if possible.

The following are the DDS results run in Safe Mode with Networking as requested. I apologized that I failed to mention the OS, but I have Win7 Pro64.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1

Run by Troy at 8:30:16 on 2013-01-06

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.3456 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [AdobeBridge] <no file>

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe

mRun: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [DataFinder] "C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe"

StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONI~1.LNK - C:\Windows\System32\rundll32.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{1BD64BFE-CD2E-4922-B3F6-86E5F501D48B} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2012-9-23 15224]

R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\System32\drivers\niede.sys [2010-6-15 38064]

S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-3-24 16984]

S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-4-8 82568]

S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-4-8 54424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 682344]

S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]

S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336]

S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-3-24 12696]

S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-6-19 233664]

S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224]

S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-6-10 121032]

S2 nipxirmk;nipxirmk;C:\Windows\System32\drivers\nipxirmkl.sys [2010-7-13 11928]

S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2011-6-19 12968]

S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-16 65657]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408]

S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2012-9-23 318840]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-11-7 16776]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-11-7 9096]

S3 lvalarmk;lvalarmk;C:\Windows\System32\drivers\lvalarmk.sys [2008-12-5 25224]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-26 24176]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]

S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\System32\drivers\ni1006k.sys [2011-4-8 30800]

S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\System32\drivers\ni1045kl.sys [2011-4-8 11856]

S3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\System32\drivers\ni1065k.sys [2011-4-8 26704]

S3 ni488lock;NI-488.2 Locking Service;C:\Windows\System32\drivers\ni488lock.sys [2010-7-27 18568]

S3 nicdrk;nicdrk;C:\Windows\System32\drivers\nicdrkl.sys [2010-8-12 11864]

S3 nicmrk;nicmrk;C:\Windows\System32\drivers\nicmrkl.sys [2011-4-1 12976]

S3 nicondrk;nicondrk;C:\Windows\System32\drivers\nicondrkl.sys [2011-4-1 12936]

S3 nicsrk;nicsrk;C:\Windows\System32\drivers\nicsrkl.sys [2011-4-1 12944]

S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2010-6-11 11944]

S3 nidmxfk;nidmxfk;C:\Windows\System32\drivers\nidmxfkl.sys [2011-3-22 12944]

S3 nidsark;nidsark;C:\Windows\System32\drivers\nidsarkl.sys [2011-3-23 12952]

S3 niemrk;niemrk;C:\Windows\System32\drivers\niemrkl.sys [2011-3-23 12944]

S3 niesrk;niesrk;C:\Windows\System32\drivers\niesrkl.sys [2011-3-23 12944]

S3 nifslk;nifslk;C:\Windows\System32\drivers\nifslkl.sys [2011-6-15 12960]

S3 nimru2k;nimru2k;C:\Windows\System32\drivers\nimru2kl.sys [2009-8-24 11872]

S3 nimsdrk;nimsdrk;C:\Windows\System32\drivers\nimsdrkl.sys [2011-3-23 13000]

S3 nimstsk;nimstsk;C:\Windows\System32\drivers\nimstskl.sys [2011-3-22 12968]

S3 nimxpk;nimxpk;C:\Windows\System32\drivers\nimxpkl.sys [2011-3-22 12976]

S3 ninshsdk;ninshsdk;C:\Windows\System32\drivers\ninshsdkl.sys [2010-7-14 12968]

S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2011-2-14 12992]

S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2011-2-14 12992]

S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\System32\drivers\nipxigpk.sys [2010-6-14 22680]

S3 niraptrk;niraptrk;C:\Windows\System32\drivers\niraptrkl.sys [2011-4-1 12936]

S3 niscdk;niscdk;C:\Windows\System32\drivers\niscdkl.sys [2010-7-12 12984]

S3 nisdigk;nisdigk;C:\Windows\System32\drivers\nisdigkl.sys [2010-10-1 12960]

S3 nisftk;nisftk;C:\Windows\System32\drivers\nisftkl.sys [2010-7-14 12952]

