Jump to content

Redirected searches, cant get Mbam to run...


Recommended Posts

Merged post

Hi, just want to say I love your product, it has worked great for me on several computers and I am overall very satisfied with it. However, my computer has been infected (redirected google searches, overall running extremely slow) and I cannot get Mbam to run. I have uninstalled and reinstalled several times. It seems like it is going to work but after a couple minutes it closes and when I try to run it again I get an error stating Windows cannot access the specified device and that I may not have the appropriate permissions, or something along those lines.

I did get Mbam Chameleon to run using the steps in the FAQ. Successfully removed 11 or so threats, but upon rebooting and trying to run Mbam again normally I run into the same problem with not having the appropriate permissions. Computer does seem to run faster and takes a lot less time to boot up. Also, it seems that my google searches have stopped getting redirected, although I have only tried several searches. I have the Mbam log saved and can post it if needed.

Here are the two DDS logs. Please and thanks for any and all help. If I can get this taken care of I am strongly considering purchasing the full version of your product. Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by mine at 19:06:27 on 2012-03-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.260 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\4030726373:452968207.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Secunia\PSI\PSIA.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Secunia\PSI\sua.exe

\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\System32\ping.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\mine\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\mine\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2DFD8EF7-AFEC-4CE5-974C-9D1043FC8E42} : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-21 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-21 135336]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-21 61960]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-21 269480]

S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-3 24064]

.

=============== Created Last 30 ================

.

2012-03-03 23:18:57 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-03 22:43:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-03 22:40:19 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-03-03 22:40:19 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-03 22:38:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-03 22:35:02 -------- d-----w- c:\program files\Bonjour

2012-03-03 22:32:53 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:07:24.48 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/8/2006 6:00:08 PM

System Uptime: 3/3/2012 6:52:58 PM (1 hours ago)

.

Motherboard: Dell Inc | | 0HK980

Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2 | 2004/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 45.774 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP376: 9/1/2011 12:35:07 AM - System Checkpoint

RP377: 9/2/2011 1:35:08 AM - System Checkpoint

RP378: 9/3/2011 2:35:09 AM - System Checkpoint

RP379: 9/4/2011 3:35:05 AM - System Checkpoint

RP380: 9/5/2011 4:35:08 AM - System Checkpoint

RP381: 9/6/2011 5:35:08 AM - System Checkpoint

RP382: 9/7/2011 5:42:33 AM - System Checkpoint

RP383: 9/8/2011 6:34:53 AM - System Checkpoint

RP384: 9/9/2011 7:34:51 AM - System Checkpoint

RP385: 9/10/2011 8:34:52 AM - System Checkpoint

RP386: 9/11/2011 9:34:45 AM - System Checkpoint

RP387: 9/12/2011 10:34:46 AM - System Checkpoint

RP388: 9/13/2011 11:34:47 AM - System Checkpoint

RP389: 9/14/2011 12:34:47 PM - System Checkpoint

RP390: 9/15/2011 1:51:18 PM - System Checkpoint

RP391: 9/16/2011 2:35:49 PM - System Checkpoint

RP392: 9/17/2011 3:34:44 PM - System Checkpoint

RP393: 9/18/2011 4:34:45 PM - System Checkpoint

RP394: 9/19/2011 5:34:42 PM - System Checkpoint

RP395: 9/21/2011 1:34:18 AM - System Checkpoint

RP396: 9/22/2011 2:17:18 AM - System Checkpoint

RP397: 9/23/2011 1:45:35 PM - System Checkpoint

RP398: 9/24/2011 2:17:12 PM - System Checkpoint

RP399: 9/25/2011 3:17:13 PM - System Checkpoint

RP400: 9/28/2011 1:49:59 AM - System Checkpoint

RP401: 9/29/2011 2:17:01 AM - System Checkpoint

RP402: 9/30/2011 2:24:22 AM - System Checkpoint

RP403: 10/1/2011 3:43:01 AM - System Checkpoint

RP404: 10/2/2011 4:16:54 AM - System Checkpoint

RP405: 10/3/2011 5:16:51 AM - System Checkpoint

RP406: 10/4/2011 6:16:59 AM - System Checkpoint

RP407: 10/5/2011 7:16:52 AM - System Checkpoint

RP408: 10/6/2011 8:16:53 AM - System Checkpoint

RP409: 11/27/2011 1:50:17 PM - System Checkpoint

RP410: 11/28/2011 8:10:36 PM - System Checkpoint

RP411: 3/3/2012 5:29:04 PM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Axis and Allies Starter Pack Full v5.1

