Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Crashing Unexpectedly/Chrome Not Working

Started by Seven14 , Jan 07 2011 08:00 PM

  • This topic is locked This topic is locked

#16
Dakeyras
Posted 22 January 2011 - 04:48 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

At this point, I think I should thank you for the extended effort you're putting into helping me. It's much appreciated.

You're most welcome!

Please bare with me until I reply next as I am awaiting upon some advice from a well respected colleague. Thank you.
  • 0

Advertisements

#17
Dakeyras
Posted 22 January 2011 - 06:52 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi again. ;)

Now regarding the MBRCheck Log you posted, it may be possible the actual Windows 7 Master Boot Record is either corrupted/compromised and or it may just be a Sony Computer one just not recognised by the check. Though I am suspecting it may be the former judging by the TDSSKiller Log and or what is known as a false positive and not the cause of the IE issues.

Now before I advise anything proactive wise...I would prefer to err on the side of caution, we actually check MBR further as follows. Reason being when dealing with such on a W7 machine you have to be especially careful and I have no wish to leave your machine a unbootible lump...Though the good side is I had the foresight to provide you with advice for creating a SRD disk just in-case we need it again. Please do not be alarmed by this statement, merely view it as myself as providing further reassurance for your good self.:D

Note: My personal thanks to noahdfear for much appreciated advice!

Re-scan with MBRCheck:

  • Right-click on MBRCheck.exe and select Run as Administrator.
  • A window similar to this should open on your desktop:-
Posted Image

  • Now type 1 and hit Enter to select 'dump the mbr to file'
  • Type 0 and hit Enter to dump the mbr of physical disk 0
  • Enter a filename for the dump then press Enter
  • Now type -1 and hit Enter to quit then hit Enter again to exit mbrcheck.
  • Upload the contents of this saved file as a attachment in your next reply please.
How to attach a file for posting:-

Add Reply >> Under Attachments >> Click on Browse... >> Navigate to the file you have just saved to the Desktop >> Attach This File >> Add Reply

Create a MBR Backup:

  • Please download MBRBackup to your Desktop.
  • Right-click on MBRBackup.exe and select Run as Administrator to launch the program.
  • Click on SaveMBR... (top left corner) and save the backup file to your Desktop. It will have a name similar to MBR_YYYY-DD-DD.bin where the numbers correspond to the date the backup was made.
  • Save this file to the desktop >> click on Exit.
Next:

Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:- 

http://www.geekstogo.com/forum/topic/293602-windows-crashing-unexpectedlychrome-not-working/page__st__15
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

MBR_YYYY-DD-DD <-- This is the file I asked to be saved to your desktop with MBR Backup.

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.
  • 0

#18
Seven14
Posted 23 January 2011 - 10:10 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,

My personal thanks to noahdfear as well for his or her help. :D

The good news: I uploaded the MBR file you requested.

The bad news (or possibly more good): Running MBRCheck again, I did not get the same warning. Instead, it said "Windows 7 MBR code detected".

So I was unable to create the dump file you requested. Instead, here is the new log from MBRCheck (I tried, unsuccessfully, multiple times to try and get the error message again, but this is the last one and the only one I kept.)

