Inactive AV softwares disabled and Google links redirected

Status
Not open for further replies.
M

MMSCOM

Posts: 17   +0
Hi all,

A few weeks back my Norton Anti-virus expired and stooped working a week after that. Now when I click on any link from google search results, th browser takes my to some junk site. After few refreshes I can get to the real site. Also, the browser (both firefox and IE) sometimes won't open any link until I restart my PC. I installed malwarebytes and unkackme but they stop responding after the first run and I get a message saying "Windows cannot access the specified device... you may not have the appropriate permission to access".

I used the Norton Recovery Tool with a USB to do a system boot scan and Norton was able to find and resolve four Trojans, but the problem is not solved at all.

I found many threads of the same issue but it seems complicated and requires users to provide individual logs, so that's why I'm opening a new tread.

I appreciate your time and help!
 
I'm running a Windows XP btw and still have "Unkackme" installed. Also, I still have my Norton Anti-virus which is not working, but I didn't delete it cause I don't have the installation file.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni,

Thanks for the quick reply.

As part of step 2, and while doing the Malwarbytes quick scan, Malwarbytes crashed and I got an Avira notification of a "Malware found". The file name is 629069199:1881833946.exe.
Should I hit "remove" now?

Also, Malwarbytes doesn't open now, and get the old message "Windows cannot access the specified device... you may not have the appropriate permission to access". What should I do from here?

I really appreciate your help!
 
Gmer

gmer log

MER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-07 14:40:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: 4yrt8dod.exe; Driver: C:\DOCUME~1\Mohammed\LOCALS~1\Temp\kxayipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:1244] F69AE3E0
Thread System [4:1248] F69AE3E0
Thread System [4:1252] 85C24875
Thread System [4:1256] 85C24875

---- EOF - GMER 1.0.15 ----
 
DDS Log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by Mohammed at 15:00:35 on 2011-11-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.501 [GMT 3:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\629069199:1881833946.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 119.2.41.33:8080
uInternet Settings,ProxyOverride = local;*.local
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\mohammed\local settings\application data\8fd57e25\X
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Azureus] c:\program files\vuze\Azureus.exe
uRun: [mukll1wl7i] c:\documents and settings\mohammed\mukll1wl7i.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{2D1566C2-C51D-4706-BDC4-8110E955BB36} : DhcpNameServer = 10.64.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mohammed\application data\mozilla\firefox\profiles\10pxbx0k.default\
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\mohammed\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - plugin: c:\documents and settings\mohammed\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mohammed\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mohammed\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\mohammed\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\mohammed\application data\idm\idmmzcc3
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-10 744568]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-4 36000]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-9 816760]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-10 136312]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-4 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-4 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-4 74640]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-6-3 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110922.030\IDSXpx86.sys [2011-9-23 356280]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-8-23 27632]
S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S2 NAV;Norton AntiVirus;d:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-23 13224]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110923.002\NAVENG.SYS [2011-9-23 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110923.002\NAVEX15.SYS [2011-9-23 1576312]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-9-28 18432]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-12 625024]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-23 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-23 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-23 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-23 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-23 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-23 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-23 109864]
S3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [2007-10-12 55808]
.
=============== Created Last 30 ================
.
2011-11-06 06:21:47 -------- d-----w- c:\documents and settings\all users\application data\hssff
2011-11-06 06:20:58 -------- d-----w- C:\Hotspot Shield
2011-11-06 06:20:10 729088 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-11-04 11:01:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-04 11:00:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 11:00:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 10:54:31 -------- d-----w- c:\windows\system32\NtmsData
2011-11-04 10:41:39 -------- d-----w- c:\documents and settings\mohammed\application data\Avira
2011-11-04 10:35:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-04 10:35:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-04 10:34:57 -------- d-----w- c:\program files\Avira
2011-11-04 10:34:57 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-03 22:45:02 76546048 --sha-w- C:\NBRTPage.sys
2011-11-03 15:35:32 17408 ----a-w- c:\documents and settings\mohammed\mukll1wl7i.exe
2011-11-03 15:34:51 17408 ----a-w- c:\program files\mozilla firefox\0.19023848371355623.exe
2011-11-02 21:05:20 2 --shatr- c:\windows\winstart.bat
2011-11-02 21:05:13 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-11-02 21:05:07 -------- d-----w- c:\program files\UnHackMe
2011-11-01 13:56:22 -------- d-----w- c:\documents and settings\mohammed\application data\Malwarebytes
2011-11-01 13:56:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-18 16:10:28 -------- d-sh--w- c:\documents and settings\mohammed\IECompatCache
2011-10-17 20:24:14 -------- d-sh--w- c:\documents and settings\mohammed\local settings\application data\8fd57e25
2011-10-17 20:05:36 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-17 20:05:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-17 20:05:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-17 20:05:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-10-17 20:05:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-10-17 20:05:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-17 19:56:23 -------- d-----w- c:\windows\ie8updates
2011-10-16 22:09:08 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-10-16 22:08:41 -------- d-----w- c:\documents and settings\mohammed\local settings\application data\Citrix
2011-10-16 22:08:41 -------- d-----w- c:\documents and settings\mohammed\application data\ICAClient
2011-10-16 22:08:26 -------- d-----w- c:\program files\Citrix
2011-10-16 22:01:21 -------- d-sh--w- c:\documents and settings\mohammed\PrivacIE
2011-10-16 21:58:21 -------- d-sh--w- c:\documents and settings\mohammed\IETldCache
2011-10-16 21:11:52 -------- dc-h--w- c:\windows\ie8
.
==================== Find3M ====================
.
2011-11-01 13:55:11 120 ----a-w- c:\windows\system32\bn.dll
2011-09-26 08:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 08:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.
============= FINISH: 15:02:09.32 ===============
 