S3 nispdk;nispdk;C:\Windows\System32\drivers\nispdkl.sys [2010-7-12 12984]

S3 nissrk;nissrk;C:\Windows\System32\drivers\nissrkl.sys [2011-3-23 12944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 nistc2k;nistc2k;C:\Windows\System32\drivers\nistc2kl.sys [2009-1-5 11824]

S3 nistc3rk;nistc3rk;C:\Windows\System32\drivers\nistc3rkl.sys [2011-3-23 12936]

S3 nistcrk;nistcrk;C:\Windows\System32\drivers\nistcrkl.sys [2009-8-31 11872]

S3 niswdk;niswdk;C:\Windows\System32\drivers\niswdkl.sys [2011-3-23 12936]

S3 nitiork;nitiork;C:\Windows\System32\drivers\nitiorkl.sys [2011-3-23 12968]

S3 niufurk;niufurk;C:\Windows\System32\drivers\niufurkl.sys [2011-3-23 12968]

S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2011-6-19 12968]

S3 niwfrk;niwfrk;C:\Windows\System32\drivers\niwfrkl.sys [2011-3-23 12944]

S3 nixsrk;nixsrk;C:\Windows\System32\drivers\nixsrkl.sys [2011-3-23 12944]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]

S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256]

.

=============== Created Last 30 ================

.

2013-01-06 05:32:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-06 05:05:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00EA08F8-22BC-4915-83EE-E14E2D1A3771}\mpengine.dll

2013-01-06 04:02:43 -------- d-----w- C:\Windows\pss

2013-01-06 03:25:48 -------- d-----w- C:\Users\Troy\AppData\Local\ElevatedDiagnostics

2013-01-06 02:30:25 104176 ----a-w- C:\ProgramData\ifgxpers.exe

2013-01-05 02:48:34 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-22 14:19:58 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 14:19:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 14:19:57 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 14:19:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-12 13:25:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

.

==================== Find3M ====================

.

2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-12 13:24:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 13:24:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 22:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll

2012-11-02 22:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll

2012-11-02 22:38:36 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2012-11-02 22:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll

2012-11-02 22:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll

2012-11-02 22:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys

2012-11-02 22:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll

2012-11-02 22:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-02 04:52:50 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-11 04:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-10-11 04:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll

2012-10-11 04:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-10-11 04:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2012-10-11 04:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll

2012-10-11 04:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll

2012-10-11 04:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys

2012-10-11 04:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 8:30:25.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/26/2011 8:51:41 PM

System Uptime: 1/6/2013 8:29:21 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0CT017

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 157.137 GiB free.

F: is CDROM ()

Z: is NetworkDisk (NTFS) - 914 GiB total, 675.742 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: NIPALK

Device ID: ROOT\LEGACY_NIPALK\0000

Manufacturer:

Name: NIPALK

PNP Device ID: ROOT\LEGACY_NIPALK\0000

Service: NIPALK

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS6

Adobe Reader X (10.1.4)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Canon iP4700 series Printer Driver

DisplayLink Core Software

EASEUS Partition Master 9.1.0 Home Edition

Garmin Communicator Plugin

Garmin Communicator Plugin x64

Garmin Lifetime Updater

Garmin USB Drivers

Google Chrome

HP Tuners VCM Suite 2.22

ISO to USB

iTunes

IVI Shared Component 64-bit

IVI Shared Components 2.2.1

Java Auto Updater

Java 6 Update 29

Java 7 Update 5

JavaFX 2.1.1

KENWOOD Music Editor Light

Kneson YottaPrint [Enhanced]

