Jump to content

Malwaebytes Screen could not be opened


hkw
 Share

Recommended Posts

Followings are comments made by Gammo after posting at Malware Removal - HijackThis Logs during 30 Nov - 07 Dec 2010 to remove any infections if there are any:

"Your problem is not malware related. I suggest you start a new topic about the issue in the General Malwarebytes' Anti-Malware Forum.

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections."

But the problems occurred recently are still existed which are given as below:

When I now click the MBAM icon at Desktop, there are error messages.

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_EXPANDING_VARIABLES(0,48)

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_MISSING_FILE(3,0,mbamswissarmy.sys)

System cannot find the appointed path.

[OpenEvent] fails to carry out required operation.

Error Code:2.

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please do the following to see if it resolves the issue:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Please run the following and post back the logs. What language is the operating system?

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

DDS.txt :

DDS (Ver_10-12-12.02) - NTFSx86

Run by david at 18:13:06.95 on 2010/12/17 ???

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.1024.580 [GMT 8:00]

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\WINDOWS\system32\zstatus.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\program files\real\realplayer\update\realsched.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\david\??\dds.scr

C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://hk.yahoo.com/

BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\documents and settings\david\??\thunder_v5.9.24.1506\comdlls\TDMediaDetector5.9.24.1506.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\documents and settings\david\??\thunder_v5.9.24.1506\comdlls\xunleiBHO_Now.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync

mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\???~1\???\??\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\???~1\???\??\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe

IE: ?????? - c:\documents and settings\david\??\thunder_v5.9.24.1506\program\geturl.htm

IE: ?????????? - c:\documents and settings\david\??\thunder_v5.9.24.1506\program\getallurl.htm

IE: ??? Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: ???????????? - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-12-10 315408]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-5 20952]

S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-5 304464]

S3 cpuz132;cpuz132;\??\c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-12-17 00:40:09 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Real

2010-12-17 00:34:30 -------- d-----w- c:\program files\common files\xing shared

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin6.dll

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin5.dll

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin4.dll

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin3.dll

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin2.dll

2010-12-15 09:54:42 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin.dll

2010-12-10 13:44:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-10 13:44:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-10 13:42:48 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-10 13:40:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-12-09 00:20:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2010-12-04 18:13:18 -------- d-sha-r- C:\cmdcons

2010-12-02 23:28:22 -------- d-----w- c:\program files\SlySoft

2010-11-30 20:43:26 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2010-11-29 09:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 09:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2010-11-17 10:36:59 -------- d-----w- c:\program files\iPod

2010-11-17 10:36:51 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-12-17 00:32:59 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-17 00:32:59 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-18 18:12:44 73728 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:21:14 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21:09 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-04 08:44:15 47360 ----a-w- c:\docume~1\david\applic~1\pcouffin.sys

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:35 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05:49 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-10-18 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

============= FINISH: 18:14:33.93 ===============

Attach.txt :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2010/4/21 ?? 12:11:27

System Uptime: 2010/12/17 ?? 06:19:26 (12 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S8X

Processor: Intel® Celeron® CPU 2.00GHz | PGA 478 | 2000/100mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 59 GiB total, 45.843 GiB free.

D: is FIXED (NTFS) - 90 GiB total, 48.698 GiB free.

E: is FIXED (NTFS) - 39 GiB total, 0.644 GiB free.

F: is FIXED (NTFS) - 18 GiB total, 5.706 GiB free.

G: is CDROM ()

H: is CDROM ()

J: is CDROM ()

K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2010/12/8 ?? 01:16:55 - ?????

RP2: 2010/12/9 ?? 01:54:50 - ?????

RP3: 2010/12/9 ?? 07:37:56 - Removed Kaspersky Internet Security 2011.

RP7: 2010/12/10 ?? 09:03:39 - ?????

RP9: 2010/12/10 ?? 09:42:22 - ??? Kaspersky Internet Security 2010?

RP10: 2010/12/12 ?? 12:37:00 - ?????

RP11: 2010/12/13 ?? 01:09:02 - ?????

RP12: 2010/12/15 ?? 10:10:44 - ?????

RP13: 2010/12/15 ?? 07:02:19 - Software Distribution Service 3.0

RP14: 2010/12/16 ?? 08:26:41 - ?????

