Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recovered from Virus, now Graphics Driver / Resolution Problem


  • Please log in to reply
38 replies to this topic

#1 Coroney

Coroney

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 January 2012 - 04:57 PM

I recently had some trouble with a virus (it was something in the family of System Check / rouge.fakealert)anyway, I got that taken care of with TDSSKiller and MalwareBytes but something was damaged in the process.

I can't start nview (nvidia's resolution/etc. softwar), it's not in the system tray and the nview properties menu is now gone from the popup when I right click the desktop. My resolution is in 1280X1024 instead of 1920X1080 where it was and I can't set it any higher on the slider. I have tried several times to uninstall and reinstall the latest drivers/nvidia software. But I can't get nview to show up and even going into the directory for it C:\Program Files\NVIDIA Corporation\nview I can't get it to launch. Nothing at all happens when I click any of the exe files in that directory.

My screen is also jerky when scrolling in IE so I'm guess maybe windows xp is just using default drivers?

How can I fix this? My card is a Geforce 9600 GSO 1GB.
OS: Windows XP SP3
Athlon Phenom II X2 550 processor 4(3) GB memory.

Everything was very stable on my system prior to getting that beast of a virus. I wonder if I accidentally deleted something or several things important with TDSSKiller. A system restore to yesterday failed and said there weren't any changes. Go figure.

Any help would be very much appreciated.

Thanks!

Edited by hamluis, 14 January 2012 - 07:58 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:18 AM

Posted 14 January 2012 - 06:15 PM

Hi -
Try these drivers for a change - Uninstall your current drivers and install from the links -
Windows XP Driver 175.16 2008-06-10 37.95 MB exe http://www.siliconguide.com/drivers/download/254/ NVIDIA GeForce 9600 GSO Windows XP Video Card Driver Download
Windows XP 64-bit Driver 175.16 2008-06-10 49.19 MB exe http://www.siliconguide.com/drivers/download/254/ NVIDIA GeForce 9600 GSO Windows XP 64-bit Video Card Driver Download

Thank You -

Edited for link confirm -

Edited by noknojon, 14 January 2012 - 06:16 PM.


#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:18 PM

Posted 14 January 2012 - 06:23 PM

Did you get help in the Malware forum to clean out the infection?

I would first suggest a check with an on-line virus scanner just to be sure there are no more infections.

Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
Click on the big blue button Posted Image
If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
After the download is complete the Computer scan settings window will open, uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
Back on the Eset window, click the Back button and then click on Finish.


If that comes up clean then run the System File Checker which should correct any missing or damaged system files.

Run the system file checker as follows.
Click on Start > Run > Type cmd in the Run box and hit Enter. At the Command Prompt type sfc /scannow (you must include the gap before the /) and hit Enter. Let the process run to completion. You may be asked to insert the XP disc, please do so.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:18 PM

Posted 14 January 2012 - 06:48 PM

I agree with Mark1956 about posting in one of the BC malwaare forums...I don't really believe in the efforts of users who get infected...to overcome such by themselves. The fact that a topic is subsequently initiated re computer problems...sort of substantiates my attitude.

FWIW: The wavy scrolling problem is one that I've experienced :), try uninstalling then reinstalling your video drivers to cure that.

I can move this to the Am I Infected forum, if you want.

Louis

#5 Coroney

Coroney
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 January 2012 - 07:53 PM

Mark, I scanned as per your instructions and the results did come up infected despite MalwareBytes and MSSecEssentials coming up clean... arg.

Here are the results:

C:\Documents and Settings\All Users\Documents\19792079 a variant of Win32/Kryptik.YYD trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan
D:\DomainSites\overallfilesforBlueHost\BlackShade(EDIT1)\header.php PHP/Kryptik.AB trojan
D:\DomainSites\overallfilesforBlueHost\BlackShade(Original)\header.php PHP/Kryptik.AB trojan
D:\DomainSites\THEENDISHERE.ORG\BackupFeb42010\wp-content\themes\BlackShade\header.php PHP/Kryptik.AB trojan


Hamluis, you can go ahead and move the thread if you think it prudent. Although, like I said in my initial post, I did attempt to uninstall and reinstall the drivers and nvidia software. I have a hunch that this problem might still be around even when the scans finally come up clean. But I can open this thread here again if that is the case. Thanks for your help.