DDS- Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2009 10:33:25 PM
System Uptime: 11/7/2011 2:47:13 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 30.732 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 20.711 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP230: 8/14/2011 9:33:28 AM - System Checkpoint
RP231: 8/15/2011 9:49:52 AM - System Checkpoint
RP232: 8/17/2011 10:10:20 PM - System Checkpoint
RP233: 8/19/2011 11:01:17 AM - System Checkpoint
RP234: 8/20/2011 8:15:22 PM - System Checkpoint
RP235: 8/22/2011 6:14:01 AM - System Checkpoint
RP236: 8/26/2011 12:21:58 PM - System Checkpoint
RP237: 8/27/2011 1:41:39 PM - System Checkpoint
RP238: 8/28/2011 3:26:18 PM - System Checkpoint
RP239: 8/29/2011 4:25:40 PM - System Checkpoint
RP240: 8/30/2011 5:11:21 PM - System Checkpoint
RP241: 9/3/2011 1:48:19 PM - System Checkpoint
RP242: 9/5/2011 1:00:20 PM - System Checkpoint
RP243: 9/16/2011 7:47:41 AM - System Checkpoint
RP244: 9/18/2011 4:15:44 AM - System Checkpoint
RP245: 9/19/2011 4:19:41 AM - System Checkpoint
RP246: 9/24/2011 3:02:07 AM - Software Distribution Service 3.0
RP247: 9/27/2011 3:22:40 AM - Software Distribution Service 3.0
RP248: 9/28/2011 10:41:51 AM - System Checkpoint
RP249: 9/29/2011 3:00:24 AM - Software Distribution Service 3.0
RP250: 9/30/2011 8:02:04 AM - System Checkpoint
RP251: 10/14/2011 1:29:34 PM - Software Distribution Service 3.0
RP252: 10/17/2011 12:14:36 AM - Installed Windows Internet Explorer 8.
RP253: 10/17/2011 10:24:52 PM - Software Distribution Service 3.0
RP254: 10/17/2011 10:55:27 PM - Software Distribution Service 3.0
RP255: 10/17/2011 11:07:55 PM - Software Distribution Service 3.0
RP256: 10/20/2011 2:19:33 AM - Software Distribution Service 3.0
RP257: 10/21/2011 4:27:15 PM - System Checkpoint
RP258: 10/27/2011 8:18:00 AM - System Checkpoint
RP259: 10/28/2011 8:23:07 AM - System Checkpoint
RP260: 10/29/2011 6:33:49 PM - System Checkpoint
RP261: 10/31/2011 1:40:31 AM - System Checkpoint
RP262: 11/1/2011 7:51:51 PM - System Checkpoint
RP263: 11/3/2011 12:07:42 AM - RegRun Virus Scan
RP264: 11/3/2011 12:12:48 AM - Restore Operation
RP265: 11/3/2011 12:57:09 AM - Restore Operation
RP266: 11/4/2011 2:41:07 PM - System Checkpoint
RP267: 11/6/2011 8:50:30 AM - Software Distribution Service 3.0
RP268: 11/7/2011 3:29:14 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
Amazon Kindle
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Avanquest update
Avira Free Antivirus
Azurewave Wireless LAN
Bonjour
Chinese Traditional Fonts Support For Adobe Reader 8
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Disc2Phone
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
doPDF 7.1 printer
Dropbox
Eee Instant Key
Eee Storage
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
Facebook Desktop
Facebook Plug-In
FLV Player 2.0 (build 25)
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Hotspot Shield 2.04
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
InterVideo Register Manager
InterVideo WinDVD
iPhone Explorer 2.1.2.2
iTunes
Java(TM) 6 Update 14
JonDo
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
LightScribe System Software 1.10.27.1
Malwarebytes' Anti-Malware version 1.51.2.1300
ManyCam 2.4 (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mobile Mouse Server
MobileMe Control Panel
Mobipocket Creator 4.2
Mozilla Firefox (3.6.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Network Magic
Norton AntiVirus
Norton Bootable Recovery Tool Wizard
Pure Networks Platform
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SecureW2 TTLS Client 3.3.3 for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 3.6
Sony Ericsson PC Suite 6.009.00
Super Hybrid Engine
TeamViewer 5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.0
Vuze
Vuze Toolbar
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/7/2011 3:27:59 AM, error: Service Control Manager [7022] - The WebClient service hung on starting.
11/7/2011 2:38:42 PM, error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028e5f&0&00E3) disappeared from the system without first being prepared for removal.
11/6/2011 9:12:18 AM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 9:11:59 AM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 8:48:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/6/2011 8:48:57 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/6/2011 8:48:55 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/3/2011 6:23:42 PM, error: Service Control Manager [7000] - The ASKService service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 6:18:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The Norton AntiVirus service failed to start due to the following error: Access is denied.
11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The InCD Helper service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 6:10:59 PM, error: Service Control Manager [7000] - The ASKUpgrade service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 12:33:48 AM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
11/3/2011 12:03:51 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
11/2/2011 11:28:20 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
11/1/2011 10:47:05 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
.
==== End Of File ===========================
 
Broni,

As I said before, Malwarebytes wasn't able to run so I don't have a log for it. I looked at the places where the instructions said the log will be saved, but there's nothing.

Thanks for your help again.
 
Please download DummyCreator.zip and unzip it.

  • Run the tool.
  • Copy and paste the following into the edit box:
C:\WINDOWS\629069199
  • Press Create button and post the content of the Result.txt.
Important: Restart the computer.

=================================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
DummyCreator by Farbar
Ran by Mohammed (administrator) on 09-11-2011 at 16:00:44
**************************************************************

C:\WINDOWS\629069199 [09-11-2011 16:00:44]