==== Installed Programs ======================

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Recommended Settings CS4

Adobe Color NA Extra Settings CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI others

Adobe Flash CS4 Professional

Adobe Flash CS4 STI-other

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Reader 9.4.1 - Chinese Traditional

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advertising Center

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

C-Media WDM Audio Driver

Combined Community Codec Pack 2009-09-09

Connect

DolbyFiles

DVDFab 8.0.2.1 (30/09/2010)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

HP LaserJet 1000

ImageMixer VCD2

ImagXpress

iTunes

Java Auto Updater

Java 6 Update 22

K-Lite Mega Codec Pack 6.5.0

Kaspersky Internet Security 2010

kuler

Malwarebytes' Anti-Malware

MediaMonkey 3.2

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Trial

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero DiscSpeed

Nero DriveSpeed

Nero InfoTool

Nero Installer

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

PDF Settings CS4

Photoshop Camera Raw

Picture Package

Pixel Bender Toolkit

QuickTime

Real Alternative 2.0.2

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Sony USB Driver

SoundTrax

Suite Shared Configuration CS4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

WebFldrs XP

Windows Internet Explorer 8

Windows Internet Explorer 8 ????? (KB2360131)

Windows Internet Explorer 8 ????? (KB2416400)

Windows Internet Explorer 8 ????? (KB971961)

Windows Internet Explorer 8 ????? (KB981332)

Windows Internet Explorer 8 ?? (KB976662)

Windows Internet Explorer 8 ?? (KB980182)

Windows Internet Explorer 8 ?? (KB980302)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11 Hotfix (KB939683)

Windows Media Player 11 ????? (KB954154)

Windows Media Player ????? (KB2378111)

Windows Media Player ????? (KB952069)

Windows Media Player ????? (KB954155)

Windows Media Player ????? (KB968816)

Windows Media Player ????? (KB973540)

Windows Media Player ????? (KB975558)

Windows Media Player ????? (KB978695)

Windows XP Hotfix (KB2158563)

Windows XP Hotfix (KB2443685)

Windows XP Hotfix (KB952287)

Windows XP Hotfix (KB961118)

Windows XP Hotfix (KB979306)

Windows XP ????? (KB2079403)

Windows XP ????? (KB2115168)

Windows XP ????? (KB2121546)

Windows XP ????? (KB2229593)

Windows XP ????? (KB2259922)

Windows XP ????? (KB2279986)

Windows XP ????? (KB2286198)

Windows XP ????? (KB2296011)

Windows XP ????? (KB2296199)

Windows XP ????? (KB2347290)

Windows XP ????? (KB2360937)

Windows XP ????? (KB2387149)

Windows XP ????? (KB2423089)

Windows XP ????? (KB2436673)

Windows XP ????? (KB2440591)

Windows XP ????? (KB2443105)

Windows XP ????? (KB923561)

Windows XP ????? (KB941569)

Windows XP ????? (KB946648)

Windows XP ????? (KB950760)

Windows XP ????? (KB950762)

Windows XP ????? (KB950974)

Windows XP ????? (KB951066)

Windows XP ????? (KB951376-v2)

Windows XP ????? (KB951748)

Windows XP ????? (KB952004)

Windows XP ????? (KB952954)

Windows XP ????? (KB954459)

Windows XP ????? (KB955069)

Windows XP ????? (KB956572)

Windows XP ????? (KB956744)

Windows XP ????? (KB956802)

Windows XP ????? (KB956803)

Windows XP ????? (KB956844)

Windows XP ????? (KB958644)

Windows XP ????? (KB958869)

Windows XP ????? (KB959426)

Windows XP ????? (KB960225)

Windows XP ????? (KB960803)

Windows XP ????? (KB960859)

Windows XP ????? (KB961501)

Windows XP ????? (KB969059)

Windows XP ????? (KB969947)

Windows XP ????? (KB970238)

Windows XP ????? (KB970430)

Windows XP ????? (KB971468)

Windows XP ????? (KB971657)

Windows XP ????? (KB972270)

Windows XP ????? (KB973354)

Windows XP ????? (KB973507)

Windows XP ????? (KB973869)

Windows XP ????? (KB973904)

Windows XP ????? (KB974112)