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VPCEC25FD
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 198):
0x03005000 \SystemRoot\system32\ntoskrnl.exe
0x035E1000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00CB8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFC000 \SystemRoot\system32\PSHED.dll
0x00D10000 \SystemRoot\system32\CLFS.SYS
0x00E6E000 \SystemRoot\system32\CI.dll
0x00F2E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FD2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0102F000 \SystemRoot\System32\Drivers\spjp.sys
0x01155000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0115E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0118D000 \SystemRoot\system32\drivers\ACPI.sys
0x011E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x011EE000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x01000000 \SystemRoot\System32\drivers\partmgr.sys
0x01015000 \SystemRoot\system32\drivers\compbatt.sys
0x0101E000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E33000 \SystemRoot\system32\drivers\volmgr.sys
0x00D6E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E48000 \SystemRoot\System32\drivers\mountmgr.sys
0x01250000 \SystemRoot\system32\drivers\iaStor.sys
0x01458000 \SystemRoot\system32\drivers\amdxata.sys
0x01463000 \SystemRoot\system32\drivers\fltmgr.sys
0x014AF000 \SystemRoot\system32\drivers\fileinfo.sys
0x014C3000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01608000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014CF000 \SystemRoot\System32\Drivers\msrpc.sys
0x017AB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0152D000 \SystemRoot\System32\Drivers\cng.sys
0x017C5000 \SystemRoot\System32\drivers\pcw.sys
0x017D6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018CF000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x015A0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01200000 \SystemRoot\system32\drivers\volsnap.sys
0x0188B000 \SystemRoot\System32\Drivers\spldr.sys
0x01893000 \SystemRoot\System32\drivers\rdyboost.sys
0x019C1000 \SystemRoot\System32\Drivers\mup.sys
0x019D3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DC000 \SystemRoot\system32\drivers\disk.sys
0x00C3A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00C6A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00DCA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x019F2000 \SystemRoot\System32\Drivers\Null.SYS
0x017E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x017E7000 \SystemRoot\System32\drivers\vga.sys
0x02E9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02EC1000 \SystemRoot\System32\drivers\watchdog.sys
0x02ED1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02EDA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02EE3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02EEC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02EF7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02F08000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02F26000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02F33000 \SystemRoot\system32\drivers\afd.sys
0x02E00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02E4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02E74000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02E8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FBD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FD8000 \SystemRoot\system32\drivers\termdd.sys
0x02FEC000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x0408A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040DB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x040E7000 \SystemRoot\system32\drivers\mssmbios.sys
0x040F2000 \SystemRoot\System32\drivers\discache.sys
0x04101000 \SystemRoot\System32\Drivers\dfsc.sys
0x0411F000 \SystemRoot\system32\drivers\blbdrive.sys
0x04130000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04AAD000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x050D2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A46000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04A6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04A7B000 \SystemRoot\system32\drivers\usbehci.sys
0x04156000 \SystemRoot\system32\drivers\USBPORT.SYS
0x0423B000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043B8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x043C5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04200000 \SystemRoot\system32\drivers\rimssne64.sys
0x04220000 \SystemRoot\system32\drivers\risdsne64.sys
0x04000000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04A8C000 \SystemRoot\system32\drivers\i8042prt.sys
0x043E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x041AC000 \SystemRoot\system32\drivers\Apfiltr.sys
0x051C6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043F4000 \SystemRoot\system32\drivers\SFEP.sys
0x04498000 \SystemRoot\System32\Drivers\ay7wx2sl.SYS
0x044DD000 \SystemRoot\system32\drivers\intelppm.sys
0x044F3000 \SystemRoot\system32\drivers\CmBatt.sys
0x044F8000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04508000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0451E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04542000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0454E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0457D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04598000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045B9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04400000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x0443D000 \SystemRoot\system32\drivers\swenum.sys
0x0443F000 \SystemRoot\system32\drivers\ks.sys
0x04482000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05200000 \SystemRoot\system32\drivers\usbhub.sys
0x0525A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0526F000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x052A2000 \SystemRoot\system32\drivers\portcls.sys
0x052DF000 \SystemRoot\system32\drivers\drmk.sys
0x05301000 \SystemRoot\system32\drivers\ksthunk.sys