== End of log ==
 
16:19:47.0718 1004 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
16:19:49.0734 1004 ============================================================
16:19:49.0734 1004 Current date / time: 2011/11/09 16:19:49.0734
16:19:49.0734 1004 SystemInfo:
16:19:49.0734 1004
16:19:49.0734 1004 OS Version: 5.1.2600 ServicePack: 3.0
16:19:49.0734 1004 Product type: Workstation
16:19:49.0734 1004 ComputerName: YOUR-S8SUI3P2KW
16:19:49.0750 1004 UserName: Mohammed
16:19:49.0750 1004 Windows directory: C:\WINDOWS
16:19:49.0750 1004 System windows directory: C:\WINDOWS
16:19:49.0750 1004 Processor architecture: Intel x86
16:19:49.0750 1004 Number of processors: 2
16:19:49.0750 1004 Page size: 0x1000
16:19:49.0750 1004 Boot type: Normal boot
16:19:49.0750 1004 ============================================================
16:19:53.0562 1004 Initialize success
16:20:06.0328 3812 ============================================================
16:20:06.0328 3812 Scan started
16:20:06.0328 3812 Mode: Manual;
16:20:06.0328 3812 ============================================================
16:20:08.0562 3812 8fd57e25 ( Rootkit.Win32.PMax.gen ) - infected
16:20:08.0562 3812 8fd57e25 - detected Rootkit.Win32.PMax.gen (0)
16:20:08.0671 3812 Abiosdsk - ok
16:20:08.0687 3812 abp480n5 - ok
16:20:08.0781 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:20:08.0781 3812 ACPI - ok
16:20:08.0828 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:20:08.0843 3812 ACPIEC - ok
16:20:08.0906 3812 adpu160m - ok
16:20:08.0984 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:20:09.0015 3812 aec - ok
16:20:09.0078 3812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:20:09.0078 3812 AFD - ok
16:20:09.0093 3812 Aha154x - ok
16:20:09.0109 3812 aic78u2 - ok
16:20:09.0140 3812 aic78xx - ok
16:20:09.0171 3812 AliIde - ok
16:20:09.0203 3812 amsint - ok
16:20:09.0312 3812 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:20:09.0328 3812 AR5211 - ok
16:20:09.0531 3812 asc - ok
16:20:09.0562 3812 asc3350p - ok
16:20:09.0593 3812 asc3550 - ok
16:20:09.0703 3812 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
16:20:09.0750 3812 AsusACPI - ok
16:20:09.0812 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:20:09.0828 3812 AsyncMac - ok
16:20:09.0921 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:20:09.0921 3812 atapi - ok
16:20:09.0953 3812 Atdisk - ok
16:20:10.0000 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:20:10.0015 3812 Atmarpc - ok
16:20:10.0093 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:20:10.0125 3812 audstub - ok
16:20:10.0156 3812 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:20:10.0187 3812 avgntflt - ok
16:20:10.0218 3812 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:20:10.0250 3812 avipbb - ok
16:20:10.0281 3812 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:20:10.0296 3812 avkmgr - ok
16:20:10.0421 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:20:10.0468 3812 Beep - ok
16:20:10.0703 3812 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
16:20:11.0000 3812 BHDrvx86 - ok
16:20:11.0203 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:20:11.0250 3812 cbidf2k - ok
16:20:11.0328 3812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:20:11.0375 3812 CCDECODE - ok
16:20:11.0484 3812 cd20xrnt - ok
16:20:11.0593 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:20:11.0609 3812 Cdaudio - ok
16:20:11.0656 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:20:11.0718 3812 Cdfs - ok
16:20:11.0781 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:20:11.0828 3812 Cdrom - ok
16:20:11.0875 3812 Changer - ok
16:20:11.0937 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:20:11.0953 3812 CmBatt - ok
16:20:12.0000 3812 CmdIde - ok
16:20:12.0046 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:20:12.0062 3812 Compbatt - ok
16:20:12.0093 3812 Cpqarray - ok
16:20:12.0187 3812 ctxusbm (d34062fd4522facb44a73ffe2b3aaaed) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:20:12.0437 3812 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ctxusbm.sys. md5: d34062fd4522facb44a73ffe2b3aaaed
16:20:12.0437 3812 ctxusbm ( Rootkit.Win32.ZAccess.g ) - infected
16:20:12.0437 3812 ctxusbm - detected Rootkit.Win32.ZAccess.g (0)
16:20:12.0640 3812 dac2w2k - ok
16:20:12.0671 3812 dac960nt - ok
16:20:12.0875 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:20:13.0062 3812 Disk - ok
16:20:13.0390 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:20:13.0484 3812 dmboot - ok
16:20:13.0546 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:20:13.0578 3812 dmio - ok
16:20:13.0625 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:20:13.0656 3812 dmload - ok
16:20:13.0921 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:20:14.0062 3812 DMusic - ok
16:20:14.0437 3812 dpti2o - ok
16:20:14.0656 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:20:14.0687 3812 drmkaud - ok
16:20:14.0812 3812 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:20:14.0921 3812 eeCtrl - ok
16:20:15.0187 3812 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:20:15.0250 3812 EraserUtilRebootDrv - ok
16:20:15.0406 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:20:15.0515 3812 Fastfat - ok
16:20:15.0609 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:20:15.0625 3812 Fdc - ok
16:20:15.0703 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:20:15.0734 3812 Fips - ok
16:20:15.0781 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:20:15.0812 3812 Flpydisk - ok
16:20:15.0843 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:20:15.0890 3812 FltMgr - ok
16:20:15.0921 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:20:15.0953 3812 Fs_Rec - ok
16:20:16.0015 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:20:16.0062 3812 Ftdisk - ok
16:20:16.0125 3812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:20:16.0140 3812 GEARAspiWDM - ok
16:20:16.0171 3812 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
16:20:16.0203 3812 ggflt - ok
16:20:16.0234 3812 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
16:20:16.0265 3812 ggsemc - ok
16:20:16.0312 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:20:16.0359 3812 Gpc - ok
16:20:16.0421 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:20:16.0421 3812 HDAudBus - ok
16:20:16.0484 3812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:20:16.0515 3812 HidUsb - ok
16:20:16.0562 3812 hpn - ok
16:20:16.0625 3812 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:20:16.0671 3812 HPZius12 - ok
16:20:16.0750 3812 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
16:20:16.0781 3812 HssDrv - ok
16:20:16.0906 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:20:16.0906 3812 HTTP - ok
16:20:16.0937 3812 i2omgmt - ok
16:20:16.0953 3812 i2omp - ok
16:20:17.0015 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:20:17.0046 3812 i8042prt - ok
16:20:17.0546 3812 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:20:18.0140 3812 ialm - ok
16:20:18.0687 3812 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110922.030\IDSxpx86.sys
16:20:18.0984 3812 IDSxpx86 - ok
16:20:19.0250 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:20:19.0296 3812 Imapi - ok
16:20:19.0437 3812 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
16:20:19.0515 3812 InCDfs - ok
16:20:19.0750 3812 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
16:20:19.0781 3812 InCDPass - ok
16:20:19.0828 3812 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
16:20:19.0859 3812 InCDrec - ok
16:20:19.0906 3812 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
16:20:19.0953 3812 incdrm - ok
16:20:20.0046 3812 ini910u - ok
16:20:20.0734 3812 IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:20:21.0750 3812 IntcAzAudAddService - ok
16:20:21.0859 3812 IntelIde - ok
16:20:22.0015 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:20:22.0015 3812 intelppm - ok
16:20:22.0312 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:20:22.0484 3812 Ip6Fw - ok
16:20:22.0781 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:20:22.0906 3812 IpFilterDriver - ok
16:20:23.0156 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:20:23.0171 3812 IpInIp - ok
16:20:23.0390 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:20:23.0390 3812 IpNat - ok
16:20:23.0703 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:20:23.0765 3812 IPSec - ok
16:20:24.0265 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:20:24.0312 3812 IRENUM - ok
16:20:24.0640 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:20:24.0656 3812 isapnp - ok
16:20:24.0781 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:20:24.0812 3812 Kbdclass - ok
16:20:25.0046 3812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:20:25.0093 3812 kbdhid - ok
16:20:25.0640 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:20:25.0703 3812 kmixer - ok
16:20:25.0890 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:20:25.0890 3812 KSecDD - ok
16:20:26.0062 3812 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
16:20:26.0078 3812 Ktp - ok
16:20:26.0218 3812 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
16:20:26.0218 3812 L1e - ok
16:20:26.0281 3812 lbrtfdc - ok
16:20:26.0468 3812 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
16:20:26.0546 3812 ManyCam - ok
16:20:26.0828 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:20:26.0859 3812 mnmdd - ok
16:20:27.0015 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:20:27.0031 3812 Modem - ok
16:20:27.0218 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:20:27.0250 3812 Mouclass - ok
16:20:27.0578 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:20:27.0640 3812 mouhid - ok
16:20:27.0796 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:20:27.0812 3812 MountMgr - ok
16:20:27.0859 3812 mraid35x - ok
16:20:28.0031 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:20:28.0093 3812 MRxDAV - ok
16:20:28.0406 3812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:20:28.0625 3812 MRxSmb - ok
16:20:28.0859 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:20:28.0890 3812 Msfs - ok
16:20:29.0031 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:20:29.0062 3812 MSKSSRV - ok
16:20:29.0156 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:20:29.0171 3812 MSPCLOCK - ok
16:20:29.0218 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:20:29.0250 3812 MSPQM - ok
16:20:29.0500 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:20:29.0500 3812 mssmbios - ok
16:20:29.0812 3812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:20:29.0828 3812 MSTEE - ok
16:20:29.0953 3812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:20:29.0953 3812 Mup - ok
16:20:30.0109 3812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:20:30.0171 3812 NABTSFEC - ok
16:20:30.0468 3812 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVENG.SYS
16:20:30.0750 3812 NAVENG - ok
16:20:31.0171 3812 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVEX15.SYS
16:20:31.0562 3812 NAVEX15 - ok