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Motorola Device Manager

Motorola Device Software Update

Motorola Mobile Drivers Installation 5.9.0

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

National Instruments Software

NI-488.2 2.8.1

NI-488.2 for Windows x64 version 2.8.1

NI-488.2 Provider for MAX version 2.8.1

NI-653x Installer 1.9.4

NI-653x Installer for 64 Bit Windows 1.9.4

NI-APAL 2.1 64-Bit Error Files

NI-APAL 2.1 Error Files

NI-APAL 2.1 Error Files for LabVIEW RT

NI-DAQ C and VB6 API 2.3.0

NI-DAQ Document Set 9.3.5

NI-DAQ INF Files 19.3.5

NI-DAQmx 9.3.5

NI-DAQmx ADE Support 9.3.5

NI-DAQmx Documentation 9.3.5

NI-DAQmx Documentation for 64 bit Windows 9.3.5

NI-DAQmx MAX Configuration Support 9.3.5

NI-DAQmx MAX Support 64-bit 2.2.0

NI-DAQmx support for LabVIEW 2.1.0

NI-DAQmx Switch Core 2.2.0

NI-DAQmx Switch Core for 64 Bit Windows 2.2.0

NI-DAQmx/LabVIEW shared documentation 1.9.5

NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5

NI-DIM 1.11.0f0

NI-DIM 1.11.0f0 for 64 Bit Windows

NI-MDBG 1.10.0f0

NI-MDBG 1.10.0f0 for 64 Bit Windows

NI-MRU 2.11.1f0

NI-MRU 2.11.1f0 for 64 Bit Windows

NI-MX Expert Framework 2.8.0

NI-MX Expert Framework for 64 Bit Windows 2.8.0

NI-MXDF 1.11.5f1

NI-MXDF 1.11.5f1 for 64 Bit Windows

NI-MXLC Core (32-bit)

NI-MXLC Core (64-bit)

NI-MXLC LabVIEW 2009 Support

NI-MXLC LabVIEW 2010 Support

NI-MXLC LabVIEW 2011 Support

NI-MXLC LabVIEW 8.6 Support

NI-ORB 1.9.3f0

NI-ORB 1.9.3f0 for 64 Bit Windows

NI-PAL 2.6.5f0

NI-PAL 2.6.5f0 for 64 Bit Windows

NI-RPC 4.2.0f0 for Phar Lap ETS

NI-RPC 4.2.2f0

NI-RPC 4.2.2f0 for 64 Bit Windows

NI-RPC 4.2.2f0 for Phar Lap ETS

NI-VISA 5.1.0

NI-VISA 5.1.0 64-bit Support

NI-VISA 5.1.0 MAX Provider

NI-VISA 5.1.0 Provider 64-bit Support

NI-VISA Runtime 5.1.0

NI-VISA Server 5.1.0

NI-VISA x64 support 5.1.0

NI .NET Framework 3.5 SP1

NI Advanced Signal Processing Toolkit Old RT Compatibility

NI AFW Channel Configuration Tool

NI AFW Custom UI

NI AFW Custom UI Assemblies

NI AFW UI Assemblies

NI AOP5 DataPlugin 1.8.3

NI Assistant Framework

NI Assistant Framework 64-bit

NI Assistant Framework LabVIEW 2011 Support

NI Assistant Framework LabVIEW Code Generator 2011

NI Audio DataPlugin 1.1.1

NI Authentication 2.0

NI Authentication 2.0 (64-bit)

NI Calibration Provider for MAX 5.0.0

NI Calibration Provider Help for 64 Bit Windows

NI Certificates Deployment Support

NI CodeSignAPI

NI Common Digital 1.13.0

NI Common Digital for 64 Bit Windows 1.13.0

NI Curl 1.1

NI Curl 1.1 (64-bit)

NI DAQ Assistant 2.0.0

NI DAQ Assistant 64-bit 2.0.0

NI DataFinder Client 3.0

NI DataFinder Desktop 3.0

NI DataSocket 4.9

NI DataSocket 4.9 (64-bit)

NI DIAdem 2011

NI DIAdem 2011 (Core)

NI DIAdem 2011 Documentation (TDM)

