Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

damaged from infection or still infected?


  • Please log in to reply
5 replies to this topic

#1 enigma52

enigma52

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 28 February 2012 - 05:17 PM

computer info:
win xp pro sp3
amd athlon 64 processor 3700+
asus mainboard
3 gb ram
nvidia geforce 7600 gs graphics
avg internet security 2012
firefox 10
no script
ghostery
better privacy
everything set up for automatic updates
running secunia psi

yesterday i started getting a pop up titled "avgdiagex"
it stated "an unspecified error occurred in avg. would you like to send diagnostic data..."
i clicked yes. this occurred several times and i clicked "yes" each time to send the info.
i logged out and logged into an administrator account and ran malwarebytes. it found and quarantined two trojan files (trojan.inject, i think.i can't find any traces of it today, even in malwarebytes quarantine). i then went to security center; it showed that everything was ok so i opened the firewall and it was turned off so i turned it back on. at this point, i was still getting the "avgdiagex" pop ups every few minutes. i went to the avg web site and downloaded and ran a repair to the software. after that, the pop ups stopped so i thought it was fixed. this morning i started the computer and went to security center and checked the firewall and it was off again (i turned it back on). also some files may have been corrupted or deleted.
i only use this computer for email, surfing, and educational studies. i depend on wot to warn me of disreputable sites and no script to protect me from malicious scripts. i am at a loss as to where this came from.
can you help me get this fixed? i don't know what to trust or how to protect myself any more than i have by using av software, browser security add-ons, keeping updates current, and using safe browsing habits.
any suggestions and advice would be greatly appreciated. thanks.

Edited by hamluis, 28 February 2012 - 06:17 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 PM

Posted 28 February 2012 - 09:25 PM

Hello. You did update to the latest AVG and scan?

Can you post the MBAM log that showed it?
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

I would like to see 3 more logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 enigma52

enigma52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 29 February 2012 - 02:57 AM

thanks for the quick reply.
i have always had my antivirus to auto update but because of the recurring error popping up, i downloaded it online and ran a repair install. will run a full scan when i'm finished here.
here are the results of the scans you wanted:

mbam-
2/27/2012 10:59:22
mbam-log-2012-02-27 (10-59-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255512
Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Lexmark 5000 Series\app4r.gui.applist.dll (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Program Files\Lexmark 5000 Series\app4r.gui.converttopdfscreen.dll (Trojan.Inject) -> Quarantined and deleted successfully.

(end)
minitoolbox-
MiniToolBox by Farbar Version: 18-01-2012
Ran by Charles (administrator) on 29-02-2012 at 00:26:20
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : fields

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-F7-6E-EF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 74.193.85.217

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 74.193.85.1

DHCP Server . . . . . . . . . . . : 172.24.120.18

DNS Servers . . . . . . . . . . . : 208.180.42.68

208.180.42.100

Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 00:16:34

Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 00:59:04

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: google.com
Addresses: 74.125.227.105, 74.125.227.110, 74.125.227.96, 74.125.227.97
74.125.227.98, 74.125.227.99, 74.125.227.100, 74.125.227.101, 74.125.227.102
74.125.227.103, 74.125.227.104



Pinging google.com [74.125.227.69] with 32 bytes of data:



Reply from 74.125.227.69: bytes=32 time=48ms TTL=51

Reply from 74.125.227.69: bytes=32 time=46ms TTL=51



Ping statistics for 74.125.227.69:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 48ms, Average = 47ms

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: yahoo.com
Addresses: 98.139.127.62, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=56ms TTL=50

Reply from 98.139.183.24: bytes=32 time=57ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 57ms, Average = 56ms

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 f7 6e ef ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 74.193.85.1 74.193.85.217 20
74.193.85.0 255.255.255.0 74.193.85.217 74.193.85.217 20
74.193.85.217 255.255.255.255 127.0.0.1 127.0.0.1 20
74.255.255.255 255.255.255.255 74.193.85.217 74.193.85.217 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 74.193.85.217 74.193.85.217 20
255.255.255.255 255.255.255.255 74.193.85.217 74.193.85.217 1
Default Gateway: 74.193.85.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2012 06:20:04 PM) (Source: MsiInstaller) (User: enigma)enigma
Description: Product: Adobe AIR -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.