16:20:31.0890 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:20:31.0968 3812 NDIS - ok
16:20:32.0125 3812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:20:32.0125 3812 NdisIP - ok
16:20:32.0250 3812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:20:32.0250 3812 NdisTapi - ok
16:20:32.0406 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:20:32.0453 3812 Ndisuio - ok
16:20:32.0875 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:20:32.0937 3812 NdisWan - ok
16:20:33.0156 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:20:33.0156 3812 NDProxy - ok
16:20:33.0375 3812 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
16:20:33.0421 3812 Netaapl - ok
16:20:33.0515 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:20:33.0609 3812 NetBIOS - ok
16:20:33.0781 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:20:33.0859 3812 NetBT - ok
16:20:34.0125 3812 nmwcdnsu - ok
16:20:34.0281 3812 nmwcdnsuc - ok
16:20:34.0453 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:20:34.0515 3812 Npfs - ok
16:20:34.0843 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:20:34.0953 3812 Ntfs - ok
16:20:35.0171 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:20:35.0187 3812 Null - ok
16:20:35.0421 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:20:35.0468 3812 NwlnkFlt - ok
16:20:35.0640 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:20:35.0703 3812 NwlnkFwd - ok
16:20:35.0812 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:20:35.0937 3812 Parport - ok
16:20:36.0093 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:20:36.0125 3812 PartMgr - ok
16:20:36.0203 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:20:36.0234 3812 ParVdm - ok
16:20:36.0312 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:20:36.0359 3812 PCI - ok
16:20:36.0500 3812 PCIDump - ok
16:20:36.0703 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:20:36.0765 3812 PCIIde - ok
16:20:36.0875 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:20:36.0937 3812 Pcmcia - ok
16:20:37.0062 3812 PDCOMP - ok
16:20:37.0093 3812 PDFRAME - ok
16:20:37.0125 3812 PDRELI - ok
16:20:37.0203 3812 PDRFRAME - ok
16:20:37.0250 3812 perc2 - ok
16:20:37.0296 3812 perc2hib - ok
16:20:37.0453 3812 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
16:20:37.0500 3812 pnarp - ok
16:20:37.0812 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:20:37.0875 3812 PptpMiniport - ok
16:20:37.0984 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:20:38.0015 3812 PSched - ok
16:20:38.0171 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:20:38.0203 3812 Ptilink - ok
16:20:38.0390 3812 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
16:20:38.0437 3812 purendis - ok
16:20:38.0593 3812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:20:38.0640 3812 PxHelp20 - ok
16:20:38.0734 3812 ql1080 - ok
16:20:38.0781 3812 Ql10wnt - ok
16:20:38.0828 3812 ql12160 - ok
16:20:38.0859 3812 ql1240 - ok
16:20:38.0906 3812 ql1280 - ok
16:20:38.0968 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:20:38.0984 3812 RasAcd - ok
16:20:39.0109 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:20:39.0156 3812 Rasl2tp - ok
16:20:39.0218 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:20:39.0250 3812 RasPppoe - ok
16:20:39.0328 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:20:39.0328 3812 Raspti - ok
16:20:39.0437 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:20:39.0593 3812 Rdbss - ok
16:20:39.0734 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:20:39.0765 3812 RDPCDD - ok
16:20:39.0906 3812 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:20:39.0906 3812 RDPWD - ok
16:20:40.0015 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:20:40.0062 3812 redbook - ok
16:20:40.0515 3812 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
16:20:40.0718 3812 RT80x86 - ok
16:20:40.0953 3812 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
16:20:41.0015 3812 s1018bus - ok
16:20:41.0218 3812 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
16:20:41.0265 3812 s1018mdfl - ok
16:20:41.0453 3812 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
16:20:41.0515 3812 s1018mdm - ok
16:20:41.0843 3812 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
16:20:41.0890 3812 s1018mgmt - ok
16:20:42.0046 3812 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
16:20:42.0078 3812 s1018nd5 - ok
16:20:42.0234 3812 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
16:20:42.0281 3812 s1018obex - ok
16:20:42.0421 3812 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
16:20:42.0500 3812 s1018unic - ok
16:20:42.0812 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:20:42.0859 3812 Secdrv - ok
16:20:42.0937 3812 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
16:20:43.0000 3812 seehcri - ok
16:20:43.0093 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:20:43.0125 3812 Serial - ok
16:20:43.0406 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:20:43.0437 3812 Sfloppy - ok
16:20:43.0562 3812 Simbad - ok
16:20:43.0750 3812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:20:43.0781 3812 SLIP - ok
16:20:43.0859 3812 Sparrow - ok
16:20:43.0937 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:20:43.0984 3812 splitter - ok
16:20:44.0125 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:20:44.0171 3812 sr - ok
16:20:44.0515 3812 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
16:20:44.0750 3812 SRTSP - ok
16:20:45.0031 3812 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
16:20:45.0078 3812 SRTSPX - ok
16:20:45.0406 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:20:45.0468 3812 Srv - ok
16:20:45.0734 3812 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:20:45.0781 3812 ssmdrv - ok
16:20:46.0109 3812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:20:46.0125 3812 streamip - ok
16:20:46.0343 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:20:46.0359 3812 swenum - ok
16:20:46.0562 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:20:46.0593 3812 swmidi - ok
16:20:46.0812 3812 symc810 - ok
16:20:46.0921 3812 symc8xx - ok
16:20:47.0421 3812 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
16:20:47.0687 3812 SymDS - ok
16:20:48.0046 3812 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
16:20:48.0234 3812 SymEFA - ok
16:20:48.0500 3812 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:20:48.0500 3812 SymEvent - ok
16:20:48.0828 3812 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
16:20:48.0937 3812 SymIRON - ok
16:20:49.0343 3812 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
16:20:49.0500 3812 SYMTDI - ok
16:20:49.0593 3812 sym_hi - ok
16:20:49.0671 3812 sym_u3 - ok
16:20:49.0734 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:20:49.0781 3812 sysaudio - ok
16:20:49.0859 3812 tap0801 (f6587c800ce0ad14e755c4605febf3f9) C:\WINDOWS\system32\DRIVERS\tap0801.sys
16:20:49.0906 3812 tap0801 - ok
16:20:49.0968 3812 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
16:20:50.0000 3812 taphss - ok
16:20:50.0046 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:20:50.0062 3812 Tcpip - ok
16:20:50.0109 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:20:50.0171 3812 TDPIPE - ok
16:20:50.0500 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:20:50.0515 3812 TDTCP - ok
16:20:50.0609 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:20:50.0671 3812 TermDD - ok
16:20:50.0781 3812 TosIde - ok
16:20:50.0906 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:20:50.0937 3812 Udfs - ok
16:20:51.0015 3812 ultra - ok
16:20:51.0156 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:20:51.0468 3812 Update - ok
16:20:51.0796 3812 upperdev - ok
16:20:52.0171 3812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:20:52.0390 3812 USBAAPL - ok
16:20:52.0656 3812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:20:52.0703 3812 usbaudio - ok
16:20:52.0781 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:20:52.0890 3812 usbccgp - ok
16:20:53.0078 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:20:53.0171 3812 usbehci - ok
16:20:53.0296 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:20:53.0343 3812 usbhub - ok
16:20:53.0765 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:20:53.0828 3812 usbprint - ok
16:20:54.0015 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:20:54.0109 3812 usbscan - ok
16:20:54.0281 3812 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:20:54.0328 3812 usbstor - ok
16:20:54.0765 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:20:54.0781 3812 usbuhci - ok
16:20:55.0046 3812 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:20:55.0171 3812 usbvideo - ok
16:20:55.0484 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:20:55.0546 3812 VgaSave - ok
16:20:55.0687 3812 ViaIde - ok
16:20:55.0765 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:20:55.0812 3812 VolSnap - ok
16:20:55.0984 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:20:56.0093 3812 Wanarp - ok
16:20:56.0312 3812 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:20:56.0484 3812 Wdf01000 - ok
16:20:56.0609 3812 WDICA - ok
16:20:56.0781 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:20:56.0828 3812 wdmaud - ok
16:20:57.0187 3812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:20:57.0203 3812 WpdUsb - ok
16:20:57.0312 3812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:20:57.0328 3812 WSTCODEC - ok
16:20:57.0531 3812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:20:57.0578 3812 WudfPf - ok
16:20:57.0750 3812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:20:57.0796 3812 WudfRd - ok
16:20:57.0953 3812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:20:58.0875 3812 \Device\Harddisk0\DR0 - ok
16:20:58.0906 3812 Boot (0x1200) (e25159a6f1fd34497ac1785a1f890ce1) \Device\Harddisk0\DR0\Partition0
16:20:58.0921 3812 \Device\Harddisk0\DR0\Partition0 - ok
16:20:58.0968 3812 Boot (0x1200) (2261731dd88ba5a627d706fa0c7bc8e7) \Device\Harddisk0\DR0\Partition1
16:20:58.0968 3812 \Device\Harddisk0\DR0\Partition1 - ok
16:20:58.0968 3812 ============================================================
16:20:58.0968 3812 Scan finished
16:20:58.0968 3812 ============================================================
16:20:59.0031 1872 Detected object count: 2
16:20:59.0031 1872 Actual detected object count: 2
16:21:50.0718 1872 HKLM\SYSTEM\ControlSet001\services\8fd57e25 - will be deleted on reboot
16:21:50.0734 1872 HKLM\SYSTEM\ControlSet003\services\8fd57e25 - will be deleted on reboot
16:21:50.0765 1872 C:\WINDOWS\629069199:1881833946.exe - will be deleted on reboot
16:21:50.0765 1872 8fd57e25 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
16:21:51.0687 1872 Backup copy not found, trying to cure infected file..
16:21:51.0953 1872 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys - Cure failed (FFFFFFFF)
16:21:51.0953 1872 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys - processing error
16:21:51.0953 1872 ctxusbm ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
16:22:12.0187 2176 Deinitialize success
 
