TechSpot

AV softwares disabled and Google links redirected

By MMSCOM
Nov 3, 2011
  1. Hi all,

    A few weeks back my Norton Anti-virus expired and stooped working a week after that. Now when I click on any link from google search results, th browser takes my to some junk site. After few refreshes I can get to the real site. Also, the browser (both firefox and IE) sometimes won't open any link until I restart my PC. I installed malwarebytes and unkackme but they stop responding after the first run and I get a message saying "Windows cannot access the specified device... you may not have the appropriate permission to access".

    I used the Norton Recovery Tool with a USB to do a system boot scan and Norton was able to find and resolve four Trojans, but the problem is not solved at all.

    I found many threads of the same issue but it seems complicated and requires users to provide individual logs, so that's why I'm opening a new tread.

    I appreciate your time and help!
     
  2. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    I'm running a Windows XP btw and still have "Unkackme" installed. Also, I still have my Norton Anti-virus which is not working, but I didn't delete it cause I don't have the installation file.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Hi Broni,

    Thanks for the quick reply.

    As part of step 2, and while doing the Malwarbytes quick scan, Malwarbytes crashed and I got an Avira notification of a "Malware found". The file name is 629069199:1881833946.exe.
    Should I hit "remove" now?

    Also, Malwarbytes doesn't open now, and get the old message "Windows cannot access the specified device... you may not have the appropriate permission to access". What should I do from here?

    I really appreciate your help!
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go ahead with other steps.
     
  6. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Gmer

    gmer log

    MER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-07 14:40:06
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
    Running: 4yrt8dod.exe; Driver: C:\DOCUME~1\Mohammed\LOCALS~1\Temp\kxayipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:1244] F69AE3E0
    Thread System [4:1248] F69AE3E0
    Thread System [4:1252] 85C24875
    Thread System [4:1256] 85C24875

    ---- EOF - GMER 1.0.15 ----
     
  7. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    DDS Log

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
    Run by Mohammed at 15:00:35 on 2011-11-07
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.501 [GMT 3:00]
    .
    AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\629069199:1881833946.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = 119.2.41.33:8080
    uInternet Settings,ProxyOverride = local;*.local
    mURLSearchHooks: H - No File
    uWinlogon: Shell=c:\documents and settings\mohammed\local settings\application data\8fd57e25\X
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [Azureus] c:\program files\vuze\Azureus.exe
    uRun: [mukll1wl7i] c:\documents and settings\mohammed\mukll1wl7i.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [Regedit32] c:\windows\system32\regedit.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: Interfaces\{2D1566C2-C51D-4706-BDC4-8110E955BB36} : DhcpNameServer = 10.64.0.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mohammed\application data\mozilla\firefox\profiles\10pxbx0k.default\
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 4001
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\mohammed\application data\idm\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    FF - plugin: c:\documents and settings\mohammed\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\mohammed\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\mohammed\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\mohammed\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
    FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\mohammed\application data\idm\idmmzcc3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-10 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-10 744568]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-4 36000]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-9 816760]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-10 136312]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-4 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-4 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-4 74640]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-6-3 298824]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110922.030\IDSXpx86.sys [2011-9-23 356280]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-8-23 27632]
    S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
    S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
    S2 NAV;Norton AntiVirus;d:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-23 13224]
    S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110923.002\NAVENG.SYS [2011-9-23 86136]
    S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110923.002\NAVEX15.SYS [2011-9-23 1576312]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-9-28 18432]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-12 625024]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-23 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-23 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-23 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-23 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-23 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-23 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-23 109864]
    S3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [2007-10-12 55808]
    .
    =============== Created Last 30 ================
    .
    2011-11-06 06:21:47 -------- d-----w- c:\documents and settings\all users\application data\hssff
    2011-11-06 06:20:58 -------- d-----w- C:\Hotspot Shield
    2011-11-06 06:20:10 729088 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-11-04 11:01:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-04 11:00:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-04 11:00:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-04 10:54:31 -------- d-----w- c:\windows\system32\NtmsData
    2011-11-04 10:41:39 -------- d-----w- c:\documents and settings\mohammed\application data\Avira
    2011-11-04 10:35:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-11-04 10:35:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-11-04 10:34:57 -------- d-----w- c:\program files\Avira
    2011-11-04 10:34:57 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-11-03 22:45:02 76546048 --sha-w- C:\NBRTPage.sys
    2011-11-03 15:35:32 17408 ----a-w- c:\documents and settings\mohammed\mukll1wl7i.exe
    2011-11-03 15:34:51 17408 ----a-w- c:\program files\mozilla firefox\0.19023848371355623.exe
    2011-11-02 21:05:20 2 --shatr- c:\windows\winstart.bat
    2011-11-02 21:05:13 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2011-11-02 21:05:07 -------- d-----w- c:\program files\UnHackMe
    2011-11-01 13:56:22 -------- d-----w- c:\documents and settings\mohammed\application data\Malwarebytes
    2011-11-01 13:56:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-18 16:10:28 -------- d-sh--w- c:\documents and settings\mohammed\IECompatCache
    2011-10-17 20:24:14 -------- d-sh--w- c:\documents and settings\mohammed\local settings\application data\8fd57e25
    2011-10-17 20:05:36 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-10-17 20:05:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-10-17 20:05:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-10-17 20:05:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-10-17 20:05:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-10-17 20:05:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-10-17 19:56:23 -------- d-----w- c:\windows\ie8updates
    2011-10-16 22:09:08 -------- d-----w- c:\documents and settings\all users\application data\Citrix
    2011-10-16 22:08:41 -------- d-----w- c:\documents and settings\mohammed\local settings\application data\Citrix
    2011-10-16 22:08:41 -------- d-----w- c:\documents and settings\mohammed\application data\ICAClient
    2011-10-16 22:08:26 -------- d-----w- c:\program files\Citrix
    2011-10-16 22:01:21 -------- d-sh--w- c:\documents and settings\mohammed\PrivacIE
    2011-10-16 21:58:21 -------- d-sh--w- c:\documents and settings\mohammed\IETldCache
    2011-10-16 21:11:52 -------- dc-h--w- c:\windows\ie8
    .
    ==================== Find3M ====================
    .
    2011-11-01 13:55:11 120 ----a-w- c:\windows\system32\bn.dll
    2011-09-26 08:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 08:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 08:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
    .
    ============= FINISH: 15:02:09.32 ===============
     