#6 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:18 PM

Posted 14 January 2012 - 08:53 PM

I would highly recommend you get this thread moved to the Malware forum, not "Am I infected", you most definately are. Do not use the PC any more than you have to and stay off line until you need to download tools as directed by a Malware Expert.

#7 Coroney

Coroney
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 January 2012 - 09:05 PM

I would highly recommend you get this thread moved to the Malware forum, not "Am I infected", you most definately are. Do not use the PC any more than you have to and stay off line until you need to download tools as directed by a Malware Expert.



Thanks. Mods, can you move this again?

#8 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:10:18 PM

Posted 14 January 2012 - 09:40 PM

You could be waiting a while if your last post is not seen, click on the Report button in the bottom left corner of your post and ask for your thread to be moved to the Malware forum.

Edited by mark1956, 14 January 2012 - 09:42 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 14 January 2012 - 10:02 PM

Moved to Am I INfected.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Coroney

Coroney
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 January 2012 - 10:47 PM

I followed all the instructions. TDSSKiller, again, didn't find anything, nor did MalwareBytes. I'm posting the three logs below:

Result.txt

MiniToolBox by Farbar
Ran by Ian (administrator) on 14-01-2012 at 19:33:24
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Linksys Wireless-G PCI Adapter = Wireless Network Connection 3 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : iw09build

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-24-1D-D7-C8-18



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : hsd1.ca.comcast.net.

Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter

Physical Address. . . . . . . . . : 00-18-F8-28-D2-51

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Saturday, January 14, 2012 11:08:42 AM

Lease Expires . . . . . . . . . . : Sunday, January 15, 2012 11:08:42 AM

DNS request timed out.
timeout was 2 seconds.
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 74.125.224.114, 74.125.224.112, 74.125.224.113, 74.125.224.115
74.125.224.116



Pinging google.com [74.125.224.80] with 32 bytes of data:



Reply from 74.125.224.80: bytes=32 time=17ms TTL=53

Reply from 74.125.224.80: bytes=32 time=17ms TTL=53



Ping statistics for 74.125.224.80:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 17ms, Average = 17ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=19ms TTL=50

Reply from 72.30.2.43: bytes=32 time=21ms TTL=50



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 21ms, Average = 20ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 24 1d d7 c8 18 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x20002 ...00 18 f8 28 d2 51 ...... Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 3 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2011 03:30:49 PM) (Source: Application Error) (User: )
Description: Fault bucket 1990950936.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/29/2011 03:30:44 PM) (Source: Application Error) (User: )
Description: Faulting application moviemk.exe, version 2.1.4028.0, faulting module avisplitter.ax, version 1.0.0.7, fault address 0x00023768.
Processing media-specific event for [moviemk.exe!ws!]

Error: (12/29/2011 03:30:13 PM) (Source: Application Error) (User: )
Description: Faulting application moviemk.exe, version 2.1.4028.0, faulting module avisplitter.ax, version 1.0.0.7, fault address 0x00023768.
Processing media-specific event for [moviemk.exe!ws!]

Error: (12/17/2011 08:14:12 AM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.63, faulting module gcswf32.dll, version 11.1.102.55, fault address 0x001ad021.
Processing media-specific event for [chrome.exe!ws!]

Error: (12/07/2011 10:11:29 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/04/2011 04:20:35 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 1, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/04/2011 04:12:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/04/2011 03:42:24 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/04/2011 03:42:24 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/04/2011 03:39:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


System errors:
=============
Error: (01/14/2012 11:08:41 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 10:36:48 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 10:18:08 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 10:12:01 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 10:02:32 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 09:54:05 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 09:44:56 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 09:28:46 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 09:02:09 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/14/2012 08:56:28 AM) (Source: Service Control Manager) (User: )
Description: The GTNDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/29/2011 03:30:49 PM) (Source: Application Error)(User: )
Description: 1990950936

Error: (12/29/2011 03:30:44 PM) (Source: Application Error)(User: )
Description: moviemk.exe2.1.4028.0avisplitter.ax1.0.0.700023768

Error: (12/29/2011 03:30:13 PM) (Source: Application Error)(User: )
Description: moviemk.exe2.1.4028.0avisplitter.ax1.0.0.700023768

Error: (12/17/2011 08:14:12 AM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.63gcswf32.dll11.1.102.55001ad021