Error: (01/07/2012 06:19:56 PM) (Source: iNOSSO®) (User: )
Description: Adobe Reader 9.4.0
(C:\Documents and Settings\enigma\Local Settings\Temp\AdbeRdr940_en_US.exe)
The operation was canceled by the user.

File: C:\Documents and Settings\enigma\Local Settings\Application Data\Adobe\Reader 9.4\Setup Files\setup.exe

Error: (12/11/2011 09:21:28 PM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: Off

Mode: Append

Type: Normal


Consult the backup report for more details.

Error: (12/09/2011 07:39:32 AM) (Source: .NET Runtime) (User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000

Error: (12/09/2011 05:21:28 AM) (Source: Application Error) (User: )
Description: Fault bucket 00504417.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/09/2011 05:21:24 AM) (Source: Application Error) (User: )
Description: Faulting application setupstb.exe, version 6.31.258.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000501b6.
Processing media-specific event for [setupstb.exe!ws!]

Error: (12/09/2011 05:21:22 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file D:\setupstb.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program setupstb.exe because of this error.

Program: setupstb.exe
File: D:\setupstb.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000240
Disk type: 5

Error: (12/09/2011 04:55:45 AM) (Source: Application Error) (User: )
Description: Fault bucket 00504417.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/09/2011 04:54:14 AM) (Source: Application Error) (User: )
Description: Faulting application InstGui.exe, version 10.5.0.0, faulting module InstGui.exe, version 10.5.0.0, fault address 0x0010bbb4.
Processing media-specific event for [InstGui.exe!ws!]

Error: (12/09/2011 04:54:11 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file D:\Install\X86\InstGui.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program InstGui.exe because of this error.

Program: InstGui.exe
File: D:\Install\X86\InstGui.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000240
Disk type: 5


System errors:
=============
Error: (02/27/2012 00:26:20 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/27/2012 00:24:51 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (02/27/2012 11:44:33 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (02/27/2012 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgldx86
Avgmfx86
Avgtdix
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Error: (02/27/2012 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (02/27/2012 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (02/27/2012 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (02/27/2012 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (02/27/2012 11:44:13 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/11/2012 11:42:28 PM) (Source: Print) (User: enigma)
Description: The document Texas Rangers - Printable Schedule - MLB - Yahoo! Sports owned by enigma failed to print on printer Lexmark 5000 Series (Copy 1). Data type: LEMF. Size of the spool file in bytes: 14133636. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \\FIELDS. Win32 error code returned by the print processor: Texas Rangers - Printable Schedule - MLB - Yahoo! Sports0. Texas Rangers - Printable Schedule - MLB - Yahoo! Sports1


Microsoft Office Sessions:
=========================
Error: (01/07/2012 06:20:04 PM) (Source: MsiInstaller)(User: enigma)enigma
Description: Product: Adobe AIR -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)

Error: (01/07/2012 06:19:56 PM) (Source: iNOSSO®)(User: )
Description: Adobe Reader 9.4.0
(C:\Documents and Settings\enigma\Local Settings\Temp\AdbeRdr940_en_US.exe)
The operation was canceled by the user.

File: C:\Documents and Settings\enigma\Local Settings\Application Data\Adobe\Reader 9.4\Setup Files\setup.exe

Error: (12/11/2011 09:21:28 PM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OffAppendNormal

Error: (12/09/2011 07:39:32 AM) (Source: .NET Runtime)(User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000

Error: (12/09/2011 05:21:28 AM) (Source: Application Error)(User: )
Description: 00504417

Error: (12/09/2011 05:21:24 AM) (Source: Application Error)(User: )
Description: setupstb.exe6.31.258.0ntdll.dll5.1.2600.6055000501b6

Error: (12/09/2011 05:21:22 AM) (Source: Application Error)(User: )
Description: D:\setupstb.exesetupstb.exeC00002405

Error: (12/09/2011 04:55:45 AM) (Source: Application Error)(User: )
Description: 00504417

Error: (12/09/2011 04:54:14 AM) (Source: Application Error)(User: )
Description: InstGui.exe10.5.0.0InstGui.exe10.5.0.00010bbb4

Error: (12/09/2011 04:54:11 AM) (Source: Application Error)(User: )
Description: D:\Install\X86\InstGui.exeInstGui.exeC00002405