  8. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    DDS- Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/6/2009 10:33:25 PM
    System Uptime: 11/7/2011 2:47:13 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1000H
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 80 GiB total, 30.732 GiB free.
    D: is FIXED (NTFS) - 61 GiB total, 20.711 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP230: 8/14/2011 9:33:28 AM - System Checkpoint
    RP231: 8/15/2011 9:49:52 AM - System Checkpoint
    RP232: 8/17/2011 10:10:20 PM - System Checkpoint
    RP233: 8/19/2011 11:01:17 AM - System Checkpoint
    RP234: 8/20/2011 8:15:22 PM - System Checkpoint
    RP235: 8/22/2011 6:14:01 AM - System Checkpoint
    RP236: 8/26/2011 12:21:58 PM - System Checkpoint
    RP237: 8/27/2011 1:41:39 PM - System Checkpoint
    RP238: 8/28/2011 3:26:18 PM - System Checkpoint
    RP239: 8/29/2011 4:25:40 PM - System Checkpoint
    RP240: 8/30/2011 5:11:21 PM - System Checkpoint
    RP241: 9/3/2011 1:48:19 PM - System Checkpoint
    RP242: 9/5/2011 1:00:20 PM - System Checkpoint
    RP243: 9/16/2011 7:47:41 AM - System Checkpoint
    RP244: 9/18/2011 4:15:44 AM - System Checkpoint
    RP245: 9/19/2011 4:19:41 AM - System Checkpoint
    RP246: 9/24/2011 3:02:07 AM - Software Distribution Service 3.0
    RP247: 9/27/2011 3:22:40 AM - Software Distribution Service 3.0
    RP248: 9/28/2011 10:41:51 AM - System Checkpoint
    RP249: 9/29/2011 3:00:24 AM - Software Distribution Service 3.0
    RP250: 9/30/2011 8:02:04 AM - System Checkpoint
    RP251: 10/14/2011 1:29:34 PM - Software Distribution Service 3.0
    RP252: 10/17/2011 12:14:36 AM - Installed Windows Internet Explorer 8.
    RP253: 10/17/2011 10:24:52 PM - Software Distribution Service 3.0
    RP254: 10/17/2011 10:55:27 PM - Software Distribution Service 3.0
    RP255: 10/17/2011 11:07:55 PM - Software Distribution Service 3.0
    RP256: 10/20/2011 2:19:33 AM - Software Distribution Service 3.0
    RP257: 10/21/2011 4:27:15 PM - System Checkpoint
    RP258: 10/27/2011 8:18:00 AM - System Checkpoint
    RP259: 10/28/2011 8:23:07 AM - System Checkpoint
    RP260: 10/29/2011 6:33:49 PM - System Checkpoint
    RP261: 10/31/2011 1:40:31 AM - System Checkpoint
    RP262: 11/1/2011 7:51:51 PM - System Checkpoint
    RP263: 11/3/2011 12:07:42 AM - RegRun Virus Scan
    RP264: 11/3/2011 12:12:48 AM - Restore Operation
    RP265: 11/3/2011 12:57:09 AM - Restore Operation
    RP266: 11/4/2011 2:41:07 PM - System Checkpoint
    RP267: 11/6/2011 8:50:30 AM - Software Distribution Service 3.0
    RP268: 11/7/2011 3:29:14 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    7-Zip 4.65
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 8.1.1
    Adobe Stock Photos 1.0
    Amazon Kindle
    Any Video Converter 3.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Asus ACPI Driver
    ASUSUpdate for Eee PC
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    Avanquest update
    Avira Free Antivirus
    Azurewave Wireless LAN
    Bonjour
    Chinese Traditional Fonts Support For Adobe Reader 8
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    Disc2Phone
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    doPDF 7.1 printer
    Dropbox
    Eee Instant Key
    Eee Storage
    ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
    Facebook Desktop
    Facebook Plug-In
    FLV Player 2.0 (build 25)
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB981793)
    Hotspot Shield 2.04
    Intel(R) Graphics Media Accelerator Driver
    Internet Download Manager
    InterVideo Register Manager
    InterVideo WinDVD
    iPhone Explorer 2.1.2.2
    iTunes
    Java(TM) 6 Update 14
    JonDo
    Juniper Networks Host Checker
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    Junk Mail filter update
    LightScribe System Software 1.10.27.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    ManyCam 2.4 (remove only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mobile Mouse Server
    MobileMe Control Panel
    Mobipocket Creator 4.2
    Mozilla Firefox (3.6.23)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    Network Magic
    Norton AntiVirus
    Norton Bootable Recovery Tool Wizard
    Pure Networks Platform
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    SecureW2 TTLS Client 3.3.3 for Windows
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 3.6
    Sony Ericsson PC Suite 6.009.00
    Super Hybrid Engine
    TeamViewer 5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Service
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.0.0
    Vuze
    Vuze Toolbar
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/7/2011 3:27:59 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
    11/7/2011 2:38:42 PM, error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3) disappeared from the system without first being prepared for removal.
    11/6/2011 9:12:18 AM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    11/6/2011 9:11:59 AM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
    11/6/2011 8:48:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    11/6/2011 8:48:57 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/6/2011 8:48:55 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    11/3/2011 6:23:42 PM, error: Service Control Manager [7000] - The ASKService service failed to start due to the following error: The system cannot find the file specified.
    11/3/2011 6:18:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The Norton AntiVirus service failed to start due to the following error: Access is denied.
    11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The InCD Helper service failed to start due to the following error: The system cannot find the file specified.
    11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The ASKUpgrade service failed to start due to the following error: The system cannot find the file specified.
    11/3/2011 12:33:48 AM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
    11/3/2011 12:03:51 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    11/2/2011 11:28:20 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    11/1/2011 10:47:05 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
    .
    ==== End Of File ===========================
     
  9. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Broni,

    As I said before, Malwarebytes wasn't able to run so I don't have a log for it. I looked at the places where the instructions said the log will be saved, but there's nothing.

    Thanks for your help again.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download DummyCreator.zip and unzip it.

    • Run the tool.
    • Copy and paste the following into the edit box:
    C:\WINDOWS\629069199
    • Press Create button and post the content of the Result.txt.
    Important: Restart the computer.

    =================================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    DummyCreator by Farbar
    Ran by Mohammed (administrator) on 09-11-2011 at 16:00:44
    **************************************************************

    C:\WINDOWS\629069199 [09-11-2011 16:00:44]