Error: (12/07/2011 10:11:29 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070670patchapplicationam bdd10.3.1781.0mpsigstub.exe3.0.8402.0microsoft security essentialsNILNILNIL

Error: (12/04/2011 04:20:35 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.011unspecifiedunspecifiedNILNILNIL

Error: (12/04/2011 04:12:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/04/2011 03:42:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/04/2011 03:42:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/04/2011 03:39:52 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved


=========================== Installed Programs ============================

7-Zip 4.65
AC3Filter 1.63b (Version: 1.63b)
Acer eDisplay Management (Version: 1.20.011)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Actiontec Gateway
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.5.0 (Version: 9.5.0)
AIM 7
AMD Processor Driver (Version: 1.3.2.0053)
Assassin's Creed (Version: 1.02)
Audacity 1.2.6
Audio Transcoder
Avi2Dvd 0.6.1 (Version: 0.6.1)
Avidemux 2.5 (Version: 2.5.4.6714)
AviSynth 2.5
BitTorrent (Version: 6.3.0)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
CDBurnerXP (Version: 4.3.5.2256)
ClientTools (Version: 17)
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Cool Timer 3.7
CoreAAC Audio Decoder (remove only)
DAEMON Tools Toolbar (Version: 1.1.1.0014)
Download Updater (AOL LLC)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
EasySaver B9.0610.1 (Version: 1.00.0000)
ESET Online Scanner v3
ffdshow [rev 3299] [2010-03-03] (Version: 1.0.0.3299)
FileZilla Client 3.5.2 (Version: 3.5.2)
foobar2000 v0.9.6.9 (Version: 0.9.6.9)
Free M4a to MP3 Converter 6.2
GIMP 2.6.7
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Haali Media Splitter
HandBrake 0.9.5 (Version: 0.9.5)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
InfraRecorder
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
JPG to PDF Converter 1.0 (Version: 1.0)
Killing Floor 2.5
LingoPad 2.6 (Build 360) (Version: 2.6)
Linksys Wireless-G PCI Adapter
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
NASA World Wind 1.4
Notepad++ (Version: 5.9.6.2)
NVIDIA Control Panel 285.58 (Version: 285.58)
NVIDIA Graphics Driver 285.58 (Version: 285.58)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Oblivion (Version: 1.00.0000)
Opera 11.60 (Version: 11.60.1185)
Paint.NET v3.5.5 (Version: 3.55.0)
Parabola Calculator
Picasa 3 (Version: 3.8)
Pivot Software (Version: 8.21.013)
PunkBuster Services (Version: 0.986)
QuickConnect (Version: 4.1)
Qwest QuickAssist Desktop Tools (Version: 23)
Raptr
REA's TESTware for WEST B (Version: 2.1.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver
SDK (Version: 2.05.004)
Sid Meier's Civilization 4 (Version: 1.00.0000)
Sid Meier's Civilization 4 (Version: 1.74)
SpeechRedist (Version: 1.0.0)
StarCraft
StarCraft II (Version: 1.2.2.17811)
Steam (Version: 1.0.0.0)
TEFView 2.65
The Elder Scrolls V: Skyrim
The Witcher (Version: 1.00.0000)
TOPO! 4 (Version: 4.2.0)
Unreal Tournament 2004
VLC media player 1.0.3 (Version: 1.0.3)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Support Tools (Version: 5.1.2600.2180)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.43-9D (Version: 3.43.12)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall (Version: 1.2)

========================= Devices: ================================

Name: NVIDIA GeForce 9600 GSO 512
Description: NVIDIA GeForce 9600 GSO 512
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: nv
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3070.42 MB
Available physical RAM: 1721.86 MB
Total Pagefile: 4956.48 MB
Available Pagefile: 3613.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.46 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:29.29 GB) (Free:8.95 GB) NTFS
3 Drive d: () (Fixed) (Total:203.58 GB) (Free:40.05 GB) NTFS

========================= Users: ========================================

User accounts for \\IW09BUILD

Administrator ASPNET Guest
HelpAssistant Ian SUPPORT_388945a0
UpdatusUser

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031311-01.dmp
C:\WINDOWS\Minidump\Mini060810-01.dmp