Windows XP ????? (KB974318)

Windows XP ????? (KB974392)

Windows XP ????? (KB974571)

Windows XP ????? (KB975025)

Windows XP ????? (KB975467)

Windows XP ????? (KB975560)

Windows XP ????? (KB975561)

Windows XP ????? (KB975562)

Windows XP ????? (KB975713)

Windows XP ????? (KB977816)

Windows XP ????? (KB977914)

Windows XP ????? (KB978037)

Windows XP ????? (KB978262)

Windows XP ????? (KB978338)

Windows XP ????? (KB978542)

Windows XP ????? (KB978601)

Windows XP ????? (KB978706)

Windows XP ????? (KB979309)

Windows XP ????? (KB979482)

Windows XP ????? (KB979683)

Windows XP ????? (KB979687)

Windows XP ????? (KB980195)

Windows XP ????? (KB980232)

Windows XP ????? (KB980436)

Windows XP ????? (KB981322)

Windows XP ????? (KB981852)

Windows XP ????? (KB981957)

Windows XP ????? (KB981997)

Windows XP ????? (KB982132)

Windows XP ????? (KB982214)

Windows XP ????? (KB982665)

Windows XP ?? (KB2141007)

Windows XP ?? (KB2345886)

Windows XP ?? (KB2467659)

Windows XP ?? (KB898461)

Windows XP ?? (KB951978)

Windows XP ?? (KB955759)

Windows XP ?? (KB967715)

Windows XP ?? (KB968389)

Windows XP ?? (KB971737)

Windows XP ?? (KB973687)

Windows XP ?? (KB973815)

WinRAR ????

==== End Of File ===========================

Link to post
Share on other sites

I still cannot open MBAM and when I double-click the desktop icon, error messages appear as follows:

When I now click the MBAM icon at Desktop, there are error messages.

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_EXPANDING_VARIABLES(0,48)

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_MISSING_FILE(3,0,mbamswissarmy.sys)

System cannot find the appointed path.

[OpenEvent] fails to carry out required operation.

Error Code:2.

And how can I disable the Shuriken Heuristics under Settings, Scanner Settings since I can't find the location of Shuriken Heuristics.

Link to post
Share on other sites

  • Root Admin

Please run the following on the system.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

ComboFix.txt :

ComboFix 10-12-17.02 - david /12/18 ??? 19:54:45.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.1024.695 [GMT 8:00]

????: c:\documents and settings\david\??\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((( 2010-11-18 ? 2010-12-18 ????? )))))))))))))))))))))))))))))))

.

2010-12-17 00:40 . 2010-12-17 00:40 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Real

2010-12-17 00:34 . 2010-12-17 00:34 -------- d-----w- c:\program files\Common Files\xing shared

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin6.dll

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin5.dll

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin4.dll

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin3.dll

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin2.dll

2010-12-15 09:54 . 2010-12-15 09:54 159744 ----a-w- c:\program files\Internet Explorer\????\npqtplugin.dll

2010-12-15 09:53 . 2010-12-15 09:54 -------- d-----w- c:\program files\QuickTime

2010-12-10 13:44 . 2010-12-10 14:46 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2010-12-10 13:44 . 2010-12-10 14:46 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2010-12-10 13:42 . 2010-12-10 13:42 -------- d-----w- c:\program files\Kaspersky Lab

2010-12-10 13:40 . 2010-12-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-12-09 00:20 . 2010-12-18 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-12-02 23:28 . 2010-12-02 23:28 -------- d-----w- c:\program files\SlySoft

2010-11-30 20:43 . 2010-11-30 20:43 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2010-11-29 09:38 . 2010-11-29 09:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 09:38 . 2010-11-29 09:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2010-11-24 09:44 . 2010-11-24 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-17 00:32 . 2010-11-14 10:39 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-12-17 00:32 . 2010-11-14 10:39 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-18 18:12 . 2010-04-20 16:05 73728 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:21 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-04 08:44 . 2010-04-21 10:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-11-04 08:44 . 2010-04-21 10:17 47360 ----a-w- c:\documents and settings\david\Application Data\pcouffin.sys