    == End of log ==
     
  12. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    16:19:47.0718 1004 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
    16:19:49.0734 1004 ============================================================
    16:19:49.0734 1004 Current date / time: 2011/11/09 16:19:49.0734
    16:19:49.0734 1004 SystemInfo:
    16:19:49.0734 1004
    16:19:49.0734 1004 OS Version: 5.1.2600 ServicePack: 3.0
    16:19:49.0734 1004 Product type: Workstation
    16:19:49.0734 1004 ComputerName: YOUR-S8SUI3P2KW
    16:19:49.0750 1004 UserName: Mohammed
    16:19:49.0750 1004 Windows directory: C:\WINDOWS
    16:19:49.0750 1004 System windows directory: C:\WINDOWS
    16:19:49.0750 1004 Processor architecture: Intel x86
    16:19:49.0750 1004 Number of processors: 2
    16:19:49.0750 1004 Page size: 0x1000
    16:19:49.0750 1004 Boot type: Normal boot
    16:19:49.0750 1004 ============================================================
    16:19:53.0562 1004 Initialize success
    16:20:06.0328 3812 ============================================================
    16:20:06.0328 3812 Scan started
    16:20:06.0328 3812 Mode: Manual;
    16:20:06.0328 3812 ============================================================
    16:20:08.0562 3812 8fd57e25 ( Rootkit.Win32.PMax.gen ) - infected
    16:20:08.0562 3812 8fd57e25 - detected Rootkit.Win32.PMax.gen (0)
    16:20:08.0671 3812 Abiosdsk - ok
    16:20:08.0687 3812 abp480n5 - ok
    16:20:08.0781 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:20:08.0781 3812 ACPI - ok
    16:20:08.0828 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    16:20:08.0843 3812 ACPIEC - ok
    16:20:08.0906 3812 adpu160m - ok
    16:20:08.0984 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:20:09.0015 3812 aec - ok
    16:20:09.0078 3812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:20:09.0078 3812 AFD - ok
    16:20:09.0093 3812 Aha154x - ok
    16:20:09.0109 3812 aic78u2 - ok
    16:20:09.0140 3812 aic78xx - ok
    16:20:09.0171 3812 AliIde - ok
    16:20:09.0203 3812 amsint - ok
    16:20:09.0312 3812 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    16:20:09.0328 3812 AR5211 - ok
    16:20:09.0531 3812 asc - ok
    16:20:09.0562 3812 asc3350p - ok
    16:20:09.0593 3812 asc3550 - ok
    16:20:09.0703 3812 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
    16:20:09.0750 3812 AsusACPI - ok
    16:20:09.0812 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:20:09.0828 3812 AsyncMac - ok
    16:20:09.0921 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:20:09.0921 3812 atapi - ok
    16:20:09.0953 3812 Atdisk - ok
    16:20:10.0000 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:20:10.0015 3812 Atmarpc - ok
    16:20:10.0093 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:20:10.0125 3812 audstub - ok
    16:20:10.0156 3812 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    16:20:10.0187 3812 avgntflt - ok
    16:20:10.0218 3812 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    16:20:10.0250 3812 avipbb - ok
    16:20:10.0281 3812 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    16:20:10.0296 3812 avkmgr - ok
    16:20:10.0421 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:20:10.0468 3812 Beep - ok
    16:20:10.0703 3812 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
    16:20:11.0000 3812 BHDrvx86 - ok
    16:20:11.0203 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:20:11.0250 3812 cbidf2k - ok
    16:20:11.0328 3812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:20:11.0375 3812 CCDECODE - ok
    16:20:11.0484 3812 cd20xrnt - ok
    16:20:11.0593 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:20:11.0609 3812 Cdaudio - ok
    16:20:11.0656 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:20:11.0718 3812 Cdfs - ok
    16:20:11.0781 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:20:11.0828 3812 Cdrom - ok
    16:20:11.0875 3812 Changer - ok
    16:20:11.0937 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    16:20:11.0953 3812 CmBatt - ok
    16:20:12.0000 3812 CmdIde - ok
    16:20:12.0046 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    16:20:12.0062 3812 Compbatt - ok
    16:20:12.0093 3812 Cpqarray - ok
    16:20:12.0187 3812 ctxusbm (d34062fd4522facb44a73ffe2b3aaaed) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
    16:20:12.0437 3812 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ctxusbm.sys. md5: d34062fd4522facb44a73ffe2b3aaaed
    16:20:12.0437 3812 ctxusbm ( Rootkit.Win32.ZAccess.g ) - infected
    16:20:12.0437 3812 ctxusbm - detected Rootkit.Win32.ZAccess.g (0)
    16:20:12.0640 3812 dac2w2k - ok
    16:20:12.0671 3812 dac960nt - ok
    16:20:12.0875 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:20:13.0062 3812 Disk - ok
    16:20:13.0390 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:20:13.0484 3812 dmboot - ok
    16:20:13.0546 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:20:13.0578 3812 dmio - ok
    16:20:13.0625 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:20:13.0656 3812 dmload - ok
    16:20:13.0921 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:20:14.0062 3812 DMusic - ok
    16:20:14.0437 3812 dpti2o - ok
    16:20:14.0656 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:20:14.0687 3812 drmkaud - ok
    16:20:14.0812 3812 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    16:20:14.0921 3812 eeCtrl - ok
    16:20:15.0187 3812 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    16:20:15.0250 3812 EraserUtilRebootDrv - ok
    16:20:15.0406 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:20:15.0515 3812 Fastfat - ok
    16:20:15.0609 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    16:20:15.0625 3812 Fdc - ok
    16:20:15.0703 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:20:15.0734 3812 Fips - ok
    16:20:15.0781 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    16:20:15.0812 3812 Flpydisk - ok
    16:20:15.0843 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    16:20:15.0890 3812 FltMgr - ok
    16:20:15.0921 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:20:15.0953 3812 Fs_Rec - ok
    16:20:16.0015 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:20:16.0062 3812 Ftdisk - ok
    16:20:16.0125 3812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:20:16.0140 3812 GEARAspiWDM - ok
    16:20:16.0171 3812 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
    16:20:16.0203 3812 ggflt - ok
    16:20:16.0234 3812 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
    16:20:16.0265 3812 ggsemc - ok
    16:20:16.0312 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:20:16.0359 3812 Gpc - ok
    16:20:16.0421 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:20:16.0421 3812 HDAudBus - ok
    16:20:16.0484 3812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:20:16.0515 3812 HidUsb - ok
    16:20:16.0562 3812 hpn - ok
    16:20:16.0625 3812 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    16:20:16.0671 3812 HPZius12 - ok
    16:20:16.0750 3812 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
    16:20:16.0781 3812 HssDrv - ok
    16:20:16.0906 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:20:16.0906 3812 HTTP - ok
    16:20:16.0937 3812 i2omgmt - ok
    16:20:16.0953 3812 i2omp - ok
    16:20:17.0015 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:20:17.0046 3812 i8042prt - ok
    16:20:17.0546 3812 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    16:20:18.0140 3812 ialm - ok
    16:20:18.0687 3812 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110922.030\IDSxpx86.sys
    16:20:18.0984 3812 IDSxpx86 - ok
    16:20:19.0250 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:20:19.0296 3812 Imapi - ok
    16:20:19.0437 3812 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
    16:20:19.0515 3812 InCDfs - ok
    16:20:19.0750 3812 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
    16:20:19.0781 3812 InCDPass - ok
    16:20:19.0828 3812 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
    16:20:19.0859 3812 InCDrec - ok
    16:20:19.0906 3812 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
    16:20:19.0953 3812 incdrm - ok
    16:20:20.0046 3812 ini910u - ok
    16:20:20.0734 3812 IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    16:20:21.0750 3812 IntcAzAudAddService - ok
    16:20:21.0859 3812 IntelIde - ok
    16:20:22.0015 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:20:22.0015 3812 intelppm - ok
    16:20:22.0312 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    16:20:22.0484 3812 Ip6Fw - ok
    16:20:22.0781 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:20:22.0906 3812 IpFilterDriver - ok
    16:20:23.0156 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:20:23.0171 3812 IpInIp - ok
    16:20:23.0390 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:20:23.0390 3812 IpNat - ok
    16:20:23.0703 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:20:23.0765 3812 IPSec - ok
    16:20:24.0265 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:20:24.0312 3812 IRENUM - ok
    16:20:24.0640 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:20:24.0656 3812 isapnp - ok
    16:20:24.0781 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:20:24.0812 3812 Kbdclass - ok
    16:20:25.0046 3812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:20:25.0093 3812 kbdhid - ok
    16:20:25.0640 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:20:25.0703 3812 kmixer - ok
    16:20:25.0890 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:20:25.0890 3812 KSecDD - ok
    16:20:26.0062 3812 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
    16:20:26.0078 3812 Ktp - ok
    16:20:26.0218 3812 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    16:20:26.0218 3812 L1e - ok
    16:20:26.0281 3812 lbrtfdc - ok
    16:20:26.0468 3812 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
    16:20:26.0546 3812 ManyCam - ok
    16:20:26.0828 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:20:26.0859 3812 mnmdd - ok
    16:20:27.0015 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:20:27.0031 3812 Modem - ok
    16:20:27.0218 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:20:27.0250 3812 Mouclass - ok
    16:20:27.0578 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:20:27.0640 3812 mouhid - ok
    16:20:27.0796 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:20:27.0812 3812 MountMgr - ok
    16:20:27.0859 3812 mraid35x - ok
    16:20:28.0031 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:20:28.0093 3812 MRxDAV - ok
    16:20:28.0406 3812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:20:28.0625 3812 MRxSmb - ok
    16:20:28.0859 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:20:28.0890 3812 Msfs - ok
    16:20:29.0031 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:20:29.0062 3812 MSKSSRV - ok
    16:20:29.0156 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:20:29.0171 3812 MSPCLOCK - ok
    16:20:29.0218 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:20:29.0250 3812 MSPQM - ok
    16:20:29.0500 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:20:29.0500 3812 mssmbios - ok
    16:20:29.0812 3812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    16:20:29.0828 3812 MSTEE - ok
    16:20:29.0953 3812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:20:29.0953 3812 Mup - ok
    16:20:30.0109 3812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:20:30.0171 3812 NABTSFEC - ok
    16:20:30.0468 3812 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVENG.SYS
    16:20:30.0750 3812 NAVENG - ok
    16:20:31.0171 3812 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVEX15.SYS