Hey Broni,

My Avira is finding maleware like all the time. I've been only closing the notification window without removing them because I wasn't requested to do so. Should I keep doing that or should I click remove?

Many thanks Broni,,,
 
You can allow Avira remove anything it wants.

Please re-run TDSSKiller one more time.

Then.....

Lets run the following tool. This will help determine which files need permissions restored.

Please download and save Junction.zip

Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.
 
Here's the new TDSSKiller log:

20:40:56.0765 2304 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
20:40:58.0781 2304 ============================================================
20:40:58.0781 2304 Current date / time: 2011/11/11 20:40:58.0781
20:40:58.0781 2304 SystemInfo:
20:40:58.0781 2304
20:40:58.0781 2304 OS Version: 5.1.2600 ServicePack: 3.0
20:40:58.0781 2304 Product type: Workstation
20:40:58.0781 2304 ComputerName: YOUR-S8SUI3P2KW
20:40:58.0781 2304 UserName: Mohammed
20:40:58.0781 2304 Windows directory: C:\WINDOWS
20:40:58.0781 2304 System windows directory: C:\WINDOWS
20:40:58.0781 2304 Processor architecture: Intel x86
20:40:58.0781 2304 Number of processors: 2
20:40:58.0781 2304 Page size: 0x1000
20:40:58.0781 2304 Boot type: Normal boot
20:40:58.0781 2304 ============================================================
20:41:01.0328 2304 Initialize success
20:41:49.0000 2760 ============================================================
20:41:49.0000 2760 Scan started
20:41:49.0000 2760 Mode: Manual;
20:41:49.0000 2760 ============================================================
20:41:50.0890 2760 Abiosdsk - ok
20:41:51.0078 2760 abp480n5 - ok
20:41:51.0156 2760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:41:51.0218 2760 ACPI - ok
20:41:51.0250 2760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:41:51.0296 2760 ACPIEC - ok
20:41:51.0328 2760 adpu160m - ok
20:41:51.0406 2760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:41:51.0500 2760 aec - ok
20:41:51.0578 2760 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:41:51.0593 2760 AFD - ok
20:41:51.0609 2760 Aha154x - ok
20:41:51.0625 2760 aic78u2 - ok
20:41:51.0656 2760 aic78xx - ok
20:41:51.0703 2760 AliIde - ok
20:41:51.0718 2760 amsint - ok
20:41:51.0843 2760 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
20:41:52.0015 2760 AR5211 - ok
20:41:52.0109 2760 asc - ok
20:41:52.0140 2760 asc3350p - ok
20:41:52.0171 2760 asc3550 - ok
20:41:52.0296 2760 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
20:41:52.0359 2760 AsusACPI - ok
20:41:52.0421 2760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:41:52.0468 2760 AsyncMac - ok
20:41:52.0531 2760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:41:52.0546 2760 atapi - ok
20:41:52.0562 2760 Atdisk - ok
20:41:52.0593 2760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:41:52.0656 2760 Atmarpc - ok
20:41:52.0718 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:41:52.0750 2760 audstub - ok
20:41:52.0796 2760 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:41:52.0843 2760 avgntflt - ok
20:41:52.0890 2760 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:41:52.0953 2760 avipbb - ok
20:41:52.0984 2760 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:41:53.0046 2760 avkmgr - ok
20:41:53.0109 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:41:53.0140 2760 Beep - ok
20:41:53.0328 2760 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
20:41:53.0437 2760 BHDrvx86 - ok
20:41:53.0640 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:41:53.0671 2760 cbidf2k - ok
20:41:53.0734 2760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:41:53.0796 2760 CCDECODE - ok
20:41:53.0812 2760 cd20xrnt - ok
20:41:53.0875 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:41:53.0906 2760 Cdaudio - ok
20:41:53.0937 2760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:41:53.0984 2760 Cdfs - ok
20:41:54.0062 2760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:41:54.0109 2760 Cdrom - ok
20:41:54.0140 2760 Changer - ok
20:41:54.0218 2760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:41:54.0234 2760 CmBatt - ok
20:41:54.0265 2760 CmdIde - ok
20:41:54.0312 2760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:41:54.0312 2760 Compbatt - ok
20:41:54.0359 2760 Cpqarray - ok
20:41:54.0390 2760 dac2w2k - ok
20:41:54.0406 2760 dac960nt - ok
20:41:54.0437 2760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:41:54.0484 2760 Disk - ok
20:41:54.0578 2760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:41:54.0687 2760 dmboot - ok
20:41:54.0750 2760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:41:54.0796 2760 dmio - ok
20:41:54.0828 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:41:54.0859 2760 dmload - ok
20:41:54.0921 2760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:41:54.0953 2760 DMusic - ok
20:41:54.0984 2760 dpti2o - ok
20:41:55.0046 2760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:41:55.0078 2760 drmkaud - ok
20:41:55.0203 2760 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:41:55.0296 2760 eeCtrl - ok
20:41:55.0343 2760 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:41:55.0390 2760 EraserUtilRebootDrv - ok
20:41:55.0546 2760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:41:55.0609 2760 Fastfat - ok
20:41:55.0687 2760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:41:55.0734 2760 Fdc - ok
20:41:55.0781 2760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:41:55.0812 2760 Fips - ok
20:41:55.0843 2760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:41:55.0875 2760 Flpydisk - ok
20:41:55.0937 2760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:41:55.0984 2760 FltMgr - ok
20:41:56.0031 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:41:56.0078 2760 Fs_Rec - ok
20:41:56.0109 2760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:41:56.0140 2760 Ftdisk - ok
20:41:56.0187 2760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:41:56.0250 2760 GEARAspiWDM - ok
20:41:56.0296 2760 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:41:56.0328 2760 ggflt - ok
20:41:56.0484 2760 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:41:56.0578 2760 ggsemc - ok
20:41:56.0640 2760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:41:56.0703 2760 Gpc - ok
20:41:56.0765 2760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:41:56.0812 2760 HDAudBus - ok
20:41:56.0890 2760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:41:56.0921 2760 HidUsb - ok
20:41:56.0953 2760 hpn - ok
20:41:57.0078 2760 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:41:57.0125 2760 HPZius12 - ok
20:41:57.0187 2760 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:41:57.0234 2760 HssDrv - ok
20:41:57.0328 2760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:41:57.0343 2760 HTTP - ok
20:41:57.0359 2760 i2omgmt - ok
20:41:57.0390 2760 i2omp - ok
20:41:57.0453 2760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:41:57.0515 2760 i8042prt - ok
20:41:57.0656 2760 ialm (148759f6e22d2ca3dbac3c68b18f69fe) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:41:58.0000 2760 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: 148759f6e22d2ca3dbac3c68b18f69fe, Fake md5: 0f68e2ec713f132ffb19e45415b09679
20:41:58.0031 2760 ialm ( ForgedFile.Multi.Generic ) - warning
20:41:58.0031 2760 ialm - detected ForgedFile.Multi.Generic (1)
20:41:58.0281 2760 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110922.030\IDSxpx86.sys
20:41:58.0359 2760 IDSxpx86 - ok