Bonjour

Broadcom Management Programs

Cabos

CarbonPoker

CCleaner

Conexant D850 56K V.9x DFVc Modem

Dell CinePlayer

Dell Support 3.2

Dell System Restore

Digital Content Portal

Digital Line Detect

Disc2Phone

Documentation & Support Launcher

Download Updater (AOL LLC)

EarthLink Setup Files

EducateU

Foxit Reader

Free Audio CD Burner version 1.4.7

Free YouTube Download 3 version 3.0.11.727

Free YouTube to MP3 Converter version 3.10.6.727

FrostWire 4.21.3

Full Tilt Poker

Games, Music, & Photos Launcher

GemMaster Mystic

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Internet Service Offers Launcher

iPod Updater 2004-11-15

ISO Recorder

iTunes

Java Auto Updater

Java™ 6 Update 23

Lock Poker

Malwarebytes Anti-Malware version 1.60.1.1000

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Small Business Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Modem Diagnostic Tool

MSN

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

NetWaiting

NVIDIA Drivers

PokerStars

PokerStove version 1.23

PokerTracker 3 (remove only)

PostgreSQL 8.4

QuickTime

Revo Uninstaller 1.91

Rhapsody Player Engine

Roxio DLA

SA23xx Device Manager

Secunia PSI (2.0.0.3001)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Segoe UI

SimCity 4 Deluxe

Skype Toolbars

Skype™ 5.1

Sonic Activation Module

Sonic Encoders

Sonic Update Manager

TeamViewer 6

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Warcraft III

WebFldrs XP

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB912067

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

WOT for Internet Explorer

.

==== Event Viewer Messages From Past Week ========

.

3/3/2012 5:07:29 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied.

3/3/2012 5:07:29 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

3/3/2012 5:04:54 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

3/3/2012 5:04:21 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

3/3/2012 4:56:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

3/3/2012 4:54:25 PM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.

.

==== End Of File ===========================

Ok so a little update. Computer ran decently enough compared to how it was before I got Mbam Chameleon to run and remove the threats yesterday. I turned it on today and it seemed to take longer to boot up, it is running very slow again, and I am getting random pop-up ads while using Internet Explorer. I have added the log Mbam produced when I got it to run using Chameleon, hopefully that can help speed up the healing process. Thanks, I look forward to your help!

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.03.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

:: TYLER [administrator]

3/3/2012 6:25:50 PM

mbam-log-2012-03-03 (18-25-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259614

Time elapsed: 24 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\WINDOWS\system32\beatjamupnpmusicserver.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> Quarantined and deleted successfully.

HKCR\QMDispatch.QMFunction (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 9

C:\WINDOWS\system32\beatjamupnpmusicserver.dll (RootKit.0Access.H) -> Delete on reboot.

C:\Documents and Settings\mine\Local Settings\temp\0.26425867813123227.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\0.7023539063215677.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\776.3065.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\ofysuq\setup.exe (Trojan.Email) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\0.07842928303021812.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\0.1347933115653075.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\0.685451272389087.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

11:39:04.0500 3732 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

11:39:04.0890 3732 ============================================================

11:39:04.0890 3732 Current date / time: 2012/03/06 11:39:04.0890

11:39:04.0890 3732 SystemInfo:

11:39:04.0890 3732

11:39:04.0890 3732 OS Version: 5.1.2600 ServicePack: 3.0

11:39:04.0890 3732 Product type: Workstation

11:39:04.0890 3732 ComputerName: TYLER

11:39:04.0890 3732 UserName: mine

11:39:04.0890 3732 Windows directory: C:\WINDOWS

11:39:04.0890 3732 System windows directory: C:\WINDOWS

11:39:04.0890 3732 Processor architecture: Intel x86

11:39:04.0890 3732 Number of processors: 1

11:39:04.0890 3732 Page size: 0x1000

11:39:04.0890 3732 Boot type: Normal boot

11:39:04.0890 3732 ============================================================

11:39:05.0125 3732 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:39:05.0125 3732 \Device\Harddisk0\DR0:

11:39:05.0125 3732 MBR used

11:39:05.0125 3732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8BA231A

11:39:05.0156 3732 Initialize success

11:39:05.0156 3732 ============================================================

11:39:09.0046 3964 ============================================================

11:39:09.0046 3964 Scan started

11:39:09.0046 3964 Mode: Manual; SigCheck; TDLFS;

11:39:09.0046 3964 ============================================================

11:39:10.0328 3964 87581831 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\91257192.sys

11:39:10.0359 3964 Abiosdsk - ok

11:39:10.0390 3964 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

11:39:10.0531 3964 abp480n5 - ok

11:39:10.0593 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:39:10.0718 3964 ACPI - ok

11:39:10.0750 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:39:10.0890 3964 ACPIEC - ok

11:39:10.0921 3964 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:39:11.0046 3964 adpu160m - ok

11:39:11.0078 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:39:11.0218 3964 aec - ok

11:39:11.0265 3964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

11:39:11.0296 3964 AFD - ok

11:39:11.0312 3964 AFGMp50 - ok

11:39:11.0328 3964 AFGSp50 - ok

11:39:11.0359 3964 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:39:11.0500 3964 agp440 - ok

11:39:11.0546 3964 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

11:39:11.0687 3964 agpCPQ - ok

11:39:11.0718 3964 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

11:39:11.0765 3964 Aha154x - ok

11:39:11.0796 3964 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:39:11.0937 3964 aic78u2 - ok

11:39:11.0953 3964 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:39:12.0093 3964 aic78xx - ok

11:39:12.0125 3964 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:39:12.0296 3964 AliIde - ok

11:39:12.0328 3964 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

11:39:12.0515 3964 alim1541 - ok

11:39:12.0531 3964 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

11:39:12.0703 3964 amdagp - ok

11:39:12.0750 3964 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

11:39:12.0765 3964 AmdK8 - ok

11:39:12.0812 3964 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

11:39:12.0875 3964 amsint - ok

11:39:12.0937 3964 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

11:39:13.0078 3964 asc - ok

11:39:13.0109 3964 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

11:39:13.0171 3964 asc3350p - ok

11:39:13.0203 3964 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

11:39:13.0359 3964 asc3550 - ok

11:39:13.0421 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:39:13.0593 3964 AsyncMac - ok

11:39:13.0625 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:39:13.0765 3964 atapi - ok

11:39:13.0781 3964 Atdisk - ok

11:39:13.0812 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:39:13.0968 3964 Atmarpc - ok

11:39:13.0984 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:39:14.0125 3964 audstub - ok

11:39:14.0234 3964 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

11:39:14.0234 3964 avgio - ok

11:39:14.0250 3964 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

11:39:14.0296 3964 avgntflt - ok

11:39:14.0343 3964 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

11:39:14.0343 3964 avipbb - ok

11:39:14.0375 3964 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

11:39:14.0390 3964 bcm4sbxp - ok

11:39:14.0421 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:39:14.0593 3964 Beep - ok

11:39:14.0625 3964 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

11:39:14.0781 3964 cbidf - ok

11:39:14.0796 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:39:14.0937 3964 cbidf2k - ok

11:39:15.0000 3964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:39:15.0156 3964 CCDECODE - ok

11:39:15.0203 3964 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

11:39:15.0250 3964 cd20xrnt - ok

11:39:15.0265 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:39:15.0390 3964 Cdaudio - ok

11:39:15.0437 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:39:15.0609 3964 Cdfs - ok

11:39:15.0656 3964 Cdrom (c5cf68c4a120bbc9a406a754d35eaa56) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:39:15.0656 3964 Cdrom ( Virus.Win32.ZAccess.j ) - infected

11:39:15.0656 3964 Cdrom - detected Virus.Win32.ZAccess.j (0)

11:39:15.0671 3964 Changer - ok

11:39:15.0718 3964 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

11:39:15.0875 3964 CmdIde - ok

11:39:15.0906 3964 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

11:39:16.0062 3964 Cpqarray - ok

11:39:16.0109 3964 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

11:39:16.0250 3964 dac2w2k - ok

11:39:16.0281 3964 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

11:39:16.0437 3964 dac960nt - ok

11:39:16.0484 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:39:16.0656 3964 Disk - ok