**** End of log ****
--------------------------------------------------------------------------------



TDSSKiller

19:36:35.0765 1196 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
19:36:36.0265 1196 ============================================================
19:36:36.0265 1196 Current date / time: 2012/01/14 19:36:36.0265
19:36:36.0265 1196 SystemInfo:
19:36:36.0265 1196
19:36:36.0265 1196 OS Version: 5.1.2600 ServicePack: 3.0
19:36:36.0265 1196 Product type: Workstation
19:36:36.0265 1196 ComputerName: IW09BUILD
19:36:36.0265 1196 UserName: Ian
19:36:36.0265 1196 Windows directory: C:\WINDOWS
19:36:36.0265 1196 System windows directory: C:\WINDOWS
19:36:36.0265 1196 Processor architecture: Intel x86
19:36:36.0265 1196 Number of processors: 2
19:36:36.0265 1196 Page size: 0x1000
19:36:36.0265 1196 Boot type: Normal boot
19:36:36.0265 1196 ============================================================
19:36:38.0500 1196 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
19:36:38.0578 1196 Initialize success
19:36:40.0406 3592 ============================================================
19:36:40.0406 3592 Scan started
19:36:40.0406 3592 Mode: Manual;
19:36:40.0406 3592 ============================================================
19:36:41.0765 3592 Abiosdsk - ok
19:36:41.0781 3592 abp480n5 - ok
19:36:41.0828 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:41.0843 3592 ACPI - ok
19:36:41.0875 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:41.0875 3592 ACPIEC - ok
19:36:41.0875 3592 adpu160m - ok
19:36:41.0906 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:36:41.0921 3592 aec - ok
19:36:41.0953 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:36:41.0953 3592 AFD - ok
19:36:41.0953 3592 Aha154x - ok
19:36:41.0968 3592 aic78u2 - ok
19:36:41.0984 3592 aic78xx - ok
19:36:42.0000 3592 AliIde - ok
19:36:42.0078 3592 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:36:42.0109 3592 Ambfilt - ok
19:36:42.0125 3592 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:36:42.0125 3592 AmdPPM - ok
19:36:42.0140 3592 amsint - ok
19:36:42.0171 3592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:36:42.0171 3592 Arp1394 - ok
19:36:42.0187 3592 asc - ok
19:36:42.0203 3592 asc3350p - ok
19:36:42.0203 3592 asc3550 - ok
19:36:42.0250 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:42.0250 3592 AsyncMac - ok
19:36:42.0265 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:42.0265 3592 atapi - ok
19:36:42.0281 3592 Atdisk - ok
19:36:42.0359 3592 ATICDSDr - ok
19:36:42.0390 3592 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
19:36:42.0406 3592 atksgt - ok
19:36:42.0421 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:42.0437 3592 Atmarpc - ok
19:36:42.0468 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:42.0468 3592 audstub - ok
19:36:42.0484 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:36:42.0484 3592 Beep - ok
19:36:42.0484 3592 catchme - ok
19:36:42.0515 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:42.0515 3592 cbidf2k - ok
19:36:42.0531 3592 cd20xrnt - ok
19:36:42.0546 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:42.0546 3592 Cdaudio - ok
19:36:42.0562 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:42.0562 3592 Cdfs - ok
19:36:42.0593 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:42.0593 3592 Cdrom - ok
19:36:42.0593 3592 Changer - ok
19:36:42.0625 3592 CmdIde - ok
19:36:42.0640 3592 Cpqarray - ok
19:36:42.0656 3592 dac2w2k - ok
19:36:42.0671 3592 dac960nt - ok
19:36:42.0703 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:42.0703 3592 Disk - ok
19:36:42.0734 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:36:42.0750 3592 dmboot - ok
19:36:42.0765 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:36:42.0781 3592 dmio - ok
19:36:42.0796 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:36:42.0796 3592 dmload - ok
19:36:42.0812 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:36:42.0812 3592 DMusic - ok
19:36:42.0828 3592 dpti2o - ok
19:36:42.0859 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:42.0859 3592 drmkaud - ok
19:36:42.0906 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:42.0906 3592 Fastfat - ok
19:36:42.0921 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:42.0921 3592 Fdc - ok
19:36:42.0937 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:36:42.0937 3592 Fips - ok
19:36:42.0953 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:36:42.0953 3592 Flpydisk - ok
19:36:42.0984 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:42.0984 3592 FltMgr - ok
19:36:43.0015 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:43.0015 3592 Fs_Rec - ok
19:36:43.0031 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:43.0031 3592 Ftdisk - ok
19:36:43.0062 3592 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
19:36:43.0875 3592 gdrv - ok
19:36:43.0937 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:43.0937 3592 Gpc - ok
19:36:43.0953 3592 GTNDIS5 - ok
19:36:44.0000 3592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:36:44.0000 3592 HDAudBus - ok
19:36:44.0031 3592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:44.0031 3592 hidusb - ok
19:36:44.0046 3592 hpn - ok
19:36:44.0078 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:44.0078 3592 HTTP - ok
19:36:44.0093 3592 i2omgmt - ok
19:36:44.0109 3592 i2omp - ok
19:36:44.0140 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:44.0140 3592 i8042prt - ok
19:36:44.0156 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:44.0156 3592 Imapi - ok