0x05CBE000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05ED9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05EF6000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F10000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F2D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05F2F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05F5D000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x05F67000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x05F75000 \SystemRoot\system32\drivers\btusbflt.sys
0x05F85000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x05C00000 \SystemRoot\System32\Drivers\bthport.sys
0x00710000 \SystemRoot\System32\cdd.dll
0x05C8C000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05F9D000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x05FAD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x05307000 \SystemRoot\system32\drivers\btwavdt.sys
0x02ACB000 \SystemRoot\system32\drivers\btwaudio.sys
0x02B51000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x02B5D000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x02B61000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02B7A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02B83000 \SystemRoot\system32\drivers\luafv.sys
0x02BA6000 \SystemRoot\system32\drivers\WudfPf.sys
0x02BC7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02A66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x066F0000 \SystemRoot\system32\drivers\HTTP.sys
0x067B8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x067D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0662D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0667B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A95000 \SystemRoot\system32\drivers\peauth.sys
0x06B3B000 \??\C:\Windows\system32\drivers\regi.sys
0x06B43000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B4E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B7B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B8D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E90000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F26000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x776C0000 \Windows\System32\ntdll.dll
0x47EE0000 \Windows\System32\smss.exe
0xFF9E0000 \Windows\System32\apisetschema.dll
0xFFC50000 \Windows\System32\autochk.exe
0xFF7C0000 \Windows\System32\ole32.dll
0xFEA30000 \Windows\System32\shell32.dll
0xFE990000 \Windows\System32\msvcrt.dll
0xFE980000 \Windows\System32\nsi.dll
0xFE8B0000 \Windows\System32\usp10.dll
0xFE860000 \Windows\System32\ws2_32.dll
0xFE730000 \Windows\System32\rpcrt4.dll
0xFE650000 \Windows\System32\advapi32.dll
0xFE5E0000 \Windows\System32\gdi32.dll
0xFE380000 \Windows\System32\iertutil.dll
0x775C0000 \Windows\System32\user32.dll
0xFE360000 \Windows\System32\sechost.dll
0x774A0000 \Windows\System32\kernel32.dll
0xFE1E0000 \Windows\System32\urlmon.dll
0x77890000 \Windows\System32\psapi.dll
0xFE1C0000 \Windows\System32\imagehlp.dll
0xFE1B0000 \Windows\System32\lpk.dll
0xFE080000 \Windows\System32\wininet.dll
0xFDFA0000 \Windows\System32\oleaut32.dll
0xFDE90000 \Windows\System32\msctf.dll
0xFDE60000 \Windows\System32\imm32.dll
0xFDDC0000 \Windows\System32\comdlg32.dll
0xFDD40000 \Windows\System32\shlwapi.dll
0xFDCA0000 \Windows\System32\clbcatq.dll
0xFDC50000 \Windows\System32\Wldap32.dll
0xFDBD0000 \Windows\System32\difxapi.dll
0x77880000 \Windows\System32\normaliz.dll
0xFD9F0000 \Windows\System32\setupapi.dll
0xFD950000 \Windows\System32\comctl32.dll
0xFD910000 \Windows\System32\wintrust.dll
0xFD7A0000 \Windows\System32\crypt32.dll
0xFD780000 \Windows\System32\devobj.dll
0xFD740000 \Windows\System32\cfgmgr32.dll
0xFD6D0000 \Windows\System32\KernelBase.dll
0xFD6C0000 \Windows\System32\msasn1.dll
0x77090000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
540 csrss.exe
608 C:\Windows\System32\wininit.exe
632 csrss.exe
672 C:\Windows\System32\services.exe
720 C:\Windows\System32\winlogon.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1000 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
168 C:\Windows\System32\atiesrxx.exe
620 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\atieclxx.exe
1600 C:\Windows\System32\spoolsv.exe
1700 C:\Windows\System32\svchost.exe
1824 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1888 C:\Windows\System32\svchost.exe
1976 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1400 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1672 C:\Windows\System32\svchost.exe
1448 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
1360 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2224 dllhost.exe
2392 C:\Windows\System32\svchost.exe
2484 WUDFHost.exe
2668 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2872 C:\Windows\System32\dwm.exe
2880 C:\Windows\System32\taskhost.exe
2920 C:\Windows\System32\taskeng.exe
2952 C:\Windows\explorer.exe
2144 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3016 C:\Program Files\Microsoft Security Essentials\msseces.exe
2996 C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe
3148 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
3464 C:\Windows\System32\SearchIndexer.exe
3556 C:\Program Files\Windows Media Player\wmpnetwk.exe
3836 WmiPrvSE.exe
3140 C:\Windows\System32\svchost.exe
3204 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2828 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
3796 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3240 C:\Windows\System32\wuauclt.exe
3760 C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
2620 C:\Windows\explorer.exe
4008 C:\Windows\System32\SearchProtocolHost.exe
128 C:\Windows\System32\audiodg.exe
2916 C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
2088 C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
3972 C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
2100 C:\Windows\System32\SearchFilterHost.exe
2468 C:\Users\Ed\Desktop\MBRCheck.exe
3404 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a0600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-26A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#19
Dakeyras
Posted 24 January 2011 - 10:05 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. ;)