2010-11-03 12:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-15 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2008-04-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05 . 2008-04-15 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-10-18 08:00 . 2010-11-05 08:45 108032 ----a-w- c:\windows\system32\ff_vfw.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 1791B79392B2C5681F220423E7B14DCA . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-15 . 241D706AC46BC7D59B25C58BF1B08F13 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-01 4713032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]

"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-12-10 340520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-17 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\???????\???\??\

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2010-4-21 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2010-4-21 106496]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]

IME File REG_SZ MSTCICJA.IME

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.85\\ThunderService.exe"=

"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.85\\XLBugReport.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009/10/14 ?? 08:18 36880]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010/4/21 ?? 03:50 717296]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009/9/14 ?? 01:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009/10/2 ?? 06:39 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/11/5 ?? 12:46 20952]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/11/5 ?? 12:46 304464]

.

Link to post
Share on other sites

tdsskiller.exe.log :

2010/12/21 18:14:39.0837 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/21 18:14:39.0837 ================================================================================

2010/12/21 18:14:39.0852 SystemInfo:

2010/12/21 18:14:39.0852

2010/12/21 18:14:39.0852 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/21 18:14:39.0852 Product type: Workstation

2010/12/21 18:14:39.0852 ComputerName: HOME-D38C3AB9C5

2010/12/21 18:14:39.0852 UserName: david

2010/12/21 18:14:39.0852 Windows directory: C:\WINDOWS

2010/12/21 18:14:39.0852 System windows directory: C:\WINDOWS

2010/12/21 18:14:39.0852 Processor architecture: Intel x86

2010/12/21 18:14:39.0852 Number of processors: 1

2010/12/21 18:14:39.0852 Page size: 0x1000

2010/12/21 18:14:39.0852 Boot type: Normal boot

2010/12/21 18:14:39.0852 ================================================================================

2010/12/21 18:14:41.0180 Initialize success

2010/12/21 18:15:57.0258 ================================================================================

2010/12/21 18:15:57.0258 Scan started

2010/12/21 18:15:57.0258 Mode: Manual;

2010/12/21 18:15:57.0258 ================================================================================

2010/12/21 18:16:03.0180 ACPI (f0f77b58315294b11a142425a31d2a91) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/21 18:16:03.0508 ACPIEC (619410be0b33801f0fa0ad994b153cb4) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/21 18:16:03.0774 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/21 18:16:03.0946 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/21 18:16:04.0821 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys

2010/12/21 18:16:05.0383 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/21 18:16:05.0587 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/21 18:16:05.0930 ati2mtag (8aca95fbd491de2ccd980e967b89eb67) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/21 18:16:06.0102 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/21 18:16:06.0399 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/21 18:16:06.0602 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/21 18:16:06.0899 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/21 18:16:07.0180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/21 18:16:07.0321 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/21 18:16:07.0493 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

2010/12/21 18:16:07.0774 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/21 18:16:08.0305 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys

2010/12/21 18:16:09.0149 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/21 18:16:09.0337 dmboot (5f7cda0fb67900e82127a7249f08a8b0) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/21 18:16:09.0555 dmio (7f871791c3fc53b6e8e6c804820a8deb) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/21 18:16:09.0696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/21 18:16:09.0883 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/21 18:16:10.0196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/21 18:16:10.0415 ElbyCDIO (fba15c1dd6d7c106a3ac519d97778b7b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2010/12/21 18:16:10.0649 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/21 18:16:10.0805 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/21 18:16:10.0962 Fips (9f124bb47b9a5973e4f025926af1be49) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/21 18:16:11.0165 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/12/21 18:16:11.0352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/12/21 18:16:11.0540 FsVga (10a80a866a41490a43fdcccfeef0dce4) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2010/12/21 18:16:11.0696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/21 18:16:11.0852 Ftdisk (de92525813b461317e95221a2a0d49ca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/21 18:16:12.0008 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/12/21 18:16:12.0165 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/12/21 18:16:12.0305 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/21 18:16:12.0649 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

2010/12/21 18:16:12.0868 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

2010/12/21 18:16:13.0118 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/21 18:16:13.0633 i8042prt (5c97e366c9cae77205966f04f554406b) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/21 18:16:13.0837 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/21 18:16:14.0290 intelppm (2a416395b55933ad87e97ee0b1a32d27) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/21 18:16:14.0430 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/12/21 18:16:14.0602 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/21 18:16:14.0758 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/21 18:16:14.0899 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/21 18:16:15.0071 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/21 18:16:15.0290 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/21 18:16:15.0477 isapnp (0bc81e31075989c89e0328cf94e75d61) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/21 18:16:15.0633 Kbdclass (781a83ee8d53443539e54d4743437196) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/21 18:16:15.0790 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys

2010/12/21 18:16:15.0946 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys

2010/12/21 18:16:16.0118 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys

2010/12/21 18:16:16.0274 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys

2010/12/21 18:16:16.0430 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/12/21 18:16:16.0571 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/21 18:16:16.0743 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/21 18:16:17.0102 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

2010/12/21 18:16:17.0321 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/12/21 18:16:17.0493 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/21 18:16:17.0649 Modem (cf73e8aa9b3679a7dc456e12b4047e1a) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/21 18:16:17.0805 Mouclass (4f970d7b5ff265c830142c12d5164991) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/21 18:16:17.0946 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/21 18:16:18.0258 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/21 18:16:18.0477 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/21 18:16:18.0680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/21 18:16:18.0837 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/21 18:16:18.0993 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/21 18:16:19.0165 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/21 18:16:19.0337 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/21 18:16:19.0493 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/21 18:16:19.0680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/21 18:16:19.0837 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/21 18:16:19.0993 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/21 18:16:20.0165 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/21 18:16:20.0337 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/21 18:16:20.0540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/21 18:16:20.0727 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/21 18:16:21.0024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/21 18:16:21.0212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/21 18:16:21.0415 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/21 18:16:21.0587 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/21 18:16:21.0696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/21 18:16:21.0883 Parport (2665738bbc2167dac4f7624e91714034) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/21 18:16:22.0040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/21 18:16:22.0133 ParVdm (3d531ced44f72ef076ff795c001aa9f8) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/21 18:16:22.0321 PCI (b60f8943711a08dc958f1b3795d7119b) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/21 18:16:22.0540 PCIIde (ac2184c04a60148445a6a7d31c1e8c4f) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/21 18:16:22.0696 Pcmcia (27be6ff1e22da3cffbff1ee3cddd89dd) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/21 18:16:23.0008 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/12/21 18:16:24.0602 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/21 18:16:24.0790 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/21 18:16:24.0962 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/21 18:16:25.0758 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/21 18:16:25.0962 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/21 18:16:26.0133 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/21 18:16:26.0337 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/21 18:16:26.0493 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/21 18:16:26.0649 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/21 18:16:26.0805 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/21 18:16:27.0040 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/21 18:16:27.0243 redbook (6f4819152b79b034d74355e0aec029fd) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/21 18:16:27.0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/21 18:16:27.0712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/21 18:16:27.0868 Serial (7bed99aa723319389c934447bcae93a1) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/21 18:16:28.0118 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/21 18:16:28.0446 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/12/21 18:16:28.0602 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys

2010/12/21 18:16:28.0868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/21 18:16:29.0087 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/12/21 18:16:29.0087 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/12/21 18:16:29.0118 sptd - detected Locked file (1)

2010/12/21 18:16:29.0243 sr (d9c8f57aa380fa3d2332847071be50f0) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/21 18:16:29.0462 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/21 18:16:29.0680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/21 18:16:29.0883 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/21 18:16:30.0508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/21 18:16:30.0727 Tcpip (1791b79392b2c5681f220423e7b14dca) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/21 18:16:30.0883 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/21 18:16:31.0040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/21 18:16:31.0227 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/21 18:16:31.0602 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/21 18:16:31.0852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/21 18:16:32.0071 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/21 18:16:32.0258 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/21 18:16:32.0415 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/12/21 18:16:32.0587 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/21 18:16:32.0805 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/21 18:16:33.0087 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/21 18:16:33.0415 VolSnap (ea8669259fd8fa264c168b38741db8f3) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/21 18:16:33.0633 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/21 18:16:33.0915 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/21 18:16:34.0118 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

2010/12/21 18:16:34.0587 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/21 18:16:34.0758 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/21 18:16:35.0337 ================================================================================

2010/12/21 18:16:35.0337 Scan finished

2010/12/21 18:16:35.0337 ================================================================================

2010/12/21 18:16:35.0430 Detected object count: 1

2010/12/21 18:17:35.0290 Locked file(sptd) - User select action: Skip

I haven't take any action after scan. Do I delete the threat found or move it to quarantine?