19:36:44.0171 3592 ini910u - ok
19:36:44.0312 3592 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:36:44.0421 3592 IntcAzAudAddService - ok
19:36:44.0437 3592 IntelIde - ok
19:36:44.0468 3592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:44.0468 3592 Ip6Fw - ok
19:36:44.0500 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:44.0500 3592 IpFilterDriver - ok
19:36:44.0515 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:44.0515 3592 IpInIp - ok
19:36:44.0546 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:44.0546 3592 IpNat - ok
19:36:44.0562 3592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:44.0562 3592 IPSec - ok
19:36:44.0593 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:44.0593 3592 IRENUM - ok
19:36:44.0625 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:44.0625 3592 isapnp - ok
19:36:44.0640 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:44.0640 3592 Kbdclass - ok
19:36:44.0671 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:36:44.0671 3592 kmixer - ok
19:36:44.0703 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:44.0703 3592 KSecDD - ok
19:36:44.0718 3592 lbrtfdc - ok
19:36:44.0750 3592 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
19:36:44.0750 3592 lirsgt - ok
19:36:44.0781 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:44.0781 3592 mnmdd - ok
19:36:44.0812 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:36:44.0812 3592 Modem - ok
19:36:44.0875 3592 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
19:36:44.0906 3592 Monfilt - ok
19:36:44.0921 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:44.0937 3592 Mouclass - ok
19:36:44.0953 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:44.0953 3592 mouhid - ok
19:36:44.0984 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:44.0984 3592 MountMgr - ok
19:36:45.0000 3592 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:36:45.0000 3592 MpFilter - ok
19:36:45.0046 3592 MpKsl44d34177 - ok
19:36:45.0093 3592 MpKsl82cecf1e (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6904248A-A9B0-48AD-8473-08049B330A1D}\MpKsl82cecf1e.sys
19:36:45.0093 3592 MpKsl82cecf1e - ok
19:36:45.0109 3592 MpKslcd5c2d04 - ok
19:36:45.0109 3592 MpKslec70fe96 - ok
19:36:45.0125 3592 mraid35x - ok
19:36:45.0156 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:45.0156 3592 MRxDAV - ok
19:36:45.0187 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:45.0203 3592 MRxSmb - ok
19:36:45.0218 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:36:45.0218 3592 Msfs - ok
19:36:45.0250 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:45.0250 3592 MSKSSRV - ok
19:36:45.0281 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:45.0281 3592 MSPCLOCK - ok
19:36:45.0281 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:45.0281 3592 MSPQM - ok
19:36:45.0296 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:45.0296 3592 mssmbios - ok
19:36:45.0328 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:36:45.0328 3592 Mup - ok
19:36:45.0359 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:36:45.0359 3592 NDIS - ok
19:36:45.0390 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:45.0390 3592 NdisTapi - ok
19:36:45.0406 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:45.0406 3592 Ndisuio - ok
19:36:45.0421 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:45.0421 3592 NdisWan - ok
19:36:45.0453 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:45.0453 3592 NDProxy - ok
19:36:45.0468 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:45.0468 3592 NetBIOS - ok
19:36:45.0484 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:45.0484 3592 NetBT - ok
19:36:45.0515 3592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:36:45.0515 3592 NIC1394 - ok
19:36:45.0546 3592 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:36:45.0546 3592 nm - ok
19:36:45.0562 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:36:45.0578 3592 Npfs - ok
19:36:45.0578 3592 ntcdrdrv - ok
19:36:45.0609 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:45.0625 3592 Ntfs - ok
19:36:45.0656 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:36:45.0656 3592 Null - ok
19:36:45.0937 3592 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:36:46.0218 3592 nv - ok
19:36:46.0265 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:46.0265 3592 NwlnkFlt - ok
19:36:46.0265 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:46.0265 3592 NwlnkFwd - ok
19:36:46.0296 3592 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:36:46.0296 3592 NwlnkIpx - ok
19:36:46.0312 3592 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:36:46.0312 3592 NwlnkNb - ok
19:36:46.0328 3592 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:36:46.0328 3592 NwlnkSpx - ok
19:36:46.0343 3592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:36:46.0343 3592 ohci1394 - ok
19:36:46.0359 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:46.0359 3592 Parport - ok
19:36:46.0375 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:46.0375 3592 PartMgr - ok
19:36:46.0390 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:46.0390 3592 ParVdm - ok
19:36:46.0406 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:46.0406 3592 PCI - ok
19:36:46.0421 3592 PCIDump - ok
19:36:46.0453 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:46.0453 3592 PCIIde - ok
19:36:46.0484 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:46.0484 3592 Pcmcia - ok
19:36:46.0484 3592 PDCOMP - ok
19:36:46.0500 3592 PDFRAME - ok