NI Distributed System Manager 2011

NI DN 2.0 SP1 installer

NI DN 2.0 x64 SP1 installer

NI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0

NI Dynamic Signal Acquisition Installer 2.2.0

NI Error Reporting 2011

NI Ethernet Device Enumerator

NI Ethernet Device Enumerator 64-Bit

NI EulaDepot

NI Example Finder 11.0

NI FSL Installer 1.13.0

NI FSL Installer for 64-Bit Windows 1.13.0

NI GMP Windows 32-bit Installer 11.0.0

NI GMP Windows 64-bit Installer 11.0.0

NI Help Assistant

NI Help Assistant (64bit)

NI I/O Trace API LV2011

NI Instrument I/O Assistant

NI Instrument IO Assistant for LabVIEW 2011 32-bit

NI IO Trace 3.0.0

NI IVI Class Driver LabVIEW 2011 Support

NI IVI Class Drivers

NI IVI Class Drivers (64-bit)

NI IVI Class Simulation Drivers

NI IVI Class Simulation Drivers (64-bit)

NI IVI Compliance Package 4.4

NI IVI Compliance Package 4.4 (64-bit)

NI IVI Engine

NI IVI Engine (64-bit)

NI IVI Online Help

NI IVI Provider for MAX

NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine

NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine 64Bit

NI LabVIEW 2009 SP1 Run-Time Engine Web Services

NI LabVIEW 2010 Real-Time NBFifo

NI LabVIEW 2011

NI LabVIEW 2011 Advanced Signal Processing Toolkit

NI LabVIEW 2011 Advanced Signal Processing Toolkit License

NI LabVIEW 2011 Advanced Signal Processing Toolkit RT Support

NI LabVIEW 2011 Database Connectivity Toolkit

NI LabVIEW 2011 Database Connectivity Toolkit License

NI LabVIEW 2011 Deployable License

NI LabVIEW 2011 Deployment Framework

NI LabVIEW 2011 Digital Filter Design Toolkit

NI LabVIEW 2011 Digital Filter Design Toolkit License

NI LabVIEW 2011 Digital Filter Design Toolkit RT Support

NI LabVIEW 2011 Help

NI LabVIEW 2011 Help File

NI LabVIEW 2011 Internet Toolkit

NI LabVIEW 2011 Internet Toolkit License

NI LabVIEW 2011 License

NI LabVIEW 2011 Manuals

NI LabVIEW 2011 MeasAppChm File

NI LabVIEW 2011 PID and Fuzzy Logic Toolkit

NI LabVIEW 2011 PID and Fuzzy Logic Toolkit License

NI LabVIEW 2011 PID and Fuzzy Logic Toolkit RT Support

NI LabVIEW 2011 Real-Time Error Dialog

NI LabVIEW 2011 Real-Time NBFifo

NI LabVIEW 2011 Report Generation Toolkit for Microsoft Office

NI LabVIEW 2011 Report Generation Toolkit License

NI LabVIEW 2011 Run-Time Engine Non-English Support.

NI LabVIEW 2011 Search

NI LabVIEW 2011 Simulation

NI LabVIEW 2011 VI Analyzer Toolkit

NI LabVIEW 2011 VI Analyzer Toolkit License

NI LabVIEW 2011 VIPM Helper

NI LabVIEW 2011 Web Server

NI LabVIEW Broker

NI LabVIEW Broker (64 bit)

NI LabVIEW C Interface

NI LabVIEW Compare Utility 11.0.0

NI LabVIEW EWB DeviceHandler 2010

NI LabVIEW MAX XML

NI LabVIEW Merge Utility 11.0.0

NI LabVIEW Real-Time FIFO for Runtime

NI LabVIEW Real-Time NBFifo

NI LabVIEW Run-Time Engine 2009 SP1

NI LabVIEW Run-Time Engine 2010 SP1

NI LabVIEW Run-Time Engine 2011

NI LabVIEW Run-Time Engine 8.2.1

NI LabVIEW Run-Time Engine 8.6.1

NI LabVIEW Run-Time Engine Interop 2009

NI LabVIEW Run-Time Engine Interop 2010

NI LabVIEW Run-Time Engine Interop 2011

NI LabVIEW SignalExpress 2011

NI LabVIEW SignalExpress 2011 Core

NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support

NI LabVIEW SignalExpress 2011 Core LabVIEW Support

NI LabVIEW SignalExpress 2011 Datatypes

NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support

NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support

NI LabVIEW SignalExpress 2011 LabVIEW Support

NI LabVIEW SignalExpress 2011 Licenses

NI LabVIEW SignalExpress 2011 Steps

NI LabVIEW SignalExpress 2011 Tools

NI LabVIEW Web Server for Run-Time Engine

NI LabVIEW Web Services Runtime

NI LabWindows/CVI 2009 Run-Time Engine

NI LabWindows/CVI 2009 Run-Time Engine (64-bit)