The good news: I uploaded the MBR file you requested.

Thanks, I checked the results and it appears not to be infected.

The bad news (or possibly more good): Running MBRCheck again, I did not get the same warning. Instead, it said "Windows 7 MBR code detected".

Must admit I was not expecting that, it may be that Microsoft Security Essentials has dealt with it...However too the best of my knowledge this particular AV does not have the ability to deal with such infections.

Also I have noticed the actual Secure Hash Algorithm(SHA) for the Master Boot Record has changed from this seemingly compromised one:-

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
To this W7 related:-

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Gremlins in the machine maybe? ;) Levity aside,strange indeed and I have to be honest at this time I am at a loss what has occurred here, regardless the fact it appears to be all for the good etc.

So I was unable to create the dump file you requested. Instead, here is the new log from MBRCheck (I tried, unsuccessfully, multiple times to try and get the error message again, but this is the last one and the only one I kept.)

No problem and you have done nothing wrong and have thus far followed all of my advice/instructions etc. :D

Now we will re-check again with TDDSKiller and can you inform myself in your next reply please if you are still experiencing the same issues with IE8 or not?

Re-scan with TDSSKiller:

Please delete your copy of TDSSKiller.exe and then empty the Recycle Bin. Then download a new copy of TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe and select Run as Administrator to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#20
Seven14
Posted 24 January 2011 - 12:34 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,

IE8 seems to be running fine now, with no redirects or pop ups. TDSKiller only found 1 threat this time, and it was not the rootkit that it originally found on the first scan. Very strange, indeed. Here is the log:


2011/01/24 13:32:10.0489 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/24 13:32:10.0489 ================================================================================
2011/01/24 13:32:10.0489 SystemInfo:
2011/01/24 13:32:10.0489
2011/01/24 13:32:10.0489 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/24 13:32:10.0489 Product type: Workstation
2011/01/24 13:32:10.0489 ComputerName: ED-VAIO
2011/01/24 13:32:10.0489 UserName: Ed
2011/01/24 13:32:10.0489 Windows directory: C:\Windows
2011/01/24 13:32:10.0489 System windows directory: C:\Windows
2011/01/24 13:32:10.0489 Running under WOW64
2011/01/24 13:32:10.0489 Processor architecture: Intel x64
2011/01/24 13:32:10.0489 Number of processors: 4
2011/01/24 13:32:10.0489 Page size: 0x1000
2011/01/24 13:32:10.0489 Boot type: Normal boot
2011/01/24 13:32:10.0489 ================================================================================
2011/01/24 13:32:10.0941 Initialize success
2011/01/24 13:32:12.0860 ================================================================================
2011/01/24 13:32:12.0860 Scan started
2011/01/24 13:32:12.0860 Mode: Manual;
2011/01/24 13:32:12.0860 ================================================================================
2011/01/24 13:32:13.0125 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2011/01/24 13:32:13.0235 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/01/24 13:32:13.0344 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/01/24 13:32:13.0469 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/01/24 13:32:13.0562 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/01/24 13:32:13.0687 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/01/24 13:32:13.0827 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/24 13:32:13.0937 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/01/24 13:32:14.0046 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/01/24 13:32:14.0171 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/01/24 13:32:14.0295 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/01/24 13:32:14.0389 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/01/24 13:32:14.0498 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2011/01/24 13:32:14.0654 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/01/24 13:32:14.0732 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2011/01/24 13:32:14.0841 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys
2011/01/24 13:32:14.0951 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/24 13:32:15.0107 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/01/24 13:32:15.0216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/01/24 13:32:15.0325 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/01/24 13:32:15.0465 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/24 13:32:15.0590 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/01/24 13:32:15.0731 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/01/24 13:32:16.0027 atikmdag (f3a362b683b6158cc47d7e8e58b7ddc9) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/24 13:32:16.0214 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/01/24 13:32:16.0355 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/24 13:32:16.0464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/24 13:32:16.0604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/01/24 13:32:16.0713 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/24 13:32:16.0807 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/01/24 13:32:16.0916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/01/24 13:32:17.0041 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/24 13:32:17.0135 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/24 13:32:17.0228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/24 13:32:17.0259 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/24 13:32:17.0353 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/24 13:32:17.0447 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/01/24 13:32:17.0540 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/24 13:32:17.0649 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/01/24 13:32:17.0790 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/24 13:32:17.0946 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
2011/01/24 13:32:18.0055 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
2011/01/24 13:32:18.0180 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
2011/01/24 13:32:18.0305 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/01/24 13:32:18.0414 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/01/24 13:32:18.0523 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/24 13:32:18.0648 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/24 13:32:18.0788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/01/24 13:32:18.0882 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/24 13:32:19.0069 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/01/24 13:32:19.0178 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/01/24 13:32:19.0303 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/24 13:32:19.0397 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/01/24 13:32:19.0521 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/01/24 13:32:19.0631 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/01/24 13:32:19.0771 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/24 13:32:19.0896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/24 13:32:20.0005 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/01/24 13:32:20.0130 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/24 13:32:20.0255 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/24 13:32:20.0457 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/01/24 13:32:20.0613 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/01/24 13:32:20.0707 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/01/24 13:32:20.0832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/24 13:32:20.0925 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/24 13:32:21.0035 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/01/24 13:32:21.0144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/24 13:32:21.0253 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/24 13:32:21.0347 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/01/24 13:32:21.0487 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/24 13:32:21.0612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/24 13:32:21.0705 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/24 13:32:21.0830 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/24 13:32:21.0939 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/24 13:32:22.0033 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/24 13:32:22.0142 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/24 13:32:22.0251 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/01/24 13:32:22.0345 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/01/24 13:32:22.0454 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/01/24 13:32:22.0548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/01/24 13:32:22.0657 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/01/24 13:32:22.0766 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/24 13:32:22.0907 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/01/24 13:32:23.0031 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/24 13:32:23.0141 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/24 13:32:23.0265 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/01/24 13:32:23.0375 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys
2011/01/24 13:32:23.0515 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2011/01/24 13:32:23.0811 igfx (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/01/24 13:32:23.0967 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/01/24 13:32:24.0045 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
2011/01/24 13:32:24.0217 IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/01/24 13:32:24.0373 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/01/24 13:32:24.0451 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/01/24 13:32:24.0560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/01/24 13:32:24.0607 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/24 13:32:24.0638 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/01/24 13:32:24.0763 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/24 13:32:24.0872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/24 13:32:24.0903 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/01/24 13:32:24.0997 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/01/24 13:32:25.0044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/24 13:32:25.0137 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/24 13:32:25.0184 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/24 13:32:25.0231 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/24 13:32:25.0340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/24 13:32:25.0481 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/24 13:32:25.0605 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/24 13:32:25.0637 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/24 13:32:25.0746 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/01/24 13:32:25.0808 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/24 13:32:25.0902 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/24 13:32:25.0964 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/01/24 13:32:25.0995 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/01/24 13:32:26.0042 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/01/24 13:32:26.0198 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/24 13:32:26.0307 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/24 13:32:26.0401 MotioninJoyXFilter (a526471dbce41058f99b52d1722e5bdb) C:\Windows\system32\DRIVERS\MijXfilt.sys