19:36:46.0531 3592 PdiPorts (5abf7be682488903a0268ed83e10c88b) C:\WINDOWS\system32\Drivers\PdiPorts.sys
19:36:46.0531 3592 PdiPorts - ok
19:36:46.0546 3592 PDRELI - ok
19:36:46.0562 3592 PDRFRAME - ok
19:36:46.0578 3592 perc2 - ok
19:36:46.0593 3592 perc2hib - ok
19:36:46.0640 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:46.0640 3592 PptpMiniport - ok
19:36:46.0656 3592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:36:46.0656 3592 Processor - ok
19:36:46.0671 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:46.0671 3592 PSched - ok
19:36:46.0687 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:46.0687 3592 Ptilink - ok
19:36:46.0703 3592 ql1080 - ok
19:36:46.0703 3592 Ql10wnt - ok
19:36:46.0718 3592 ql12160 - ok
19:36:46.0734 3592 ql1240 - ok
19:36:46.0750 3592 ql1280 - ok
19:36:46.0765 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:46.0765 3592 RasAcd - ok
19:36:46.0781 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:46.0781 3592 Rasl2tp - ok
19:36:46.0812 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:46.0812 3592 RasPppoe - ok
19:36:46.0812 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:46.0812 3592 Raspti - ok
19:36:46.0843 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:46.0843 3592 Rdbss - ok
19:36:46.0859 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:46.0859 3592 RDPCDD - ok
19:36:46.0906 3592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:46.0906 3592 RDPWD - ok
19:36:46.0921 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:46.0921 3592 redbook - ok
19:36:46.0968 3592 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
19:36:46.0968 3592 RT61 - ok
19:36:47.0000 3592 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:36:47.0000 3592 RTLE8023xp - ok
19:36:47.0031 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:47.0031 3592 Secdrv - ok
19:36:47.0062 3592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:47.0062 3592 serenum - ok
19:36:47.0078 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:47.0078 3592 Serial - ok
19:36:47.0109 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:47.0109 3592 Sfloppy - ok
19:36:47.0125 3592 Simbad - ok
19:36:47.0140 3592 Sparrow - ok
19:36:47.0171 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:36:47.0171 3592 splitter - ok
19:36:47.0218 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:47.0218 3592 sr - ok
19:36:47.0250 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:47.0250 3592 Srv - ok
19:36:47.0296 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:47.0296 3592 swenum - ok
19:36:47.0328 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:36:47.0328 3592 swmidi - ok
19:36:47.0343 3592 symc810 - ok
19:36:47.0359 3592 symc8xx - ok
19:36:47.0375 3592 sym_hi - ok
19:36:47.0375 3592 sym_u3 - ok
19:36:47.0390 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:47.0390 3592 sysaudio - ok
19:36:47.0437 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:47.0453 3592 Tcpip - ok
19:36:47.0484 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:47.0484 3592 TDPIPE - ok
19:36:47.0500 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:47.0500 3592 TDTCP - ok
19:36:47.0515 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:47.0515 3592 TermDD - ok
19:36:47.0546 3592 TosIde - ok
19:36:47.0578 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:36:47.0578 3592 Udfs - ok
19:36:47.0593 3592 ultra - ok
19:36:47.0609 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:36:47.0625 3592 Update - ok
19:36:47.0640 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:47.0640 3592 usbehci - ok
19:36:47.0671 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:47.0671 3592 usbhub - ok
19:36:47.0687 3592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:36:47.0687 3592 usbohci - ok
19:36:47.0718 3592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:47.0718 3592 usbprint - ok
19:36:47.0750 3592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:47.0750 3592 USBSTOR - ok
19:36:47.0765 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:36:47.0765 3592 VgaSave - ok
19:36:47.0781 3592 ViaIde - ok
19:36:47.0796 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:47.0796 3592 VolSnap - ok
19:36:47.0828 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:47.0828 3592 Wanarp - ok
19:36:47.0843 3592 WDICA - ok
19:36:47.0875 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:47.0875 3592 wdmaud - ok
19:36:47.0906 3592 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:36:47.0906 3592 WmiAcpi - ok
19:36:47.0953 3592 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:36:47.0968 3592 WpdUsb - ok
19:36:47.0984 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:47.0984 3592 WudfPf - ok
19:36:48.0015 3592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:48.0015 3592 WudfRd - ok
19:36:48.0046 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:36:48.0171 3592 \Device\Harddisk0\DR0 - ok
19:36:48.0171 3592 Boot (0x1200) (ed9c83fbbb1466ddd37f10d07aad29a2) \Device\Harddisk0\DR0\Partition0
19:36:48.0171 3592 \Device\Harddisk0\DR0\Partition0 - ok
19:36:48.0203 3592 Boot (0x1200) (3fb3f981127f1c3e5b1efa2ec1cf300e) \Device\Harddisk0\DR0\Partition1
19:36:48.0203 3592 \Device\Harddisk0\DR0\Partition1 - ok
19:36:48.0203 3592 ============================================================
19:36:48.0203 3592 Scan finished
19:36:48.0203 3592 ============================================================
19:36:48.0218 3228 Detected object count: 0
19:36:48.0218 3228 Actual detected object count: 0