11:39:16.0687 3964 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

11:39:16.0703 3964 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0703 3964 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

11:39:16.0734 3964 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

11:39:16.0734 3964 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0734 3964 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

11:39:16.0750 3964 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

11:39:16.0765 3964 DLADResN ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0765 3964 DLADResN - detected UnsignedFile.Multi.Generic (1)

11:39:16.0781 3964 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

11:39:16.0781 3964 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0781 3964 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

11:39:16.0796 3964 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

11:39:16.0812 3964 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0812 3964 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

11:39:16.0828 3964 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

11:39:16.0828 3964 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0828 3964 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

11:39:16.0859 3964 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

11:39:16.0859 3964 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0859 3964 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

11:39:16.0875 3964 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

11:39:16.0890 3964 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0890 3964 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

11:39:16.0906 3964 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

11:39:16.0921 3964 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

11:39:16.0921 3964 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

11:39:16.0968 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:39:17.0156 3964 dmboot - ok

11:39:17.0203 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:39:17.0359 3964 dmio - ok

11:39:17.0375 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:39:17.0531 3964 dmload - ok

11:39:17.0562 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:39:17.0718 3964 DMusic - ok

11:39:17.0750 3964 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

11:39:17.0906 3964 dpti2o - ok

11:39:17.0937 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:39:18.0078 3964 drmkaud - ok

11:39:18.0093 3964 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

11:39:18.0109 3964 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

11:39:18.0109 3964 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

11:39:18.0125 3964 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

11:39:18.0140 3964 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

11:39:18.0140 3964 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

11:39:18.0250 3964 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

11:39:18.0250 3964 DSproct ( UnsignedFile.Multi.Generic ) - warning

11:39:18.0250 3964 DSproct - detected UnsignedFile.Multi.Generic (1)

11:39:18.0281 3964 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:39:18.0421 3964 E100B - ok

11:39:18.0453 3964 e50040f0 (3b11619b4c5d33a5f48f0a62aca5d6bd) C:\WINDOWS\4030726373:452968207.exe

11:39:18.0468 3964 Suspicious file (Hidden): C:\WINDOWS\4030726373:452968207.exe. md5: 3b11619b4c5d33a5f48f0a62aca5d6bd

11:39:18.0468 3964 e50040f0 ( Rootkit.Win32.PMax.gen ) - infected

11:39:18.0468 3964 e50040f0 - detected Rootkit.Win32.PMax.gen (0)

11:39:18.0515 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:39:18.0640 3964 Fastfat - ok

11:39:18.0687 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:39:18.0812 3964 Fdc - ok

11:39:18.0843 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:39:18.0984 3964 Fips - ok

11:39:19.0015 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:39:19.0187 3964 Flpydisk - ok

11:39:19.0218 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:39:19.0375 3964 FltMgr - ok

11:39:19.0406 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:39:19.0546 3964 Fs_Rec - ok

11:39:19.0593 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:39:19.0718 3964 Ftdisk - ok

11:39:19.0765 3964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:39:19.0781 3964 GEARAspiWDM - ok

11:39:19.0828 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:39:19.0968 3964 Gpc - ok

11:39:20.0000 3964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:39:20.0140 3964 HDAudBus - ok

11:39:20.0171 3964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:39:20.0296 3964 HidUsb - ok

11:39:20.0343 3964 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

11:39:20.0484 3964 hpn - ok

11:39:20.0796 3964 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

11:39:20.0859 3964 HSFHWBS2 - ok

11:39:20.0953 3964 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

11:39:21.0125 3964 HSF_DP - ok

11:39:21.0171 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:39:21.0203 3964 HTTP - ok

11:39:21.0218 3964 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

11:39:21.0359 3964 i2omgmt - ok

11:39:21.0390 3964 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

11:39:21.0562 3964 i2omp - ok

11:39:21.0578 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:39:21.0765 3964 i8042prt - ok

11:39:21.0796 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:39:22.0187 3964 Imapi - ok

11:39:22.0234 3964 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

11:39:22.0390 3964 ini910u - ok

11:39:22.0437 3964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:39:22.0656 3964 IntelIde - ok

11:39:22.0687 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:39:22.0843 3964 intelppm - ok