NI LabWindows/CVI 2010 Analysis Library

NI LabWindows/CVI 2010 Analysis Library (64-bit)

NI LabWindows/CVI 2010 Code Generator

NI LabWindows/CVI 2010 LabVIEW DLL Builder

NI License Manager

NI Logos 5.3.0

NI Logos LabVIEW 2011 Support

NI Logos XT Support

NI Logos64 5.3.0

NI Logos64 XT Support

NI Math Kernel Libraries

NI Math Kernel Libraries (64-bit)

NI MAX Remote Configuration 64-bit Installer 5.0

NI MAX Remote Configuration Installer 5.0

NI MAX Support for 64 Bit Windows

NI MDF Support

NI mDNS Responder 1.6 for Windows 64-bit

NI mDNS Responder 1.6.0

NI Measurement & Automation Explorer 5.0.0

NI Measurement Studio 8.6 Enterprise RunTime for VS2005

NI Measurement Studio Common .NET Assemblies for .NET 2.0

NI Measurement Studio Recipe Processor

NI MetaSuite Installer

NI Microsoft Silverlight Wrapper

NI MIO Device Drivers 2.6.0

NI MIO Device Drivers for 64 Bit Windows 2.6.0

NI MXS 5.0.0

NI MXS 5.0.0 for 64 Bit Windows

NI Network Browser 5.0.0

NI Network Discovery 5.0

NI Network Discovery 5.0 for Windows 64-bit

NI OPC Support

NI Portable Configuration 5.0.0

NI Portable Configuration for 64 Bit Windows 5.0.0

NI PXI Hardware 64-bit Support 2.6.2

NI PXI Platform Framework 1.3.2

NI PXI Platform Framework 1.3.2 64-bit

NI PXI Platform Services 2.6.2

NI PXI Platform Services 2.6.2 Configuration Support

NI PXI Platform Services 2.6.2 Expert

NI PXI SystemAPI Expert 2.6.2

NI PXI SystemAPI Expert 64-bit 2.6.2

NI Registration Wizard

NI Remote Provider for MAX 5.0.0

NI Remote PXI Provider for MAX 5.0.0

NI RTSI Cable Core Installer 1.0.0

NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0

NI RTSI PAL Device Library Installer 1.0.0

NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0

NI RTSI UI Provider 1.0.0

NI RTSI UI Provider for 64 Bit Windows 1.0.0

NI SCXI 1.15.0

NI SCXI for 64 Bit Windows 1.15.0

NI Search Shared

NI Software Provider for MAX 5.0.0

NI Sound and Vibration Frequency Analysis 2010

NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support

NI Spy Windows 64 Support 3.0.0

NI SSL LabVIEW 2011 Support

NI SSL Support

NI SSL Support (64-bit)

NI STC 1.10.0

NI STC for 64 Bit Windows 1.10.0

NI System API Client for WIF 5.0.0

NI System API Web-Servce 32-bit 5.0.0

NI System API Windows 32-bit 5.0.0

NI System API Windows 64-bit 5.0.0

NI System Configuration 5.0.0 LabVIEW Support

NI System Configuration CVI Support 5.0.0

NI System Configuration LV2011 Support 5.0.0

NI System Configuration Runtime 5.0.0

NI System Configuration Runtime 5.0.0 for Windows 64-bit

NI System State Publisher

NI System State Publisher (64-bit)

NI System Web Server 2.0

NI System Web Server Base 2.0

NI System Web Server Base 2.0 (64-bit)