2011/01/24 13:32:26.0463 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/24 13:32:26.0573 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/24 13:32:26.0635 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/24 13:32:26.0744 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/24 13:32:26.0791 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/01/24 13:32:26.0869 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/24 13:32:26.0931 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/24 13:32:26.0963 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/24 13:32:27.0009 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/24 13:32:27.0087 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/24 13:32:27.0150 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/24 13:32:27.0197 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/01/24 13:32:27.0290 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/01/24 13:32:27.0353 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/24 13:32:27.0431 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/24 13:32:27.0462 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/01/24 13:32:27.0555 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/24 13:32:27.0602 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/24 13:32:27.0618 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/24 13:32:27.0649 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/24 13:32:27.0680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/01/24 13:32:27.0774 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/24 13:32:27.0805 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/01/24 13:32:27.0852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/24 13:32:27.0961 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/24 13:32:28.0039 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/24 13:32:28.0148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/24 13:32:28.0179 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/24 13:32:28.0211 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/24 13:32:28.0257 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/24 13:32:28.0351 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/24 13:32:28.0398 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/24 13:32:28.0429 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/24 13:32:28.0585 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/01/24 13:32:28.0616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/24 13:32:28.0647 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/24 13:32:28.0710 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/24 13:32:28.0772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/24 13:32:28.0835 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2011/01/24 13:32:28.0913 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2011/01/24 13:32:28.0959 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/01/24 13:32:29.0053 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/01/24 13:32:29.0178 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/01/24 13:32:29.0225 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/24 13:32:29.0271 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/01/24 13:32:29.0318 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/01/24 13:32:29.0396 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/01/24 13:32:29.0443 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/24 13:32:29.0521 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/24 13:32:29.0693 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/24 13:32:29.0739 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/01/24 13:32:29.0786 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/24 13:32:29.0880 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/01/24 13:32:29.0958 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/01/24 13:32:29.0989 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/01/24 13:32:30.0036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/24 13:32:30.0083 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/24 13:32:30.0176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/24 13:32:30.0223 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/24 13:32:30.0348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/24 13:32:30.0395 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/24 13:32:30.0426 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/24 13:32:30.0457 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/01/24 13:32:30.0566 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/24 13:32:30.0597 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/24 13:32:30.0629 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/24 13:32:30.0660 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/24 13:32:30.0691 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/24 13:32:30.0785 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2011/01/24 13:32:30.0847 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/24 13:32:30.0956 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
2011/01/24 13:32:31.0003 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
2011/01/24 13:32:31.0034 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/24 13:32:31.0159 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/01/24 13:32:31.0206 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/01/24 13:32:31.0331 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/01/24 13:32:31.0393 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/24 13:32:31.0487 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/24 13:32:31.0549 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/24 13:32:31.0658 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/01/24 13:32:31.0705 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/01/24 13:32:31.0752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/01/24 13:32:31.0861 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
2011/01/24 13:32:31.0908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/24 13:32:32.0001 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/24 13:32:32.0033 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/24 13:32:32.0079 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/01/24 13:32:32.0204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/01/24 13:32:32.0251 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/01/24 13:32:32.0313 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/24 13:32:32.0501 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/24 13:32:32.0657 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/01/24 13:32:32.0657 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/24 13:32:32.0672 sptd - detected Locked file (1)
2011/01/24 13:32:32.0750 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/24 13:32:32.0828 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/24 13:32:32.0891 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/24 13:32:32.0953 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/01/24 13:32:33.0062 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/01/24 13:32:33.0187 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/24 13:32:33.0281 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/24 13:32:33.0343 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/24 13:32:33.0359 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/24 13:32:33.0390 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/24 13:32:33.0499 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/24 13:32:33.0530 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/01/24 13:32:33.0671 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/24 13:32:33.0780 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/24 13:32:33.0827 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/01/24 13:32:33.0873 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/24 13:32:33.0998 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/24 13:32:34.0029 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/24 13:32:34.0139 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/01/24 13:32:34.0263 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/24 13:32:34.0310 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/01/24 13:32:34.0341 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/01/24 13:32:34.0435 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/01/24 13:32:34.0482 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/01/24 13:32:34.0575 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/24 13:32:34.0716 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/24 13:32:34.0778 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/24 13:32:34.0841 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/01/24 13:32:34.0965 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/24 13:32:35.0106 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/01/24 13:32:35.0168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/24 13:32:35.0262 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/24 13:32:35.0309 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/01/24 13:32:35.0340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/01/24 13:32:35.0433 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/01/24 13:32:35.0480 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/24 13:32:35.0605 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/01/24 13:32:35.0714 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/01/24 13:32:35.0777 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/24 13:32:35.0823 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/24 13:32:35.0870 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/01/24 13:32:35.0933 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/24 13:32:35.0948 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/24 13:32:36.0073 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/01/24 13:32:36.0135 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/24 13:32:36.0213 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/24 13:32:36.0229 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/24 13:32:36.0385 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/24 13:32:36.0447 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/01/24 13:32:36.0510 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/24 13:32:36.0557 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/01/24 13:32:36.0603 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/24 13:32:36.0666 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
2011/01/24 13:32:36.0713 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/01/24 13:32:36.0775 ================================================================================
2011/01/24 13:32:36.0775 Scan finished
2011/01/24 13:32:36.0775 ================================================================================
2011/01/24 13:32:36.0791 Detected object count: 1
2011/01/24 13:32:40.0862 Locked file(sptd) - User select action: Skip
  • 0