11:39:22.0875 3964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:39:22.0984 3964 Ip6Fw - ok

11:39:23.0015 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:39:23.0156 3964 IpFilterDriver - ok

11:39:23.0187 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:39:23.0312 3964 IpInIp - ok

11:39:23.0343 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:39:23.0484 3964 IpNat - ok

11:39:23.0531 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:39:23.0656 3964 IPSec - ok

11:39:23.0687 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:39:23.0750 3964 IRENUM - ok

11:39:23.0781 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:39:23.0921 3964 isapnp - ok

11:39:23.0953 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:39:24.0078 3964 Kbdclass - ok

11:39:24.0093 3964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:39:24.0218 3964 kbdhid - ok

11:39:24.0250 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:39:24.0359 3964 kmixer - ok

11:39:24.0406 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:39:24.0437 3964 KSecDD - ok

11:39:24.0453 3964 lbrtfdc - ok

11:39:24.0500 3964 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

11:39:24.0531 3964 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

11:39:24.0531 3964 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

11:39:24.0546 3964 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:39:24.0562 3964 mdmxsdk - ok

11:39:24.0609 3964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

11:39:24.0625 3964 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

11:39:24.0625 3964 MHNDRV - detected UnsignedFile.Multi.Generic (1)

11:39:24.0640 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:39:24.0765 3964 mnmdd - ok

11:39:24.0796 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:39:24.0921 3964 Modem - ok

11:39:24.0953 3964 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

11:39:25.0062 3964 MODEMCSA - ok

11:39:25.0093 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:39:25.0218 3964 Mouclass - ok

11:39:25.0250 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:39:25.0375 3964 mouhid - ok

11:39:25.0406 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:39:25.0546 3964 MountMgr - ok

11:39:25.0578 3964 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

11:39:25.0718 3964 mraid35x - ok

11:39:25.0750 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:39:25.0890 3964 MRxDAV - ok

11:39:25.0937 3964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:39:25.0953 3964 MRxSmb - ok

11:39:25.0984 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:39:26.0125 3964 Msfs - ok

11:39:26.0156 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:39:26.0265 3964 MSKSSRV - ok

11:39:26.0281 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:39:26.0421 3964 MSPCLOCK - ok

11:39:26.0453 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:39:26.0578 3964 MSPQM - ok

11:39:26.0609 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:39:26.0734 3964 mssmbios - ok

11:39:26.0781 3964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:39:26.0921 3964 MSTEE - ok

11:39:26.0937 3964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

11:39:27.0046 3964 Mup - ok

11:39:27.0078 3964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:39:27.0218 3964 NABTSFEC - ok

11:39:27.0265 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:39:27.0734 3964 NDIS - ok

11:39:27.0765 3964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:39:27.0906 3964 NdisIP - ok

11:39:27.0937 3964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:39:28.0031 3964 NdisTapi - ok

11:39:28.0062 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:39:28.0187 3964 Ndisuio - ok

11:39:28.0203 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:39:28.0312 3964 NdisWan - ok

11:39:28.0343 3964 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

11:39:28.0453 3964 NDProxy - ok

11:39:28.0484 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:39:28.0593 3964 NetBIOS - ok

11:39:28.0609 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:39:28.0718 3964 NetBT - ok

11:39:28.0750 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:39:28.0890 3964 Npfs - ok

11:39:28.0937 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:39:29.0078 3964 Ntfs - ok

11:39:29.0093 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:39:29.0203 3964 Null - ok

11:39:29.0359 3964 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:39:29.0500 3964 nv - ok

11:39:29.0625 3964 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys

11:39:29.0625 3964 nvatabus ( UnsignedFile.Multi.Generic ) - warning

11:39:29.0625 3964 nvatabus - detected UnsignedFile.Multi.Generic (1)

11:39:29.0656 3964 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys

11:39:29.0671 3964 nvraid ( UnsignedFile.Multi.Generic ) - warning

11:39:29.0671 3964 nvraid - detected UnsignedFile.Multi.Generic (1)

11:39:29.0718 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:39:29.0843 3964 NwlnkFlt - ok

11:39:29.0859 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:39:29.0968 3964 NwlnkFwd - ok

11:39:30.0015 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:39:30.0156 3964 Parport - ok

11:39:30.0171 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:39:30.0296 3964 PartMgr - ok