20:41:58.0468 2760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:41:58.0515 2760 Imapi - ok
20:41:58.0578 2760 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
20:41:58.0640 2760 InCDfs - ok
20:41:58.0671 2760 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
20:41:58.0718 2760 InCDPass - ok
20:41:58.0750 2760 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
20:41:58.0796 2760 InCDrec - ok
20:41:58.0843 2760 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
20:41:58.0875 2760 incdrm - ok
20:41:58.0921 2760 ini910u - ok
20:41:59.0031 2760 IntcAzAudAddService (cadb04b4b10027f1506ec32b03f5d686) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:41:59.0171 2760 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: cadb04b4b10027f1506ec32b03f5d686, Fake md5: c73a4a48fbb3d00c7dbc6fe4f5e3675f
20:41:59.0203 2760 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
20:41:59.0203 2760 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
20:41:59.0218 2760 IntelIde - ok
20:41:59.0265 2760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:41:59.0281 2760 intelppm - ok
20:41:59.0312 2760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:41:59.0343 2760 Ip6Fw - ok
20:41:59.0359 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:41:59.0375 2760 IpFilterDriver - ok
20:41:59.0390 2760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:41:59.0406 2760 IpInIp - ok
20:41:59.0437 2760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:41:59.0484 2760 IpNat - ok
20:41:59.0531 2760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:41:59.0562 2760 IPSec - ok
20:41:59.0625 2760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:41:59.0656 2760 IRENUM - ok
20:41:59.0718 2760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:41:59.0750 2760 isapnp - ok
20:41:59.0812 2760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:41:59.0843 2760 Kbdclass - ok
20:41:59.0890 2760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:41:59.0937 2760 kbdhid - ok
20:41:59.0984 2760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:42:00.0000 2760 kmixer - ok
20:42:00.0062 2760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:42:00.0062 2760 KSecDD - ok
20:42:00.0093 2760 Ktp (6e775ade642556c6d43450d16d763fc2) C:\WINDOWS\system32\DRIVERS\ETD.sys
20:42:00.0140 2760 Ktp - ok
20:42:00.0187 2760 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
20:42:00.0234 2760 L1e - ok
20:42:00.0265 2760 lbrtfdc - ok
20:42:00.0359 2760 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
20:42:00.0390 2760 ManyCam - ok
20:42:00.0468 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:42:00.0500 2760 mnmdd - ok
20:42:00.0546 2760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:42:00.0578 2760 Modem - ok
20:42:00.0640 2760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:42:00.0671 2760 Mouclass - ok
20:42:00.0718 2760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:42:00.0750 2760 mouhid - ok
20:42:00.0796 2760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:42:00.0828 2760 MountMgr - ok
20:42:00.0843 2760 mraid35x - ok
20:42:00.0906 2760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:42:00.0968 2760 MRxDAV - ok
20:42:01.0203 2760 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:42:01.0250 2760 MRxSmb - ok
20:42:01.0312 2760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:42:01.0343 2760 Msfs - ok
20:42:01.0406 2760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:42:01.0437 2760 MSKSSRV - ok
20:42:01.0453 2760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:42:01.0484 2760 MSPCLOCK - ok
20:42:01.0531 2760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:42:01.0562 2760 MSPQM - ok
20:42:01.0609 2760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:42:01.0640 2760 mssmbios - ok
20:42:01.0656 2760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:42:01.0687 2760 MSTEE - ok
20:42:01.0750 2760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:42:01.0765 2760 Mup - ok
20:42:01.0781 2760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:42:01.0828 2760 NABTSFEC - ok
20:42:01.0984 2760 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVENG.SYS
20:42:02.0046 2760 NAVENG - ok
20:42:02.0140 2760 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110923.002\NAVEX15.SYS
20:42:02.0328 2760 NAVEX15 - ok
20:42:02.0500 2760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:42:02.0578 2760 NDIS - ok
20:42:02.0625 2760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:42:02.0656 2760 NdisIP - ok
20:42:02.0703 2760 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:42:02.0703 2760 NdisTapi - ok
20:42:02.0765 2760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:42:02.0796 2760 Ndisuio - ok
20:42:02.0812 2760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:42:02.0843 2760 NdisWan - ok
20:42:02.0906 2760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:42:02.0906 2760 NDProxy - ok
20:42:02.0953 2760 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
20:42:02.0984 2760 Netaapl - ok
20:42:03.0046 2760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:42:03.0109 2760 NetBIOS - ok
20:42:03.0187 2760 nmwcdnsu - ok
20:42:03.0218 2760 nmwcdnsuc - ok
20:42:03.0234 2760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:42:03.0250 2760 Npfs - ok
20:42:03.0328 2760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:42:03.0359 2760 Ntfs - ok
20:42:03.0437 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:42:03.0453 2760 Null - ok
20:42:03.0515 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:42:03.0546 2760 NwlnkFlt - ok
20:42:03.0562 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:42:03.0578 2760 NwlnkFwd - ok
20:42:03.0640 2760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:42:03.0656 2760 Parport - ok
20:42:03.0718 2760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:42:03.0750 2760 PartMgr - ok
20:42:03.0781 2760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:42:03.0812 2760 ParVdm - ok
20:42:03.0859 2760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:42:03.0890 2760 PCI - ok
20:42:03.0921 2760 PCIDump - ok
20:42:03.0937 2760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:42:03.0968 2760 PCIIde - ok
20:42:04.0015 2760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:42:04.0078 2760 Pcmcia - ok
20:42:04.0093 2760 PDCOMP - ok
20:42:04.0125 2760 PDFRAME - ok
20:42:04.0140 2760 PDRELI - ok
20:42:04.0171 2760 PDRFRAME - ok
20:42:04.0187 2760 perc2 - ok
20:42:04.0218 2760 perc2hib - ok
20:42:04.0312 2760 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:42:04.0359 2760 pnarp - ok
20:42:04.0406 2760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:42:04.0437 2760 PptpMiniport - ok
20:42:04.0453 2760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:42:04.0484 2760 PSched - ok
20:42:04.0500 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:42:04.0531 2760 Ptilink - ok
20:42:04.0593 2760 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:42:04.0640 2760 purendis - ok
20:42:04.0687 2760 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:42:04.0718 2760 PxHelp20 - ok
20:42:04.0734 2760 ql1080 - ok
20:42:04.0750 2760 Ql10wnt - ok
20:42:04.0781 2760 ql12160 - ok
20:42:04.0796 2760 ql1240 - ok
20:42:04.0812 2760 ql1280 - ok
20:42:04.0859 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:42:04.0906 2760 RasAcd - ok
20:42:04.0937 2760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:42:04.0984 2760 Rasl2tp - ok
20:42:05.0015 2760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:42:05.0062 2760 RasPppoe - ok