    16:20:31.0562 3812 NAVEX15 - ok
    16:20:31.0890 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    16:20:31.0968 3812 NDIS - ok
    16:20:32.0125 3812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:20:32.0125 3812 NdisIP - ok
    16:20:32.0250 3812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:20:32.0250 3812 NdisTapi - ok
    16:20:32.0406 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:20:32.0453 3812 Ndisuio - ok
    16:20:32.0875 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:20:32.0937 3812 NdisWan - ok
    16:20:33.0156 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:20:33.0156 3812 NDProxy - ok
    16:20:33.0375 3812 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    16:20:33.0421 3812 Netaapl - ok
    16:20:33.0515 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:20:33.0609 3812 NetBIOS - ok
    16:20:33.0781 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:20:33.0859 3812 NetBT - ok
    16:20:34.0125 3812 nmwcdnsu - ok
    16:20:34.0281 3812 nmwcdnsuc - ok
    16:20:34.0453 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:20:34.0515 3812 Npfs - ok
    16:20:34.0843 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:20:34.0953 3812 Ntfs - ok
    16:20:35.0171 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:20:35.0187 3812 Null - ok
    16:20:35.0421 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:20:35.0468 3812 NwlnkFlt - ok
    16:20:35.0640 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:20:35.0703 3812 NwlnkFwd - ok
    16:20:35.0812 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    16:20:35.0937 3812 Parport - ok
    16:20:36.0093 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:20:36.0125 3812 PartMgr - ok
    16:20:36.0203 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:20:36.0234 3812 ParVdm - ok
    16:20:36.0312 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:20:36.0359 3812 PCI - ok
    16:20:36.0500 3812 PCIDump - ok
    16:20:36.0703 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:20:36.0765 3812 PCIIde - ok
    16:20:36.0875 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:20:36.0937 3812 Pcmcia - ok
    16:20:37.0062 3812 PDCOMP - ok
    16:20:37.0093 3812 PDFRAME - ok
    16:20:37.0125 3812 PDRELI - ok
    16:20:37.0203 3812 PDRFRAME - ok
    16:20:37.0250 3812 perc2 - ok
    16:20:37.0296 3812 perc2hib - ok
    16:20:37.0453 3812 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    16:20:37.0500 3812 pnarp - ok
    16:20:37.0812 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:20:37.0875 3812 PptpMiniport - ok
    16:20:37.0984 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:20:38.0015 3812 PSched - ok
    16:20:38.0171 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:20:38.0203 3812 Ptilink - ok
    16:20:38.0390 3812 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
    16:20:38.0437 3812 purendis - ok
    16:20:38.0593 3812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:20:38.0640 3812 PxHelp20 - ok
    16:20:38.0734 3812 ql1080 - ok
    16:20:38.0781 3812 Ql10wnt - ok
    16:20:38.0828 3812 ql12160 - ok
    16:20:38.0859 3812 ql1240 - ok
    16:20:38.0906 3812 ql1280 - ok
    16:20:38.0968 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:20:38.0984 3812 RasAcd - ok
    16:20:39.0109 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:20:39.0156 3812 Rasl2tp - ok
    16:20:39.0218 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:20:39.0250 3812 RasPppoe - ok
    16:20:39.0328 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:20:39.0328 3812 Raspti - ok
    16:20:39.0437 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:20:39.0593 3812 Rdbss - ok
    16:20:39.0734 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:20:39.0765 3812 RDPCDD - ok
    16:20:39.0906 3812 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:20:39.0906 3812 RDPWD - ok
    16:20:40.0015 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:20:40.0062 3812 redbook - ok
    16:20:40.0515 3812 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
    16:20:40.0718 3812 RT80x86 - ok
    16:20:40.0953 3812 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
    16:20:41.0015 3812 s1018bus - ok
    16:20:41.0218 3812 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
    16:20:41.0265 3812 s1018mdfl - ok
    16:20:41.0453 3812 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
    16:20:41.0515 3812 s1018mdm - ok
    16:20:41.0843 3812 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
    16:20:41.0890 3812 s1018mgmt - ok
    16:20:42.0046 3812 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
    16:20:42.0078 3812 s1018nd5 - ok
    16:20:42.0234 3812 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
    16:20:42.0281 3812 s1018obex - ok
    16:20:42.0421 3812 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
    16:20:42.0500 3812 s1018unic - ok
    16:20:42.0812 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:20:42.0859 3812 Secdrv - ok
    16:20:42.0937 3812 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
    16:20:43.0000 3812 seehcri - ok
    16:20:43.0093 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    16:20:43.0125 3812 Serial - ok
    16:20:43.0406 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:20:43.0437 3812 Sfloppy - ok
    16:20:43.0562 3812 Simbad - ok
    16:20:43.0750 3812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:20:43.0781 3812 SLIP - ok
    16:20:43.0859 3812 Sparrow - ok
    16:20:43.0937 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:20:43.0984 3812 splitter - ok
    16:20:44.0125 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:20:44.0171 3812 sr - ok
    16:20:44.0515 3812 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
    16:20:44.0750 3812 SRTSP - ok
    16:20:45.0031 3812 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
    16:20:45.0078 3812 SRTSPX - ok
    16:20:45.0406 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:20:45.0468 3812 Srv - ok
    16:20:45.0734 3812 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    16:20:45.0781 3812 ssmdrv - ok
    16:20:46.0109 3812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:20:46.0125 3812 streamip - ok
    16:20:46.0343 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:20:46.0359 3812 swenum - ok
    16:20:46.0562 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:20:46.0593 3812 swmidi - ok
    16:20:46.0812 3812 symc810 - ok
    16:20:46.0921 3812 symc8xx - ok
    16:20:47.0421 3812 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
    16:20:47.0687 3812 SymDS - ok
    16:20:48.0046 3812 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
    16:20:48.0234 3812 SymEFA - ok
    16:20:48.0500 3812 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    16:20:48.0500 3812 SymEvent - ok
    16:20:48.0828 3812 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
    16:20:48.0937 3812 SymIRON - ok
    16:20:49.0343 3812 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
    16:20:49.0500 3812 SYMTDI - ok
    16:20:49.0593 3812 sym_hi - ok
    16:20:49.0671 3812 sym_u3 - ok
    16:20:49.0734 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:20:49.0781 3812 sysaudio - ok
    16:20:49.0859 3812 tap0801 (f6587c800ce0ad14e755c4605febf3f9) C:\WINDOWS\system32\DRIVERS\tap0801.sys
    16:20:49.0906 3812 tap0801 - ok
    16:20:49.0968 3812 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
    16:20:50.0000 3812 taphss - ok
    16:20:50.0046 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:20:50.0062 3812 Tcpip - ok
    16:20:50.0109 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:20:50.0171 3812 TDPIPE - ok
    16:20:50.0500 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:20:50.0515 3812 TDTCP - ok
    16:20:50.0609 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:20:50.0671 3812 TermDD - ok
    16:20:50.0781 3812 TosIde - ok
    16:20:50.0906 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:20:50.0937 3812 Udfs - ok
    16:20:51.0015 3812 ultra - ok
    16:20:51.0156 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:20:51.0468 3812 Update - ok
    16:20:51.0796 3812 upperdev - ok
    16:20:52.0171 3812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    16:20:52.0390 3812 USBAAPL - ok
    16:20:52.0656 3812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    16:20:52.0703 3812 usbaudio - ok
    16:20:52.0781 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:20:52.0890 3812 usbccgp - ok
    16:20:53.0078 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:20:53.0171 3812 usbehci - ok
    16:20:53.0296 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:20:53.0343 3812 usbhub - ok
    16:20:53.0765 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:20:53.0828 3812 usbprint - ok
    16:20:54.0015 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:20:54.0109 3812 usbscan - ok
    16:20:54.0281 3812 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:20:54.0328 3812 usbstor - ok
    16:20:54.0765 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:20:54.0781 3812 usbuhci - ok
    16:20:55.0046 3812 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    16:20:55.0171 3812 usbvideo - ok
    16:20:55.0484 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:20:55.0546 3812 VgaSave - ok
    16:20:55.0687 3812 ViaIde - ok
    16:20:55.0765 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:20:55.0812 3812 VolSnap - ok
    16:20:55.0984 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:20:56.0093 3812 Wanarp - ok
    16:20:56.0312 3812 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    16:20:56.0484 3812 Wdf01000 - ok
    16:20:56.0609 3812 WDICA - ok
    16:20:56.0781 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:20:56.0828 3812 wdmaud - ok
    16:20:57.0187 3812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    16:20:57.0203 3812 WpdUsb - ok
    16:20:57.0312 3812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:20:57.0328 3812 WSTCODEC - ok
    16:20:57.0531 3812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:20:57.0578 3812 WudfPf - ok
    16:20:57.0750 3812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:20:57.0796 3812 WudfRd - ok
    16:20:57.0953 3812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    16:20:58.0875 3812 \Device\Harddisk0\DR0 - ok
    16:20:58.0906 3812 Boot (0x1200) (e25159a6f1fd34497ac1785a1f890ce1) \Device\Harddisk0\DR0\Partition0
    16:20:58.0921 3812 \Device\Harddisk0\DR0\Partition0 - ok
    16:20:58.0968 3812 Boot (0x1200) (2261731dd88ba5a627d706fa0c7bc8e7) \Device\Harddisk0\DR0\Partition1
    16:20:58.0968 3812 \Device\Harddisk0\DR0\Partition1 - ok
    16:20:58.0968 3812 ============================================================
    16:20:58.0968 3812 Scan finished
    16:20:58.0968 3812 ============================================================
    16:20:59.0031 1872 Detected object count: 2
    16:20:59.0031 1872 Actual detected object count: 2
    16:21:50.0718 1872 HKLM\SYSTEM\ControlSet001\services\8fd57e25 - will be deleted on reboot
    16:21:50.0734 1872 HKLM\SYSTEM\ControlSet003\services\8fd57e25 - will be deleted on reboot
    16:21:50.0765 1872 C:\WINDOWS\629069199:1881833946.exe - will be deleted on reboot
    16:21:50.0765 1872 8fd57e25 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
    16:21:51.0687 1872 Backup copy not found, trying to cure infected file..
    16:21:51.0953 1872 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys - Cure failed (FFFFFFFF)
    16:21:51.0953 1872 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys - processing error
    16:21:51.0953 1872 ctxusbm ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
    16:22:12.0187 2176 Deinitialize success
     