11:39:30.0328 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:39:30.0468 3964 ParVdm - ok

11:39:30.0484 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:39:30.0609 3964 PCI - ok

11:39:30.0625 3964 PCIDump - ok

11:39:30.0656 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:39:30.0765 3964 PCIIde - ok

11:39:30.0796 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:39:30.0906 3964 Pcmcia - ok

11:39:30.0921 3964 PDCOMP - ok

11:39:30.0937 3964 PDFRAME - ok

11:39:30.0953 3964 PDRELI - ok

11:39:30.0953 3964 PDRFRAME - ok

11:39:30.0984 3964 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

11:39:31.0109 3964 perc2 - ok

11:39:31.0125 3964 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

11:39:31.0265 3964 perc2hib - ok

11:39:31.0312 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:39:31.0437 3964 PptpMiniport - ok

11:39:31.0468 3964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

11:39:31.0609 3964 Processor - ok

11:39:31.0625 3964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:39:31.0875 3964 PSched - ok

11:39:31.0890 3964 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

11:39:31.0906 3964 PSI - ok

11:39:31.0921 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:39:32.0218 3964 Ptilink - ok

11:39:32.0234 3964 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:39:32.0234 3964 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

11:39:32.0234 3964 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

11:39:32.0265 3964 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

11:39:32.0406 3964 ql1080 - ok

11:39:32.0437 3964 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

11:39:32.0546 3964 Ql10wnt - ok

11:39:32.0562 3964 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

11:39:32.0671 3964 ql12160 - ok

11:39:32.0687 3964 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

11:39:32.0812 3964 ql1240 - ok

11:39:32.0843 3964 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

11:39:32.0984 3964 ql1280 - ok

11:39:33.0000 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:39:33.0109 3964 RasAcd - ok

11:39:33.0125 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:39:33.0250 3964 Rasl2tp - ok

11:39:33.0265 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:39:33.0390 3964 RasPppoe - ok

11:39:33.0421 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:39:33.0546 3964 Raspti - ok

11:39:33.0578 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:39:33.0703 3964 Rdbss - ok

11:39:33.0734 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:39:33.0828 3964 RDPCDD - ok

11:39:33.0859 3964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:39:33.0968 3964 rdpdr - ok

11:39:34.0015 3964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

11:39:34.0140 3964 RDPWD - ok

11:39:34.0171 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:39:34.0281 3964 redbook - ok

11:39:34.0328 3964 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys

11:39:34.0343 3964 SbcpHid ( UnsignedFile.Multi.Generic ) - warning

11:39:34.0343 3964 SbcpHid - detected UnsignedFile.Multi.Generic (1)

11:39:34.0390 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:39:34.0453 3964 Secdrv - ok

11:39:34.0500 3964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:39:34.0625 3964 serenum - ok

11:39:34.0656 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:39:34.0781 3964 Serial - ok

11:39:34.0812 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:39:34.0921 3964 Sfloppy - ok

11:39:34.0953 3964 Simbad - ok

11:39:34.0984 3964 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

11:39:35.0109 3964 sisagp - ok

11:39:35.0156 3964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:39:35.0281 3964 SLIP - ok

11:39:35.0312 3964 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

11:39:35.0390 3964 Sparrow - ok

11:39:35.0406 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:39:35.0531 3964 splitter - ok

11:39:35.0562 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:39:35.0625 3964 sr - ok

11:39:35.0687 3964 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

11:39:35.0750 3964 Srv - ok

11:39:35.0796 3964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

11:39:35.0796 3964 ssmdrv - ok

11:39:35.0875 3964 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

11:39:35.0953 3964 STHDA - ok

11:39:36.0000 3964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:39:36.0125 3964 streamip - ok

11:39:36.0171 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:39:36.0281 3964 swenum - ok

11:39:36.0312 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:39:36.0578 3964 swmidi - ok

11:39:36.0609 3964 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

11:39:36.0734 3964 symc810 - ok

11:39:36.0765 3964 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:39:36.0890 3964 symc8xx - ok

11:39:36.0937 3964 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

11:39:37.0062 3964 sym_hi - ok

11:39:37.0093 3964 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:39:37.0203 3964 sym_u3 - ok

11:39:37.0234 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:39:37.0343 3964 sysaudio - ok