20:42:05.0109 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:42:05.0156 2760 Raspti - ok
20:42:05.0218 2760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:42:05.0281 2760 Rdbss - ok
20:42:05.0328 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:42:05.0359 2760 RDPCDD - ok
20:42:05.0437 2760 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:42:05.0453 2760 RDPWD - ok
20:42:05.0531 2760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:42:05.0562 2760 redbook - ok
20:42:05.0671 2760 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
20:42:05.0796 2760 RT80x86 - ok
20:42:05.0843 2760 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
20:42:05.0890 2760 s1018bus - ok
20:42:05.0937 2760 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
20:42:05.0984 2760 s1018mdfl - ok
20:42:06.0015 2760 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
20:42:06.0062 2760 s1018mdm - ok
20:42:06.0109 2760 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
20:42:06.0171 2760 s1018mgmt - ok
20:42:06.0203 2760 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
20:42:06.0250 2760 s1018nd5 - ok
20:42:06.0281 2760 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
20:42:06.0312 2760 s1018obex - ok
20:42:06.0375 2760 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
20:42:06.0421 2760 s1018unic - ok
20:42:06.0500 2760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:42:06.0531 2760 Secdrv - ok
20:42:06.0593 2760 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:42:06.0640 2760 seehcri - ok
20:42:06.0703 2760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:42:06.0750 2760 Serial - ok
20:42:06.0812 2760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:42:06.0843 2760 Sfloppy - ok
20:42:06.0906 2760 Simbad - ok
20:42:06.0968 2760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:42:07.0000 2760 SLIP - ok
20:42:07.0062 2760 Sparrow - ok
20:42:07.0140 2760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:42:07.0171 2760 splitter - ok
20:42:07.0250 2760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:42:07.0312 2760 sr - ok
20:42:07.0437 2760 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
20:42:07.0562 2760 SRTSP - ok
20:42:07.0656 2760 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
20:42:07.0703 2760 SRTSPX - ok
20:42:07.0781 2760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:42:07.0796 2760 Srv - ok
20:42:07.0875 2760 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:42:07.0906 2760 ssmdrv - ok
20:42:07.0984 2760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:42:08.0031 2760 streamip - ok
20:42:08.0171 2760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:42:08.0218 2760 swenum - ok
20:42:08.0296 2760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:42:08.0328 2760 swmidi - ok
20:42:08.0359 2760 symc810 - ok
20:42:08.0390 2760 symc8xx - ok
20:42:08.0500 2760 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
20:42:08.0578 2760 SymDS - ok
20:42:08.0718 2760 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
20:42:08.0843 2760 SymEFA - ok
20:42:08.0906 2760 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:42:08.0921 2760 SymEvent - ok
20:42:09.0000 2760 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
20:42:09.0046 2760 SymIRON - ok
20:42:09.0109 2760 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
20:42:09.0171 2760 SYMTDI - ok
20:42:09.0187 2760 sym_hi - ok
20:42:09.0218 2760 sym_u3 - ok
20:42:09.0265 2760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:42:09.0312 2760 sysaudio - ok
20:42:09.0359 2760 tap0801 (f6587c800ce0ad14e755c4605febf3f9) C:\WINDOWS\system32\DRIVERS\tap0801.sys
20:42:09.0406 2760 tap0801 - ok
20:42:09.0468 2760 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:42:09.0484 2760 taphss - ok
20:42:09.0562 2760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:42:09.0578 2760 Tcpip - ok
20:42:09.0625 2760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:42:09.0671 2760 TDPIPE - ok
20:42:09.0687 2760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:42:09.0718 2760 TDTCP - ok
20:42:09.0750 2760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:42:09.0796 2760 TermDD - ok
20:42:09.0843 2760 TosIde - ok
20:42:09.0906 2760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:42:09.0953 2760 Udfs - ok
20:42:09.0968 2760 ultra - ok
20:42:10.0046 2760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:42:10.0312 2760 Update - ok
20:42:10.0343 2760 upperdev - ok
20:42:10.0421 2760 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:42:10.0468 2760 USBAAPL - ok
20:42:10.0531 2760 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:42:10.0562 2760 usbaudio - ok
20:42:10.0609 2760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:42:10.0656 2760 usbccgp - ok
20:42:10.0718 2760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:42:10.0750 2760 usbehci - ok
20:42:10.0796 2760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:42:10.0843 2760 usbhub - ok
20:42:10.0906 2760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:42:10.0953 2760 usbprint - ok
20:42:10.0984 2760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:42:11.0031 2760 usbscan - ok
20:42:11.0093 2760 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:42:11.0140 2760 usbstor - ok
20:42:11.0203 2760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:42:11.0234 2760 usbuhci - ok
20:42:11.0281 2760 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:42:11.0328 2760 usbvideo - ok
20:42:11.0359 2760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:42:11.0390 2760 VgaSave - ok
20:42:11.0406 2760 ViaIde - ok
20:42:11.0468 2760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:42:11.0515 2760 VolSnap - ok
20:42:11.0593 2760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:42:11.0625 2760 Wanarp - ok
20:42:11.0703 2760 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:42:11.0781 2760 Wdf01000 - ok
20:42:11.0796 2760 WDICA - ok
20:42:11.0875 2760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:42:11.0906 2760 wdmaud - ok
20:42:12.0187 2760 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:42:12.0218 2760 WpdUsb - ok
20:42:12.0296 2760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:42:12.0328 2760 WSTCODEC - ok
20:42:12.0390 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:42:12.0437 2760 WudfPf - ok
20:42:12.0468 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:42:12.0515 2760 WudfRd - ok
20:42:12.0625 2760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:42:12.0812 2760 \Device\Harddisk0\DR0 - ok
20:42:12.0812 2760 Boot (0x1200) (e25159a6f1fd34497ac1785a1f890ce1) \Device\Harddisk0\DR0\Partition0
20:42:12.0812 2760 \Device\Harddisk0\DR0\Partition0 - ok
20:42:12.0859 2760 Boot (0x1200) (2261731dd88ba5a627d706fa0c7bc8e7) \Device\Harddisk0\DR0\Partition1
20:42:12.0859 2760 \Device\Harddisk0\DR0\Partition1 - ok
20:42:12.0859 2760 ============================================================
20:42:12.0859 2760 Scan finished
20:42:12.0859 2760 ============================================================
20:42:12.0890 3156 Detected object count: 2
20:42:12.0890 3156 Actual detected object count: 2
20:42:36.0281 3156 ialm ( ForgedFile.Multi.Generic ) - skipped by user
20:42:36.0281 3156 ialm ( ForgedFile.Multi.Generic ) - User select action: Skip
20:42:36.0296 3156 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
20:42:36.0296 3156 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
20:42:46.0500 2024 Deinitialize success
 