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
Java™ 6 Update 31 (Version: 6.0.310)
Lexmark 5000 Series
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliType Pro 6.3 (Version: 6.31.258.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Drivers
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OpenOffice.org 3.3 (Version: 3.3.9567)
Python 2.7.2 (Version: 2.7.2150)
Realtek High Definition Audio Driver
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 3070.48 MB
Available physical RAM: 2398.4 MB
Total Pagefile: 4956.59 MB
Available Pagefile: 4413.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:278.34 GB) NTFS

========================= Users: ========================================

User accounts for \\FIELDS

Administrator Charles enigma
Guest HelpAssistant UpdatusUser


**** End of log ****


eset-
C:\Documents and Settings\Charles\My Documents\Downloads\cnet2_cpu-z_1_59-setup-en_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

tdsskiller-
00:46:37.0109 1248 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
00:46:38.0656 1248 ============================================================
00:46:38.0656 1248 Current date / time: 2012/02/29 00:46:38.0656
00:46:38.0656 1248 SystemInfo:
00:46:38.0656 1248
00:46:38.0656 1248 OS Version: 5.1.2600 ServicePack: 3.0
00:46:38.0656 1248 Product type: Workstation
00:46:38.0656 1248 ComputerName: FIELDS
00:46:38.0656 1248 UserName: Charles
00:46:38.0656 1248 Windows directory: C:\WINDOWS
00:46:38.0656 1248 System windows directory: C:\WINDOWS
00:46:38.0656 1248 Processor architecture: Intel x86
00:46:38.0656 1248 Number of processors: 1
00:46:38.0656 1248 Page size: 0x1000
00:46:38.0656 1248 Boot type: Normal boot
00:46:38.0656 1248 ============================================================
00:46:40.0703 1248 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
00:46:40.0734 1248 \Device\Harddisk0\DR0:
00:46:40.0734 1248 MBR used
00:46:40.0734 1248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
00:46:40.0750 1248 Initialize success
00:46:40.0750 1248 ============================================================
00:47:59.0281 2388 ============================================================
00:47:59.0281 2388 Scan started
00:47:59.0281 2388 Mode: Manual;
00:47:59.0281 2388 ============================================================
00:47:59.0734 2388 Abiosdsk - ok
00:47:59.0750 2388 abp480n5 - ok
00:47:59.0812 2388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:47:59.0812 2388 ACPI - ok
00:47:59.0859 2388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:47:59.0859 2388 ACPIEC - ok
00:47:59.0875 2388 adpu160m - ok
00:47:59.0921 2388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:47:59.0921 2388 aec - ok
00:47:59.0984 2388 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:47:59.0984 2388 AFD - ok
00:48:00.0000 2388 Aha154x - ok
00:48:00.0015 2388 aic78u2 - ok
00:48:00.0031 2388 aic78xx - ok
00:48:00.0046 2388 AliIde - ok
00:48:00.0062 2388 amsint - ok
00:48:00.0078 2388 asc - ok
00:48:00.0093 2388 asc3350p - ok
00:48:00.0109 2388 asc3550 - ok
00:48:00.0156 2388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:48:00.0156 2388 AsyncMac - ok
00:48:00.0171 2388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:48:00.0171 2388 atapi - ok
00:48:00.0187 2388 Atdisk - ok
00:48:00.0203 2388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:48:00.0203 2388 Atmarpc - ok
00:48:00.0250 2388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:48:00.0250 2388 audstub - ok
00:48:00.0312 2388 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:48:00.0312 2388 Avgfwdx - ok
00:48:00.0328 2388 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:48:00.0328 2388 Avgfwfd - ok
00:48:00.0390 2388 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
00:48:00.0390 2388 AVGIDSDriver - ok
00:48:00.0421 2388 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
00:48:00.0421 2388 AVGIDSEH - ok
00:48:00.0453 2388 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
00:48:00.0453 2388 AVGIDSFilter - ok
00:48:00.0484 2388 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
00:48:00.0484 2388 AVGIDSShim - ok
00:48:00.0515 2388 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:48:00.0515 2388 Avgldx86 - ok
00:48:00.0546 2388 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:48:00.0546 2388 Avgmfx86 - ok
00:48:00.0578 2388 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:48:00.0578 2388 Avgrkx86 - ok
00:48:00.0609 2388 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:48:00.0609 2388 Avgtdix - ok
00:48:00.0656 2388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:48:00.0656 2388 Beep - ok
00:48:00.0703 2388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:48:00.0703 2388 cbidf2k - ok
00:48:00.0718 2388 cd20xrnt - ok
00:48:00.0765 2388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:48:00.0765 2388 Cdaudio - ok
00:48:00.0828 2388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:48:00.0828 2388 Cdfs - ok
00:48:00.0890 2388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:48:00.0890 2388 Cdrom - ok
00:48:00.0906 2388 Changer - ok
00:48:00.0937 2388 CmdIde - ok
00:48:00.0953 2388 Cpqarray - ok
00:48:00.0968 2388 dac2w2k - ok
00:48:00.0984 2388 dac960nt - ok
00:48:01.0031 2388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:48:01.0031 2388 Disk - ok
00:48:01.0078 2388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:48:01.0078 2388 dmboot - ok
00:48:01.0093 2388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:48:01.0109 2388 dmio - ok
00:48:01.0125 2388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:48:01.0125 2388 dmload - ok
00:48:01.0171 2388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:48:01.0171 2388 DMusic - ok
00:48:01.0187 2388 dpti2o - ok
00:48:01.0203 2388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:48:01.0203 2388 drmkaud - ok