11:39:37.0390 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:39:37.0406 3964 Tcpip - ok

11:39:37.0437 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:39:37.0765 3964 TDPIPE - ok

11:39:37.0796 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:39:38.0000 3964 TDTCP - ok

11:39:38.0031 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:39:38.0156 3964 TermDD - ok

11:39:38.0187 3964 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

11:39:38.0531 3964 TosIde - ok

11:39:38.0578 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:39:38.0781 3964 Udfs - ok

11:39:38.0812 3964 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

11:39:38.0890 3964 ultra - ok

11:39:38.0937 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:39:39.0078 3964 Update - ok

11:39:39.0140 3964 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:39:39.0171 3964 USBAAPL - ok

11:39:39.0234 3964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:39:39.0343 3964 usbaudio - ok

11:39:39.0359 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:39:39.0500 3964 usbccgp - ok

11:39:39.0515 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:39:39.0625 3964 usbehci - ok

11:39:39.0671 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:39:39.0781 3964 usbhub - ok

11:39:40.0046 3964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

11:39:40.0171 3964 usbohci - ok

11:39:40.0203 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:39:40.0343 3964 usbprint - ok

11:39:40.0687 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:39:40.0796 3964 usbscan - ok

11:39:40.0828 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:39:40.0937 3964 USBSTOR - ok

11:39:40.0968 3964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:39:41.0078 3964 usbuhci - ok

11:39:41.0125 3964 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:39:41.0234 3964 usbvideo - ok

11:39:41.0359 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:39:41.0578 3964 VgaSave - ok

11:39:41.0640 3964 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:39:42.0015 3964 viaagp - ok

11:39:42.0046 3964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:39:42.0171 3964 ViaIde - ok

11:39:42.0218 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:39:42.0312 3964 VolSnap - ok

11:39:42.0421 3964 w200bus (34923e278eac7ddcea717ae1fcf592f6) C:\WINDOWS\system32\DRIVERS\w200bus.sys

11:39:42.0562 3964 w200bus ( UnsignedFile.Multi.Generic ) - warning

11:39:42.0562 3964 w200bus - detected UnsignedFile.Multi.Generic (1)

11:39:42.0593 3964 w200mdfl (eff90a983cd3deab05922242e8072dc6) C:\WINDOWS\system32\DRIVERS\w200mdfl.sys

11:39:42.0593 3964 w200mdfl ( UnsignedFile.Multi.Generic ) - warning

11:39:42.0593 3964 w200mdfl - detected UnsignedFile.Multi.Generic (1)

11:39:42.0640 3964 w200mdm (f03da4fbb2708a0b5409ea63e88c0f50) C:\WINDOWS\system32\DRIVERS\w200mdm.sys

11:39:42.0781 3964 w200mdm ( UnsignedFile.Multi.Generic ) - warning

11:39:42.0781 3964 w200mdm - detected UnsignedFile.Multi.Generic (1)

11:39:42.0875 3964 w200mgmt (1522d6387e6bb54aef9824b1733832db) C:\WINDOWS\system32\DRIVERS\w200mgmt.sys

11:39:42.0875 3964 w200mgmt ( UnsignedFile.Multi.Generic ) - warning

11:39:42.0875 3964 w200mgmt - detected UnsignedFile.Multi.Generic (1)

11:39:42.0906 3964 w200obex (8405be0bba1ccf26d0fbdd26be03c816) C:\WINDOWS\system32\DRIVERS\w200obex.sys

11:39:42.0937 3964 w200obex ( UnsignedFile.Multi.Generic ) - warning

11:39:42.0937 3964 w200obex - detected UnsignedFile.Multi.Generic (1)

11:39:42.0968 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:39:43.0093 3964 Wanarp - ok

11:39:43.0093 3964 WDICA - ok

11:39:43.0140 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:39:43.0250 3964 wdmaud - ok

11:39:43.0296 3964 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:39:43.0359 3964 winachsf - ok

11:39:43.0437 3964 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys

11:39:43.0468 3964 WpdUsb - ok

11:39:43.0531 3964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:39:43.0656 3964 WSTCODEC - ok

11:39:43.0703 3964 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

11:39:43.0734 3964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:39:43.0734 3964 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:39:43.0765 3964 Boot (0x1200) (a79e6208509ae65cdcec86d6ad1573d8) \Device\Harddisk0\DR0\Partition0

11:39:43.0765 3964 \Device\Harddisk0\DR0\Partition0 - ok

11:39:43.0765 3964 ============================================================

11:39:43.0765 3964 Scan finished

11:39:43.0765 3964 ============================================================

11:39:43.0875 3948 Detected object count: 26

11:39:43.0875 3948 Actual detected object count: 26

11:41:27.0250 3948 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine

11:41:27.0250 3948 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\cdrom.sys) error 1813

11:41:27.0750 3948 Backup copy found, using it..