NI TDM Excel Add-In 3.3

NI TDM Excel Add-In 3.3 64-bit

NI TDMS

NI TDMS (64-bit)

NI Timing for 64 Bit Windows 2.3.0

NI Timing Installer 2.3.0

NI Trace Engine

NI Trace Engine (64-bit)

NI Uninstaller

NI Update Service 2.0

NI USI 1.9.0

NI USI 1.9.0 64-Bit

NI Variable Engine (64-bit)

NI Variable Engine 2.5.0

NI Variable Engine LabVIEW 2011 Support

NI VC2005MSMs x64

NI VC2005MSMs x86

NI VC2008MSMs x64

NI VC2008MSMs x86

NI Web Application Server 2.0

NI Web Application Server 2.0 (64-bit)

NI Web Interface Framework 2.0

NI Web Pipeline 2.0.1

NI Web Pipeline 2.0.1 64-bit support

NI Xalan Delay Load 1.10.1

NI Xalan Delay Load 1.10.1 64-bit

NI Xerces Delay Load 2.7.3

NI Xerces Delay Load 2.7.3 64-bit

NuonSoft Wallpaper Cycler 3.6

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

PDF Settings CS6

Reset NI Config 5.0.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

TagScanner 5.1.625

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VISA Shared Components 64-Bit

vLite

WIF Core Dependencies Windows 5.0.0

Windows Automated Installation Kit

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Media Player Firefox Plugin

Windows Mobile Device Updater Component

WinRAR 4.10 (64-bit)

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

1/6/2013 8:29:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

1/6/2013 8:29:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/6/2013 8:29:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/6/2013 8:29:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/6/2013 8:29:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/6/2013 8:29:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/6/2013 8:29:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/6/2013 8:29:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter NIPALK nipbcfk nipxibaf nipxibrc spldr Wanarpv6

1/6/2013 8:25:18 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/6/2013 8:25:18 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/5/2013 9:03:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 9:03:08 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/5/2013 8:51:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/5/2013 8:51:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/5/2013 8:43:57 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:42:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/5/2013 8:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/5/2013 8:41:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT NIPALK nipbcfk nipxibaf nipxibrc nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/5/2013 8:41:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/5/2013 8:27:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Maniac,

The two requested logs follow. ESET found 3 items, but was only able to remove two of them. No options were given to remove the third. I still have the high CPU usage, and am still unable to open Task Manager or a command prompt.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Troy :: DESKTOP [administrator]

Protection: Enabled

1/7/2013 7:00:52 AM

mbam-log-2013-01-07 (07-00-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234269

Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=6668d60f27bc084495f8d90640cee5cc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-07 03:19:04

# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0

# scanned=184425

# found=3

# cleaned=2

# scan_time=3760

C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I

C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C

C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Maniac,

Thanks for the reply. Log info is below. I am now able to access Task Manager etc., and my CPU usage is back to what appears to be near normal. I am getting a bit of sluggishness with the website here, but I have not yet restarted the PC after the ComboFix run, so not sure if that is an issue, or if the website is just a bit slow this evening.

Anyway, let me know what's next.

ComboFix 13-01-08.01 - Troy 01/09/2013 23:13:39.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2903 [GMT -7:00]

Running from: c:\users\Troy\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))

.

.

2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-10 06:17 . 2013-01-10 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-10 06:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DEE807-F880-4260-A5CB-D0F8C3BDD5ED}\mpengine.dll

2013-01-09 05:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-07 14:06 . 2013-01-07 14:06 -------- d-----w- c:\program files (x86)\ESET

2013-01-06 05:32 . 2013-01-06 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-06 03:25 . 2013-01-06 03:25 -------- d-----w- c:\users\Troy\AppData\Local\ElevatedDiagnostics

2012-12-22 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 13:25 . 2012-10-04 17:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 02:00 . 2012-05-20 13:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 02:00 . 2011-10-28 03:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:49 . 2011-10-27 05:36 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 13:28 . 2011-10-28 04:35 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-28 13:32 . 2012-11-28 13:32 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2285ED3-31C5-4B2C-8A5A-B8F82BC5A505}\gapaengine.dll