00:48:01.0250 2388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:48:01.0250 2388 Fastfat - ok
00:48:01.0296 2388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:48:01.0296 2388 Fdc - ok
00:48:01.0312 2388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:48:01.0328 2388 Fips - ok
00:48:01.0328 2388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:48:01.0328 2388 Flpydisk - ok
00:48:01.0390 2388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:48:01.0390 2388 FltMgr - ok
00:48:01.0437 2388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:48:01.0437 2388 Fs_Rec - ok
00:48:01.0453 2388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:48:01.0468 2388 Ftdisk - ok
00:48:01.0484 2388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:48:01.0484 2388 Gpc - ok
00:48:01.0531 2388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:48:01.0531 2388 HDAudBus - ok
00:48:01.0593 2388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:48:01.0593 2388 hidusb - ok
00:48:01.0609 2388 hpn - ok
00:48:01.0671 2388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:48:01.0687 2388 HTTP - ok
00:48:01.0703 2388 i2omgmt - ok
00:48:01.0718 2388 i2omp - ok
00:48:01.0734 2388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:48:01.0734 2388 i8042prt - ok
00:48:01.0765 2388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:48:01.0781 2388 Imapi - ok
00:48:01.0796 2388 ini910u - ok
00:48:01.0953 2388 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:48:02.0000 2388 IntcAzAudAddService - ok
00:48:02.0015 2388 IntelIde - ok
00:48:02.0046 2388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:48:02.0046 2388 Ip6Fw - ok
00:48:02.0078 2388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:48:02.0078 2388 IpFilterDriver - ok
00:48:02.0093 2388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:48:02.0093 2388 IpInIp - ok
00:48:02.0109 2388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:48:02.0109 2388 IpNat - ok
00:48:02.0125 2388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:48:02.0125 2388 IPSec - ok
00:48:02.0156 2388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:48:02.0156 2388 IRENUM - ok
00:48:02.0203 2388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:48:02.0203 2388 isapnp - ok
00:48:02.0250 2388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:48:02.0250 2388 Kbdclass - ok
00:48:02.0265 2388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:48:02.0265 2388 kbdhid - ok
00:48:02.0328 2388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:48:02.0343 2388 kmixer - ok
00:48:02.0375 2388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:48:02.0375 2388 KSecDD - ok
00:48:02.0390 2388 lbrtfdc - ok
00:48:02.0437 2388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:48:02.0437 2388 mnmdd - ok
00:48:02.0468 2388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:48:02.0468 2388 Modem - ok
00:48:02.0500 2388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:48:02.0500 2388 Mouclass - ok
00:48:02.0546 2388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:48:02.0546 2388 mouhid - ok
00:48:02.0562 2388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:48:02.0562 2388 MountMgr - ok
00:48:02.0578 2388 mraid35x - ok
00:48:02.0593 2388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:48:02.0593 2388 MRxDAV - ok
00:48:02.0625 2388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:48:02.0640 2388 MRxSmb - ok
00:48:02.0656 2388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:48:02.0656 2388 Msfs - ok
00:48:02.0687 2388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:48:02.0687 2388 MSKSSRV - ok
00:48:02.0718 2388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:48:02.0718 2388 MSPCLOCK - ok
00:48:02.0734 2388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:48:02.0734 2388 MSPQM - ok
00:48:02.0765 2388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:48:02.0765 2388 mssmbios - ok
00:48:02.0843 2388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:48:02.0843 2388 Mup - ok
00:48:02.0906 2388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:48:02.0906 2388 NDIS - ok
00:48:02.0953 2388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:48:02.0953 2388 NdisTapi - ok
00:48:02.0968 2388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:48:02.0984 2388 Ndisuio - ok
00:48:03.0000 2388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:48:03.0000 2388 NdisWan - ok
00:48:03.0031 2388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:48:03.0031 2388 NDProxy - ok
00:48:03.0046 2388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:48:03.0046 2388 NetBIOS - ok
00:48:03.0078 2388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:48:03.0093 2388 NetBT - ok
00:48:03.0125 2388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:48:03.0125 2388 Npfs - ok
00:48:03.0140 2388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:48:03.0156 2388 Ntfs - ok
00:48:03.0218 2388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:48:03.0218 2388 Null - ok
00:48:03.0562 2388 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:48:03.0656 2388 nv - ok
00:48:03.0687 2388 NVENETFD (ccd0c2a9a9c4c59441072564b011b546) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:48:03.0687 2388 NVENETFD - ok
00:48:03.0703 2388 nvnetbus (a4931d96f111b5a8f3129507ae7bdf12) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:48:03.0703 2388 nvnetbus - ok
00:48:03.0734 2388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:48:03.0734 2388 NwlnkFlt - ok
00:48:03.0750 2388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:48:03.0750 2388 NwlnkFwd - ok
00:48:03.0796 2388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:48:03.0796 2388 Parport - ok
00:48:03.0859 2388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:48:03.0859 2388 PartMgr - ok