I closed the command window like two times thinking the scan hasn't started. Now, I finally got this log:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp: Access is denied.


..

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\Common Files\Real\Update_OB\realsched.exe: Access is denied.




...

...

...


Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


...

...

...

...

...

...

...

.
Failed to open \\?\c:\\WINDOWS\$NtUninstallKB3599$: Access is denied.


..

...

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\WINDOWS\system32\igfxsrvc.exe: Access is denied.


.

...

...


Failed to open \\?\c:\\WINDOWS\system32\drivers\netbt.sys: Access is denied.


...

..
 
Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
Copy and paste the following in the edit box:

Code: 
c:\\System Volume Information
c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp
c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine
c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp
c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
c:\\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\\WINDOWS\$NtUninstallKB3599$
c:\\WINDOWS\system32\igfxsrvc.exe
c:\\WINDOWS\system32\drivers\netbt.sys

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.
 
GrantPerms by Farbar
Ran by Mohammed (administrator) at 2011-11-11 23:04:54

===============================================
\\?\c:\\System Volume Information

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)


ERROR: Parsing the SD of <\\?\c:\\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20111111-211244-659039F1\ARK628.tmp> failed with: Access is denied.


Operating system error message: Access is denied.
\\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine

Owner: YOUR-S8SUI3P2KW\Mohammed

DACL(P)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (NI)


\\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp

Owner: BUILTIN\Administrators

DACL((NP)):
\\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Mohammed\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Common Files\Real\Update_OB\realsched.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINDOWS\$NtUninstallKB3599$

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\c:\\WINDOWS\system32\igfxsrvc.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


ERROR: Parsing the SD of <\\?\c:\\WINDOWS\system32\drivers\netbt.sys> failed with: Access is denied.


Operating system error message: Access is denied.
 
Good :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni,

I can't get my laptop to connect to my wifi! It's stuck at "acquiring network address". I hope this isn't caused by the viruses and malwares that I got :S

I researched the problem and tried many things but non seem to work. I deleted the wifi profile, I changed the SSID, and I tried reseting the authentication to "open". None of these methods worked. I'll keep trying. If you have some ideas, please ket me know.

Thanks a lot,,
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
Shawn Knight
Google fully discontinues cache links in Search
Replies
9
Views
527
Tinderbox
Tinderbox
midian182
Google launches Chrome Enterprise Premium, a paid-for browser with advanced security features
Replies
7
Views
136
noXLar
noXLar

Latest posts

Back