#21
Dakeyras
Posted 24 January 2011 - 03:13 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

IE8 seems to be running fine now, with no redirects or pop ups

Good.

In the meantime I have been researching how to repair Google Chrome and did manage to locate a repair tool but to be honest even though I did download it myself to investigate. I am wary about advising its use for several reasons and prefer to err on the side of caution.

Anyway try the below first:-

Click on Start(Windows 7 Orb) >> Run... and copy and paste the below from the code-box and click on OK

%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Navigate to the folder called Default in the directory window that opens and and right-click on it and select Rename.

Now rename it at Backup Default. Now launch Google Chrome and check if the issues you have been experiencing have been rectified.

Note: You may have to reapply your custom settings/import bookmarks again etc.

Next:

TDSKiller only found 1 threat this time, and it was not the rootkit that it originally found on the first scan.

What has been flagged appears to be Driver from a prior installation of Daemon Tools Lite. Even though technically leaving such in place should cause no harm because it is from a CD Emulation software application and the chance it may have been patched by malware it would be prudent to actually remove this file as follows. It may also be what is know as a false positive but since the software it relates to is no longer present it might as well go then run another quick scan with Malwarebytes Anti-Malware as a precaution.

Also if you do not mind I would like a sample of the file to check later(future reference) on before we actually target it for removal as follows:-

Ensure Hidden Files are Revealed:

They should be at this stage of the malware removal process...but no harm double checking.

  • Click Start(Windows 7 Orb).
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://www.geekstogo.com/forum/topic/293602-windows-crashing-unexpectedlychrome-not-working/page__pid__1952316#entry1952316
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\system32\Drivers\sptd.sys

Then click on the Send File tab. I will be notified when the file has been uploaded etc.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Services
sptd

:Files
C:\Windows\system32\Drivers\sptd.sys
C:\Users\Ed\AppData\Roaming\DAEMON Tools Lite

:Commands
[CreateRestorePoint]
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#22
Seven14
Posted 24 January 2011 - 10:03 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi again,

This is going to be a sad, sad post. :D

First the good news! Changing the Default folder to Backup Default for Chrome worked perfectly. Chrome now works like a charm. I think there is something wrong in the coding with the way bookmarks are stored. You'd think Google would've fixed this themselves by now...