Link to post
Share on other sites

After scan, TDSSKILLER removed the infected file through system reboot.

But the problems occurred recently are still existed as below:

When I now click the MBAM icon at Desktop, there are error messages.

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_EXPANDING_VARIABLES(0,48)

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_MISSING_FILE(3,0,mbamswissarmy.sys)

System cannot find the appointed path.

[OpenEvent] fails to carry out required operation.

Error Code:2.

Link to post
Share on other sites

  • Root Admin

That is strange and the Combofix log here shows that your TCPIP.SYS file is no longer signed.

[-] 2008-06-20 . 1791B79392B2C5681F220423E7B14DCA . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

Did you modify it yourself ?

Please see if you can update your Java and run an online Anti-Virus scan and post back the results.

What we need to do now is run this online scan to search for any remnants. It can take several hours, so please be patient and allow it to run it's full course.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Link to post
Share on other sites

Updating of Kaspersky online scanner is impossible with Java interruption since my security software is Kaspersky Internet Security 2010 even I deactivate Kaspersky software. I then go to Kasperksy Lab website to perform online scanner but it was not available as under modification for newer release.

Please advise what should I do now!

Link to post
Share on other sites

  • Root Admin

Please try the following scanner then.

Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

If that one won't run then try this one.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

ESET.log.text :

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP1\A0000057.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP1\A0000059.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP14\A0003674.exe probably a variant of Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP15\A0003726.exe Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP24\A0004586.exe a variant of Win32/Packed.VMProtect.AAH trojan (unable to clean) 00000000000000000000000000000000

Link to post
Share on other sites

  • Root Admin

That is only some stuff in the System Restore that shouldn't be an issue.

Please run the following.

STEP 01

Click on
START - RUN
and type in
SIGVERIF
and click OK

This is a Microsoft File Signature Verification program that will check some file status for us.

  • Click on the
    START
    button and let it run.

  • It will popup a box when it's done to show the status, you can close that box.

  • Close the
    File Signature Verification
    application.

  • Find and attach the file C:\WINDOWS\
    SIGVERIF.TXT
    to your reply.

  • DO NOT
    post the log directly into your reply, attach the file please.

STEP 02

    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

ntbtlog.txt :

Service Pack 312 30 2010 18:07:54.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltMgr.sys

Loaded driver sr.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver sisagp.sys

Loaded driver Mup.sys

Loaded driver klbg.sys

Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\ati2mtag.sys

Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\system32\DRIVERS\parport.sys

Loaded driver \SystemRoot\system32\DRIVERS\serial.sys

Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\klmouflt.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\System32\Drivers\AnyDVD.sys

Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

Loaded driver \SystemRoot\system32\drivers\cmuda.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\sisnic.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSFBS2S2.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSFDPSP2.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSFCXTS2.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\system32\DRIVERS\fsvga.sys

Loaded driver \SystemRoot\system32\DRIVERS\klim5.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\System32\Drivers\pcouffin.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Loaded driver \SystemRoot\system32\DRIVERS\klif.sys

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Did not load driver \SystemRoot\System32\Drivers\cdrbsvsd.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\kl1.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\System32\Drivers\ElbyCDIO.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \??\C:\WINDOWS\system32\drivers\mbam.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

SIGVERIF.txt is attahced for your reference.

SIGVERIF.txt.TXT

Link to post
Share on other sites

  • Root Admin

Let me ask you a couple of questions.

Your C:\WINDOWS\SYSTEM32\TCPIP.SYS file is not signed for some reason. Did you modify it for use with Peer2Peer software or something?

You say that IF you rename MBAM.EXE to TOOL.EXE then the error goes away and the program will run, is that still true?

Have you run a full disk check on the drive anytime recently? CHKDSK /R

Link to post
Share on other sites

I think you've mistaken someone else reply instead of mine. That one is m00ndoq with post#14 which I have no idea at all.

I haven't modify the drive with Peer2Peer software or something and never rename my MBAM.EXE to TOOL.EXE whatsoever.

I also haven't run a full disk check on the drive recently.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.