00:48:03.0890 2388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:48:03.0890 2388 ParVdm - ok
00:48:03.0921 2388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:48:03.0921 2388 PCI - ok
00:48:03.0937 2388 PCIDump - ok
00:48:03.0953 2388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:48:03.0953 2388 PCIIde - ok
00:48:03.0984 2388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:48:03.0984 2388 Pcmcia - ok
00:48:04.0000 2388 PDCOMP - ok
00:48:04.0015 2388 PDFRAME - ok
00:48:04.0031 2388 PDRELI - ok
00:48:04.0046 2388 PDRFRAME - ok
00:48:04.0062 2388 perc2 - ok
00:48:04.0062 2388 perc2hib - ok
00:48:04.0125 2388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:48:04.0125 2388 PptpMiniport - ok
00:48:04.0140 2388 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:48:04.0140 2388 Processor - ok
00:48:04.0156 2388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:48:04.0171 2388 PSched - ok
00:48:04.0203 2388 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
00:48:04.0203 2388 PSI - ok
00:48:04.0218 2388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:48:04.0218 2388 Ptilink - ok
00:48:04.0234 2388 ql1080 - ok
00:48:04.0234 2388 Ql10wnt - ok
00:48:04.0250 2388 ql12160 - ok
00:48:04.0265 2388 ql1240 - ok
00:48:04.0281 2388 ql1280 - ok
00:48:04.0312 2388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:48:04.0312 2388 RasAcd - ok
00:48:04.0343 2388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:48:04.0343 2388 Rasl2tp - ok
00:48:04.0375 2388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:48:04.0375 2388 RasPppoe - ok
00:48:04.0390 2388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:48:04.0390 2388 Raspti - ok
00:48:04.0406 2388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:48:04.0406 2388 Rdbss - ok
00:48:04.0437 2388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:48:04.0437 2388 RDPCDD - ok
00:48:04.0468 2388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:48:04.0484 2388 rdpdr - ok
00:48:04.0515 2388 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:48:04.0515 2388 RDPWD - ok
00:48:04.0562 2388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:48:04.0562 2388 redbook - ok
00:48:04.0640 2388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:48:04.0640 2388 Secdrv - ok
00:48:04.0703 2388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:48:04.0703 2388 Serial - ok
00:48:04.0750 2388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:48:04.0750 2388 Sfloppy - ok
00:48:04.0781 2388 Simbad - ok
00:48:04.0796 2388 Sparrow - ok
00:48:04.0843 2388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:48:04.0843 2388 splitter - ok
00:48:04.0906 2388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:48:04.0906 2388 sr - ok
00:48:04.0953 2388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:48:04.0953 2388 Srv - ok
00:48:05.0000 2388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:48:05.0000 2388 swenum - ok
00:48:05.0015 2388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:48:05.0015 2388 swmidi - ok
00:48:05.0031 2388 symc810 - ok
00:48:05.0046 2388 symc8xx - ok
00:48:05.0062 2388 sym_hi - ok
00:48:05.0078 2388 sym_u3 - ok
00:48:05.0109 2388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:48:05.0109 2388 sysaudio - ok
00:48:05.0140 2388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:48:05.0140 2388 Tcpip - ok
00:48:05.0171 2388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:48:05.0171 2388 TDPIPE - ok
00:48:05.0203 2388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:48:05.0203 2388 TDTCP - ok
00:48:05.0234 2388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:48:05.0234 2388 TermDD - ok
00:48:05.0265 2388 TosIde - ok
00:48:05.0328 2388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:48:05.0328 2388 Udfs - ok
00:48:05.0343 2388 ultra - ok
00:48:05.0359 2388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:48:05.0359 2388 Update - ok
00:48:05.0406 2388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:48:05.0406 2388 usbccgp - ok
00:48:05.0437 2388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:48:05.0437 2388 usbehci - ok
00:48:05.0453 2388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:48:05.0453 2388 usbhub - ok
00:48:05.0468 2388 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:48:05.0468 2388 usbohci - ok
00:48:05.0500 2388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:48:05.0500 2388 usbprint - ok
00:48:05.0531 2388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:48:05.0531 2388 usbscan - ok
00:48:05.0546 2388 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:48:05.0546 2388 usbstor - ok
00:48:05.0593 2388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:48:05.0593 2388 VgaSave - ok
00:48:05.0609 2388 ViaIde - ok
00:48:05.0671 2388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:48:05.0671 2388 VolSnap - ok
00:48:05.0718 2388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:48:05.0718 2388 Wanarp - ok
00:48:05.0734 2388 WDICA - ok
00:48:05.0781 2388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:48:05.0781 2388 wdmaud - ok
00:48:05.0875 2388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:48:05.0875 2388 WudfPf - ok
00:48:05.0906 2388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:48:05.0906 2388 WudfRd - ok
00:48:05.0953 2388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:48:06.0093 2388 \Device\Harddisk0\DR0 - ok
00:48:06.0093 2388 Boot (0x1200) (04b0a190310399b1b77b10dc2b0f7b55) \Device\Harddisk0\DR0\Partition0
00:48:06.0093 2388 \Device\Harddisk0\DR0\Partition0 - ok
00:48:06.0093 2388 ============================================================
00:48:06.0093 2388 Scan finished
00:48:06.0093 2388 ============================================================
00:48:06.0109 2140 Detected object count: 0
00:48:06.0109 2140 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 PM