  13. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Hey Broni,

    My Avira is finding maleware like all the time. I've been only closing the notification window without removing them because I wasn't requested to do so. Should I keep doing that or should I click remove?

    Many thanks Broni,,,
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You can allow Avira remove anything it wants.

    Please re-run TDSSKiller one more time.

    Then.....

    Lets run the following tool. This will help determine which files need permissions restored.

    Please download and save Junction.zip

    Unzip it and place Junction.exe in the Windows directory (C:\Windows).
    Go to Start>Run (Vista and Windows 7 users use "Start search" box).
    Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system.
    Wait until a log file opens.
    Copy and paste the log in your next reply.
     
  15. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Here's the new TDSSKiller log:

    20:40:56.0765 2304 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
    20:40:58.0781 2304 ============================================================
    20:40:58.0781 2304 Current date / time: 2011/11/11 20:40:58.0781
    20:40:58.0781 2304 SystemInfo:
    20:40:58.0781 2304
    20:40:58.0781 2304 OS Version: 5.1.2600 ServicePack: 3.0
    20:40:58.0781 2304 Product type: Workstation
    20:40:58.0781 2304 ComputerName: YOUR-S8SUI3P2KW
    20:40:58.0781 2304 UserName: Mohammed
    20:40:58.0781 2304 Windows directory: C:\WINDOWS
    20:40:58.0781 2304 System windows directory: C:\WINDOWS
    20:40:58.0781 2304 Processor architecture: Intel x86
    20:40:58.0781 2304 Number of processors: 2
    20:40:58.0781 2304 Page size: 0x1000
    20:40:58.0781 2304 Boot type: Normal boot
    20:40:58.0781 2304 ============================================================
    20:41:01.0328 2304 Initialize success
    20:41:49.0000 2760 ============================================================
    20:41:49.0000 2760 Scan started
    20:41:49.0000 2760 Mode: Manual;
    20:41:49.0000 2760 ============================================================
    20:41:50.0890 2760 Abiosdsk - ok
    20:41:51.0078 2760 abp480n5 - ok
    20:41:51.0156 2760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:41:51.0218 2760 ACPI - ok
    20:41:51.0250 2760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    20:41:51.0296 2760 ACPIEC - ok
    20:41:51.0328 2760 adpu160m - ok
    20:41:51.0406 2760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:41:51.0500 2760 aec - ok
    20:41:51.0578 2760 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:41:51.0593 2760 AFD - ok
    20:41:51.0609 2760 Aha154x - ok
    20:41:51.0625 2760 aic78u2 - ok
    20:41:51.0656 2760 aic78xx - ok
    20:41:51.0703 2760 AliIde - ok
    20:41:51.0718 2760 amsint - ok
    20:41:51.0843 2760 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    20:41:52.0015 2760 AR5211 - ok
    20:41:52.0109 2760 asc - ok
    20:41:52.0140 2760 asc3350p - ok
    20:41:52.0171 2760 asc3550 - ok
    20:41:52.0296 2760 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
    20:41:52.0359 2760 AsusACPI - ok
    20:41:52.0421 2760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:41:52.0468 2760 AsyncMac - ok
    20:41:52.0531 2760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:41:52.0546 2760 atapi - ok
    20:41:52.0562 2760 Atdisk - ok
    20:41:52.0593 2760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:41:52.0656 2760 Atmarpc - ok
    20:41:52.0718 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:41:52.0750 2760 audstub - ok
    20:41:52.0796 2760 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    20:41:52.0843 2760 avgntflt - ok
    20:41:52.0890 2760 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    20:41:52.0953 2760 avipbb - ok
    20:41:52.0984 2760 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    20:41:53.0046 2760 avkmgr - ok
    20:41:53.0109 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:41:53.0140 2760 Beep - ok
    20:41:53.0328 2760 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
    20:41:53.0437 2760 BHDrvx86 - ok
    20:41:53.0640 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:41:53.0671 2760 cbidf2k - ok
    20:41:53.0734 2760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:41:53.0796 2760 CCDECODE - ok
    20:41:53.0812 2760 cd20xrnt - ok
    20:41:53.0875 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:41:53.0906 2760 Cdaudio - ok
    20:41:53.0937 2760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:41:53.0984 2760 Cdfs - ok
    20:41:54.0062 2760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:41:54.0109 2760 Cdrom - ok
    20:41:54.0140 2760 Changer - ok
    20:41:54.0218 2760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    20:41:54.0234 2760 CmBatt - ok
    20:41:54.0265 2760 CmdIde - ok
    20:41:54.0312 2760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    20:41:54.0312 2760 Compbatt - ok
    20:41:54.0359 2760 Cpqarray - ok
    20:41:54.0390 2760 dac2w2k - ok
    20:41:54.0406 2760 dac960nt - ok
    20:41:54.0437 2760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:41:54.0484 2760 Disk - ok
    20:41:54.0578 2760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:41:54.0687 2760 dmboot - ok
    20:41:54.0750 2760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:41:54.0796 2760 dmio - ok
    20:41:54.0828 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:41:54.0859 2760 dmload - ok
    20:41:54.0921 2760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:41:54.0953 2760 DMusic - ok
    20:41:54.0984 2760 dpti2o - ok
    20:41:55.0046 2760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:41:55.0078 2760 drmkaud - ok
    20:41:55.0203 2760 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    20:41:55.0296 2760 eeCtrl - ok
    20:41:55.0343 2760 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    20:41:55.0390 2760 EraserUtilRebootDrv - ok
    20:41:55.0546 2760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:41:55.0609 2760 Fastfat - ok
    20:41:55.0687 2760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    20:41:55.0734 2760 Fdc - ok
    20:41:55.0781 2760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:41:55.0812 2760 Fips - ok
    20:41:55.0843 2760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:41:55.0875 2760 Flpydisk - ok
    20:41:55.0937 2760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    20:41:55.0984 2760 FltMgr - ok
    20:41:56.0031 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:41:56.0078 2760 Fs_Rec - ok
    20:41:56.0109 2760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:41:56.0140 2760 Ftdisk - ok
    20:41:56.0187 2760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:41:56.0250 2760 GEARAspiWDM - ok
    20:41:56.0296 2760 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
    20:41:56.0328 2760 ggflt - ok
    20:41:56.0484 2760 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
    20:41:56.0578 2760 ggsemc - ok
    20:41:56.0640 2760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:41:56.0703 2760 Gpc - ok
    20:41:56.0765 2760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:41:56.0812 2760 HDAudBus - ok
    20:41:56.0890 2760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:41:56.0921 2760 HidUsb - ok
    20:41:56.0953 2760 hpn - ok
    20:41:57.0078 2760 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:41:57.0125 2760 HPZius12 - ok
    20:41:57.0187 2760 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
    20:41:57.0234 2760 HssDrv - ok
    20:41:57.0328 2760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:41:57.0343 2760 HTTP - ok
    20:41:57.0359 2760 i2omgmt - ok
    20:41:57.0390 2760 i2omp - ok
    20:41:57.0453 2760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:41:57.0515 2760 i8042prt - ok
    20:41:57.0656 2760 ialm (148759f6e22d2ca3dbac3c68b18f69fe) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    20:41:58.0000 2760 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: 148759f6e22d2ca3dbac3c68b18f69fe, Fake md5: 0f68e2ec713f132ffb19e45415b09679