2012-11-27 02:54 . 2012-11-27 02:54 90112 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\ARPPRODUCTICON.exe

2012-11-27 02:54 . 2012-11-27 02:54 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-27 02:54 . 2012-09-22 04:50 45056 ----a-r- c:\users\Troy\AppData\Roaming\Microsoft\Installer\{90932C65-D68E-4257-AEE8-EBBFC36AC601}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2012-11-02 22:38 . 2012-11-02 22:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll

2012-11-02 22:38 . 2012-11-02 22:38 828872 ----a-w- c:\windows\system32\msvcr110.dll

2012-11-02 22:38 . 2012-11-02 22:38 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys

2012-11-02 22:38 . 2012-11-02 22:38 661448 ----a-w- c:\windows\system32\msvcp110.dll

2012-11-02 22:38 . 2012-11-02 22:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll

2012-11-02 22:38 . 2012-11-02 22:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys

2012-11-02 22:38 . 2012-11-02 22:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll

2012-11-02 22:38 . 2012-11-02 22:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll

2012-11-02 04:52 . 2012-11-02 04:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll

2012-10-16 08:38 . 2012-11-28 06:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 06:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 06:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"NuonSoft Wallpaper Cycler"="c:\program files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler.exe" [2009-06-30 4734008]

"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]

"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]

"DataFinder"="c:\program files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" [2011-06-22 2063456]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

.

c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Canon IJ Status Monitor Canon iP4700 series.lnk - c:\windows\system32\rundll32.exe [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ALSysIO;ALSysIO;c:\users\Troy\AppData\Local\Temp\ALSysIO64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]

R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-09 30800]

R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-09 11856]

R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-09 26704]

R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-13 11864]

R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976]

R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936]

R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944]

R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-23 12944]

R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952]

R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944]

R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944]

R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960]

R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-23 13000]

R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-23 12976]

R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968]

R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-15 12992]

R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-15 12992]

R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]

R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936]

R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 12984]

R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952]

R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 12984]

R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824]

R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936]

R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872]

R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-24 12936]

R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968]

R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968]

R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944]

R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]

R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-07-30 15224]

S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]

S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-09 82568]

S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-09 54424]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-07-30 8515544]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]

S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]

S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]

S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]

S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]

S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]

S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-14 11928]

S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-06-20 12968]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [2012-07-31 17408]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-07-30 318840]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-28 18568]

S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]

S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 38064]

S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872]

S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-23 12968]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-06-20 12968]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 02:00]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000Core.job

- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2049884335-3466195934-1226973689-1000UA.job

- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 16:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]

"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

Trusted Zone: hegre-art.com\www

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-09 23:19:25

ComboFix-quarantined-files.txt 2013-01-10 06:19

.

Pre-Run: 181,261,676,544 bytes free

Post-Run: 182,223,167,488 bytes free

.

- - End Of File - - 7DCC8BB883CB4719F241249DABF9C112

Link to post
Share on other sites

That's good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Manic,

Another good result. No issues found. Log below.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=6668d60f27bc084495f8d90640cee5cc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-07 03:19:04

# local_time=2013-01-07 08:19:04 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 36098921 109115394 0 0

# scanned=184425

# found=3

# cleaned=2

# scan_time=3760

C:\Users\All Users\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (unable to clean) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B I

C:\ProgramData\ifgxpers.exe a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C

C:\Users\Troy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5cacd98a-3101c3fc a variant of Win32/Kryptik.ARPJ trojan (cleaned by deleting - quarantined) 5F038576DC49FD8A7244F2F7B76DAF73A5B2628B C

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=6668d60f27bc084495f8d90640cee5cc

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-11 06:22:45

# local_time=2013-01-10 11:22:45 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 36412342 109428815 0 0

# scanned=186919

# found=0

# cleaned=0

# scan_time=2241

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.