Posted 29 February 2012 - 01:55 PM

Ok All I see now are what look like many files or Device errors..
Perhaps SFC will strighten it out.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe

To Repair System Files


NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt

.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 enigma52

enigma52
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 29 February 2012 - 10:45 PM

i ran sfc and it asked for installation cd. it ran for about 20 minutes.
i then went to windows update and scanned. it showed 0 high priority updates, 10 optional software, and 3 optional hardware updates. i didn't get the optional ones. should i have? some sounded good and some i wasn't sure i wanted.
ms .net framework 4 client profile
update for root certificates
2 updates for xp
win powershell2.0 & winrm2.0 &windows embedded
ms base smart card cryptographic provider package
windowa search 4.0ms .net framework 1.1
ms silverlight
windows live essentials
i noticed microsoft update. do i need to go there for updates?
as far as i know, all the things that you guided me through was successful and everything seems to be working right unless you have more that needs to be investigated for which i'm ready.
any idea how i got the trojan? i try to be security minded and have been depending on avg, wot, no script. and secunia to keep my computer safe.
i saw that eset cleaned and quarantined a cpuz file. i downloaded it awhile back just to get system info. i uninstalled it after running eset.
thanks for getting my computer back.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 PM

Posted 01 March 2012 - 11:19 AM

You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users