    20:41:58.0031 2760 ialm ( ForgedFile.Multi.Generic ) - warning
    20:41:58.0031 2760 ialm - detected ForgedFile.Multi.Generic (1)
    20:41:58.0281 2760 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110922.030\IDSxpx86.sys
    20:41:58.0359 2760 IDSxpx86 - ok
    20:41:58.0468 2760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:41:58.0515 2760 Imapi - ok
    20:41:58.0578 2760 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
    20:41:58.0640 2760 InCDfs - ok
    20:41:58.0671 2760 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
    20:41:58.0718 2760 InCDPass - ok
    20:41:58.0750 2760 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
    20:41:58.0796 2760 InCDrec - ok
    20:41:58.0843 2760 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
    20:41:58.0875 2760 incdrm - ok
    20:41:58.0921 2760 ini910u - ok
    20:41:59.0031 2760 IntcAzAudAddService (cadb04b4b10027f1506ec32b03f5d686) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    20:41:59.0171 2760 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: cadb04b4b10027f1506ec32b03f5d686, Fake md5: c73a4a48fbb3d00c7dbc6fe4f5e3675f
    20:41:59.0203 2760 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
    20:41:59.0203 2760 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
    20:41:59.0218 2760 IntelIde - ok
    20:41:59.0265 2760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:41:59.0281 2760 intelppm - ok
    20:41:59.0312 2760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    20:41:59.0343 2760 Ip6Fw - ok
    20:41:59.0359 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:41:59.0375 2760 IpFilterDriver - ok
    20:41:59.0390 2760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:41:59.0406 2760 IpInIp - ok
    20:41:59.0437 2760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:41:59.0484 2760 IpNat - ok
    20:41:59.0531 2760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:41:59.0562 2760 IPSec - ok
    20:41:59.0625 2760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:41:59.0656 2760 IRENUM - ok
    20:41:59.0718 2760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:41:59.0750 2760 isapnp - ok
    20:41:59.0812 2760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:41:59.0843 2760 Kbdclass - ok
    20:41:59.0890 2760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:41:59.0937 2760 kbdhid - ok
    20:41:59.0984 2760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:42:00.0000 2760 kmixer - ok
    20:42:00.0062 2760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:42:00.0062 2760 KSecDD - ok
    20:42:00.0093 2760 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
    20:42:00.0140 2760 Ktp - ok
    20:42:00.0187 2760 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    20:42:00.0234 2760 L1e - ok
    20:42:00.0265 2760 lbrtfdc - ok
    20:42:00.0359 2760 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
    20:42:00.0390 2760 ManyCam - ok
    20:42:00.0468 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:42:00.0500 2760 mnmdd - ok
    20:42:00.0546 2760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:42:00.0578 2760 Modem - ok
    20:42:00.0640 2760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:42:00.0671 2760 Mouclass - ok
    20:42:00.0718 2760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:42:00.0750 2760 mouhid - ok
    20:42:00.0796 2760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:42:00.0828 2760 MountMgr - ok
    20:42:00.0843 2760 mraid35x - ok
    20:42:00.0906 2760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:42:00.0968 2760 MRxDAV - ok
    20:42:01.0203 2760 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:42:01.0250 2760 MRxSmb - ok
    20:42:01.0312 2760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:42:01.0343 2760 Msfs - ok
    20:42:01.0406 2760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:42:01.0437 2760 MSKSSRV - ok
    20:42:01.0453 2760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:42:01.0484 2760 MSPCLOCK - ok
    20:42:01.0531 2760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:42:01.0562 2760 MSPQM - ok
    20:42:01.0609 2760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:42:01.0640 2760 mssmbios - ok
    20:42:01.0656 2760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    20:42:01.0687 2760 MSTEE - ok
    20:42:01.0750 2760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:42:01.0765 2760 Mup - ok
    20:42:01.0781 2760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:42:01.0828 2760 NABTSFEC - ok
    20:42:01.0984 2760 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVENG.SYS
    20:42:02.0046 2760 NAVENG - ok
    20:42:02.0140 2760 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVEX15.SYS
    20:42:02.0328 2760 NAVEX15 - ok
    20:42:02.0500 2760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:42:02.0578 2760 NDIS - ok
    20:42:02.0625 2760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:42:02.0656 2760 NdisIP - ok
    20:42:02.0703 2760 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:42:02.0703 2760 NdisTapi - ok
    20:42:02.0765 2760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:42:02.0796 2760 Ndisuio - ok
    20:42:02.0812 2760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:42:02.0843 2760 NdisWan - ok
    20:42:02.0906 2760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:42:02.0906 2760 NDProxy - ok
    20:42:02.0953 2760 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    20:42:02.0984 2760 Netaapl - ok
    20:42:03.0046 2760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:42:03.0109 2760 NetBIOS - ok
    20:42:03.0187 2760 nmwcdnsu - ok
    20:42:03.0218 2760 nmwcdnsuc - ok
    20:42:03.0234 2760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:42:03.0250 2760 Npfs - ok
    20:42:03.0328 2760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:42:03.0359 2760 Ntfs - ok
    20:42:03.0437 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:42:03.0453 2760 Null - ok
    20:42:03.0515 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:42:03.0546 2760 NwlnkFlt - ok
    20:42:03.0562 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:42:03.0578 2760 NwlnkFwd - ok
    20:42:03.0640 2760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    20:42:03.0656 2760 Parport - ok
    20:42:03.0718 2760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:42:03.0750 2760 PartMgr - ok
    20:42:03.0781 2760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:42:03.0812 2760 ParVdm - ok
    20:42:03.0859 2760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:42:03.0890 2760 PCI - ok
    20:42:03.0921 2760 PCIDump - ok
    20:42:03.0937 2760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:42:03.0968 2760 PCIIde - ok
    20:42:04.0015 2760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:42:04.0078 2760 Pcmcia - ok
    20:42:04.0093 2760 PDCOMP - ok
    20:42:04.0125 2760 PDFRAME - ok
    20:42:04.0140 2760 PDRELI - ok
    20:42:04.0171 2760 PDRFRAME - ok
    20:42:04.0187 2760 perc2 - ok
    20:42:04.0218 2760 perc2hib - ok
    20:42:04.0312 2760 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    20:42:04.0359 2760 pnarp - ok
    20:42:04.0406 2760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:42:04.0437 2760 PptpMiniport - ok
    20:42:04.0453 2760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:42:04.0484 2760 PSched - ok
    20:42:04.0500 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:42:04.0531 2760 Ptilink - ok
    20:42:04.0593 2760 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
    20:42:04.0640 2760 purendis - ok
    20:42:04.0687 2760 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:42:04.0718 2760 PxHelp20 - ok
    20:42:04.0734 2760 ql1080 - ok
    20:42:04.0750 2760 Ql10wnt - ok
    20:42:04.0781 2760 ql12160 - ok
    20:42:04.0796 2760 ql1240 - ok
    20:42:04.0812 2760 ql1280 - ok
    20:42:04.0859 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:42:04.0906 2760 RasAcd - ok
    20:42:04.0937 2760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:42:04.0984 2760 Rasl2tp - ok