11:41:27.0796 3948 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot

11:41:29.0453 3948 Cdrom ( Virus.Win32.ZAccess.j ) - User select action: Cure

11:41:29.0453 3948 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0453 3948 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0453 3948 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0453 3948 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0453 3948 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0453 3948 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0453 3948 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0468 3948 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0468 3948 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0468 3948 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0468 3948 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0468 3948 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0468 3948 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0468 3948 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0468 3948 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0468 3948 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0484 3948 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0484 3948 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0484 3948 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0484 3948 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0484 3948 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0484 3948 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0484 3948 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0484 3948 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0531 3948 C:\WINDOWS\4030726373:452968207.exe - copied to quarantine

11:41:29.0531 3948 HKLM\SYSTEM\ControlSet001\services\e50040f0 - will be deleted on reboot

11:41:29.0531 3948 HKLM\SYSTEM\ControlSet002\services\e50040f0 - will be deleted on reboot

11:41:29.0546 3948 C:\WINDOWS\4030726373:452968207.exe - will be deleted on reboot

11:41:29.0546 3948 e50040f0 ( Rootkit.Win32.PMax.gen ) - User select action: Delete

11:41:29.0546 3948 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0546 3948 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0546 3948 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0546 3948 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0546 3948 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0546 3948 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0546 3948 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0546 3948 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0562 3948 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0562 3948 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0562 3948 SbcpHid ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0562 3948 SbcpHid ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0562 3948 w200bus ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0562 3948 w200bus ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0562 3948 w200mdfl ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0562 3948 w200mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0578 3948 w200mdm ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0578 3948 w200mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0578 3948 w200mgmt ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0578 3948 w200mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0578 3948 w200obex ( UnsignedFile.Multi.Generic ) - skipped by user

11:41:29.0578 3948 w200obex ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:41:29.0578 3948 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:41:29.0578 3948 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:42:05.0062 3728 Deinitialize success

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

As of now my computer is running extremely slow, even just running IE. Is is taking longer then normal when starting up. I get random pops now and then while in IE, usually after clicking a url and nearly every time when its a google search (havent tried any others.) There are multiple svchosts running in the task bar, one of which will sometimes use 100 % CPU.

I will download Combofix and run it after I post this and post the reults after it has completed. I also beleive this computer has Windows Recovery already installed, but will install it if not.

Link to post
Share on other sites

Ok, so, computer wont even turn on now. I get a blue screen saying an error occured and windows had been shut down to save my files. It said to check for viruses as well as the harddrive and to run CHKDSK /F. Then at the bottom it gave the error code:

*** STOP: 0x0000007B (0xF78A2528, 0xC0000034, 0x00000000, 0x00000000)

I ran ComboFix, it installed the Windows Recovery Console, then ran for about a half hour. During the last 10 mins or so it gave me several pop ups stating I have a Zeroaccess rootkit and that it would take some moments. Then it said Combofix has encountered rootkit activity and must shut down and restarted.

Once it restarted, it started ComboFix again, before anything else on my desktop loaded. This time it ran all the way through and said to allow ComboFix to reboot my machine, which I did. When it started back up the first time, it went past the Recovery Console screen like normal, but instead of loading like usual I got the blue screen with the error message above.

I then manually turned off the computer and restarted it. This time it gave me a black screen first saying Windows couldnt open correctly and gave me several options (Safe Mode, SM w/ Networking, SM w/ Command Prompt, Last Known Good Config, Start Normally) First I went with the suggested Last Known Good, didnt load, blue screen again. I proceeded to try each option but got the same blue screen with the same error message.

Right now I am on a seperate laptop in the house. Not sure at all what to do next. Any help would be great.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.