-------------------------------------------------------

MalwareBytes

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ian :: IW09BUILD [administrator]

1/14/2012 7:39:41 PM
mbam-log-2012-01-14 (19-39-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214011
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 14 January 2012 - 11:19 PM

Run one more scan ,if still no joy do SFC below.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Coroney

Coroney
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 January 2012 - 11:35 PM

I ran this scan on request earlier in this thread and nothing has changed since then. ESET is the only utility that is detecting an infection.

Mark, I scanned as per your instructions and the results did come up infected despite MalwareBytes and MSSecEssentials coming up clean... arg.

Here are the results:

C:\Documents and Settings\All Users\Documents\19792079 a variant of Win32/Kryptik.YYD trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan
D:\DomainSites\overallfilesforBlueHost\BlackShade(EDIT1)\header.php PHP/Kryptik.AB trojan
D:\DomainSites\overallfilesforBlueHost\BlackShade(Original)\header.php PHP/Kryptik.AB trojan
D:\DomainSites\THEENDISHERE.ORG\BackupFeb42010\wp-content\themes\BlackShade\header.php PHP/Kryptik.AB trojan



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 14 January 2012 - 11:46 PM

Hello. did you put a check in the line 7 box?
7.Under scan settings, check and check Remove found threats


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


I have to go but will look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Coroney

Coroney
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 15 January 2012 - 12:47 AM

I re-ran ESET and selected the option to fix the infections. It said it fixed all five. Then I ran TDSSKiller again, and it ran fine but again did not find any infected files.

However I still have the graphics driver problem. Uninstalling and reinstalling the nvidia drivers has no effect. I'm still stuck in a letterboxed low resolution with jerky scrolling.

Edited by Coroney, 15 January 2012 - 12:48 AM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 15 January 2012 - 11:07 AM

I am getting some help.
I moved thos to Internal Hardware as it appears to be a Graphics card issue.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

Edited by boopme, 15 January 2012 - 02:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users