    20:42:05.0015 2760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:42:05.0062 2760 RasPppoe - ok
    20:42:05.0109 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:42:05.0156 2760 Raspti - ok
    20:42:05.0218 2760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:42:05.0281 2760 Rdbss - ok
    20:42:05.0328 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:42:05.0359 2760 RDPCDD - ok
    20:42:05.0437 2760 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:42:05.0453 2760 RDPWD - ok
    20:42:05.0531 2760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:42:05.0562 2760 redbook - ok
    20:42:05.0671 2760 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
    20:42:05.0796 2760 RT80x86 - ok
    20:42:05.0843 2760 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
    20:42:05.0890 2760 s1018bus - ok
    20:42:05.0937 2760 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
    20:42:05.0984 2760 s1018mdfl - ok
    20:42:06.0015 2760 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
    20:42:06.0062 2760 s1018mdm - ok
    20:42:06.0109 2760 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
    20:42:06.0171 2760 s1018mgmt - ok
    20:42:06.0203 2760 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
    20:42:06.0250 2760 s1018nd5 - ok
    20:42:06.0281 2760 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
    20:42:06.0312 2760 s1018obex - ok
    20:42:06.0375 2760 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
    20:42:06.0421 2760 s1018unic - ok
    20:42:06.0500 2760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:42:06.0531 2760 Secdrv - ok
    20:42:06.0593 2760 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
    20:42:06.0640 2760 seehcri - ok
    20:42:06.0703 2760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    20:42:06.0750 2760 Serial - ok
    20:42:06.0812 2760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:42:06.0843 2760 Sfloppy - ok
    20:42:06.0906 2760 Simbad - ok
    20:42:06.0968 2760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:42:07.0000 2760 SLIP - ok
    20:42:07.0062 2760 Sparrow - ok
    20:42:07.0140 2760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:42:07.0171 2760 splitter - ok
    20:42:07.0250 2760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:42:07.0312 2760 sr - ok
    20:42:07.0437 2760 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
    20:42:07.0562 2760 SRTSP - ok
    20:42:07.0656 2760 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
    20:42:07.0703 2760 SRTSPX - ok
    20:42:07.0781 2760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:42:07.0796 2760 Srv - ok
    20:42:07.0875 2760 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    20:42:07.0906 2760 ssmdrv - ok
    20:42:07.0984 2760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:42:08.0031 2760 streamip - ok
    20:42:08.0171 2760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:42:08.0218 2760 swenum - ok
    20:42:08.0296 2760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:42:08.0328 2760 swmidi - ok
    20:42:08.0359 2760 symc810 - ok
    20:42:08.0390 2760 symc8xx - ok
    20:42:08.0500 2760 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
    20:42:08.0578 2760 SymDS - ok
    20:42:08.0718 2760 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
    20:42:08.0843 2760 SymEFA - ok
    20:42:08.0906 2760 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    20:42:08.0921 2760 SymEvent - ok
    20:42:09.0000 2760 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
    20:42:09.0046 2760 SymIRON - ok
    20:42:09.0109 2760 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
    20:42:09.0171 2760 SYMTDI - ok
    20:42:09.0187 2760 sym_hi - ok
    20:42:09.0218 2760 sym_u3 - ok
    20:42:09.0265 2760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:42:09.0312 2760 sysaudio - ok
    20:42:09.0359 2760 tap0801 (f6587c800ce0ad14e755c4605febf3f9) C:\WINDOWS\system32\DRIVERS\tap0801.sys
    20:42:09.0406 2760 tap0801 - ok
    20:42:09.0468 2760 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
    20:42:09.0484 2760 taphss - ok
    20:42:09.0562 2760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:42:09.0578 2760 Tcpip - ok
    20:42:09.0625 2760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:42:09.0671 2760 TDPIPE - ok
    20:42:09.0687 2760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:42:09.0718 2760 TDTCP - ok
    20:42:09.0750 2760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:42:09.0796 2760 TermDD - ok
    20:42:09.0843 2760 TosIde - ok
    20:42:09.0906 2760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:42:09.0953 2760 Udfs - ok
    20:42:09.0968 2760 ultra - ok
    20:42:10.0046 2760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:42:10.0312 2760 Update - ok
    20:42:10.0343 2760 upperdev - ok
    20:42:10.0421 2760 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:42:10.0468 2760 USBAAPL - ok
    20:42:10.0531 2760 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:42:10.0562 2760 usbaudio - ok
    20:42:10.0609 2760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:42:10.0656 2760 usbccgp - ok
    20:42:10.0718 2760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:42:10.0750 2760 usbehci - ok
    20:42:10.0796 2760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:42:10.0843 2760 usbhub - ok
    20:42:10.0906 2760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:42:10.0953 2760 usbprint - ok
    20:42:10.0984 2760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:42:11.0031 2760 usbscan - ok
    20:42:11.0093 2760 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:42:11.0140 2760 usbstor - ok
    20:42:11.0203 2760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:42:11.0234 2760 usbuhci - ok
    20:42:11.0281 2760 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    20:42:11.0328 2760 usbvideo - ok
    20:42:11.0359 2760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:42:11.0390 2760 VgaSave - ok
    20:42:11.0406 2760 ViaIde - ok
    20:42:11.0468 2760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:42:11.0515 2760 VolSnap - ok
    20:42:11.0593 2760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:42:11.0625 2760 Wanarp - ok
    20:42:11.0703 2760 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    20:42:11.0781 2760 Wdf01000 - ok
    20:42:11.0796 2760 WDICA - ok
    20:42:11.0875 2760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:42:11.0906 2760 wdmaud - ok
    20:42:12.0187 2760 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    20:42:12.0218 2760 WpdUsb - ok
    20:42:12.0296 2760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:42:12.0328 2760 WSTCODEC - ok
    20:42:12.0390 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:42:12.0437 2760 WudfPf - ok
    20:42:12.0468 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:42:12.0515 2760 WudfRd - ok
    20:42:12.0625 2760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    20:42:12.0812 2760 \Device\Harddisk0\DR0 - ok
    20:42:12.0812 2760 Boot (0x1200) (e25159a6f1fd34497ac1785a1f890ce1) \Device\Harddisk0\DR0\Partition0
    20:42:12.0812 2760 \Device\Harddisk0\DR0\Partition0 - ok
    20:42:12.0859 2760 Boot (0x1200) (2261731dd88ba5a627d706fa0c7bc8e7) \Device\Harddisk0\DR0\Partition1
    20:42:12.0859 2760 \Device\Harddisk0\DR0\Partition1 - ok
    20:42:12.0859 2760 ============================================================
    20:42:12.0859 2760 Scan finished
    20:42:12.0859 2760 ============================================================
    20:42:12.0890 3156 Detected object count: 2
    20:42:12.0890 3156 Actual detected object count: 2
    20:42:36.0281 3156 ialm ( ForgedFile.Multi.Generic ) - skipped by user
    20:42:36.0281 3156 ialm ( ForgedFile.Multi.Generic ) - User select action: Skip
    20:42:36.0296 3156 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
    20:42:36.0296 3156 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
    20:42:46.0500 2024 Deinitialize success
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on.......
     
  17. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    I closed the command window like two times thinking the scan hasn't started. Now, I finally got this log:


    Junction v1.06 - Windows junction creator and reparse point viewer
    Copyright (C) 2000-2010 Mark Russinovich
    Sysinternals - www.sysinternals.com


    Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



    Failed to open \\?\c:\\System Volume Information: Access is denied.


    .
    Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp: Access is denied.


    ..

    .
    Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.


    ..

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...


    Failed to open \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...
    Failed to open \\?\c:\\Program Files\Common Files\Real\Update_OB\realsched.exe: Access is denied.




    ...

    ...

    ...


    Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    .
    Failed to open \\?\c:\\WINDOWS\$NtUninstallKB3599$: Access is denied.


    ..

    ...

    ..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
    Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
    Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

    \\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
    Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
    Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

    .

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ..
    Failed to open \\?\c:\\WINDOWS\system32\igfxsrvc.exe: Access is denied.


    .

    ...

    ...


    Failed to open \\?\c:\\WINDOWS\system32\drivers\netbt.sys: Access is denied.


    ...

    ..
     
  18. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Should I have disabled Avira ??
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download GrantPerms.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
    Copy and paste the following in the edit box:

    Code:
    c:\\System Volume Information
    c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp
    c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine
    c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp
    c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
    c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
    c:\\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    c:\\WINDOWS\$NtUninstallKB3599$
    c:\\WINDOWS\system32\igfxsrvc.exe
    c:\\WINDOWS\system32\drivers\netbt.sys
    
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.
     
  20. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Sorry, how can I tell if I have a 32-bit or a 64-bit system?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You have 32-bit system.
     
  22. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    lol thank you so much Broni,

    I'll be back later on with the log
     
  23. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    GrantPerms by Farbar
    Ran by Mohammed (administrator) at 2011-11-11 23:04:54

    ===============================================
    \\?\c:\\System Volume Information

    Owner: BUILTIN\Administrators

    DACL(NP)(AI):
    BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
    CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
    BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
    BUILTIN\Users ADD FILE ALLOW (CI)(I)


    ERROR: Parsing the SD of <\\?\c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp> failed with: Access is denied.


    Operating system error message: Access is denied.
    \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine

    Owner: YOUR-S8SUI3P2KW\Mohammed

    DACL(P)(AI):
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)


    \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp

    Owner: BUILTIN\Administrators

    DACL((NP)):
    \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Program Files\Common Files\Real\Update_OB\realsched.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\WINDOWS\$NtUninstallKB3599$

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (CI)(OI)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


    \\?\c:\\WINDOWS\system32\igfxsrvc.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    ERROR: Parsing the SD of <\\?\c:\\WINDOWS\system32\drivers\netbt.sys> failed with: Access is denied.


    Operating system error message: Access is denied.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  25. MMSCOM

    MMSCOM TS Rookie Topic Starter Posts: 17

    Broni,

    I can't get my laptop to connect to my wifi! It's stuck at "acquiring network address". I hope this isn't caused by the viruses and malwares that I got :S

    I researched the problem and tried many things but non seem to work. I deleted the wifi profile, I changed the SSID, and I tried reseting the authentication to "open". None of these methods worked. I'll keep trying. If you have some ideas, please ket me know.

    Thanks a lot,,
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...