Anyway, on to the bad news. For starters, I was unable to upload sptd.sys. Despite following your directions on showing all hidden/protected files, the file just wouldn't show up within the browser when I clicked Open and navigated to the proper folder. I can find the file with Start>Search Bar just fine and it IS in the folder specified. The browser just won't show it for some reason.

Up next is OTL. The custom script you provided gave me the BSOD on execution of the first line. I tried it twice with the same result. I imagine the next step would be to try it in "safe mode", but I won't proceed until you give the OK.

Lastly, MBAM found nothing. Again.

So I won't be providing the OTL log, since none was created, and I can't supply sptd.sys. But here's the MBAM log. As always, your help is very much appreciated.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5551

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24/01/2011 10:49:57 PM
mbam-log-2011-01-24 (22-49-57).txt

Scan type: Quick scan
Objects scanned: 172256
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#23
Dakeyras
Posted 25 January 2011 - 10:13 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. ;)

This is going to be a sad, sad post. ;)

Actually the situation is not that bad at all I assure you.

First the good news! Changing the Default folder to Backup Default for Chrome worked perfectly. Chrome now works like a charm. I think there is something wrong in the coding with the way bookmarks are stored. You'd think Google would've fixed this themselves by now...

Good...I do concur Google Chrome does seem to be prone to various issues and conflicts but as with any reasonably new software it is bound to have a few snags every now and again and with each new update they are improved upon. Saying that, I'm not a particular fan of the browser myself and or anything Google related because of the privacy issues in the past. I actually only have a copy of it myself on two of my rigs to help me when assisting people like your good self etc.

Anyway, on to the bad news. For starters, I was unable to upload sptd.sys. Despite following your directions on showing all hidden/protected files, the file just wouldn't show up within the browser when I clicked Open and navigated to the proper folder. I can find the file with Start>Search Bar just fine and it IS in the folder specified. The browser just won't show it for some reason.

Up next is OTL. The custom script you provided gave me the BSOD on execution of the first line. I tried it twice with the same result. I imagine the next step would be to try it in "safe mode", but I won't proceed until you give the OK.

OK this should not occurred but I have some suspicions why it did and will check this out further. The orphaned driver in question SPTD (SCSI Pass Through Direct) driver is not always exclusively used by Daemon Tools Lite. Anyway in the meantime I have a few tasks for your good self and not to worry OK. :D

New 64 bit Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 23 (JDK or JRE). Click on Download JRE.
  • Select Windows x64 from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u23 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u23-windows-x64.exe link to download it and save this to a convenient location.
  • Right-click on jre-6u23-windows-x64.exe and select Run as Administrator to install Java.
Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.
  • 0

#24
Seven14
Posted 25 January 2011 - 12:33 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,

Followed your instructions. No further problems.

checkhd log:


The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
149 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
49423 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

477369367 KB total disk space.
167487152 KB in 317168 files.
119444 KB in 49424 indexes.
0 KB in bad sectors.
487587 KB in use by the system.
65536 KB occupied by the log file.
309275184 KB available on disk.

4096 bytes in each allocation unit.
119342341 total allocation units on disk.
77318796 allocation units available on disk.
  • 0

#25
Dakeyras
Posted 25 January 2011 - 02:29 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Having researched the Driver detected by TDSSKiller further, Daemon Tools Lite does indeed leave this installed after a uninstalltion and a TDSSKiller check of my own revealed the same file flagged/locked etc on my test machine running W7 64. Plus further research revealed it has been installed prior to Daemon Tools Lite on your machine.

I managed to remove the left over Driver from my test machine and no adverse affects...However there is indication if we actually try another attempt to remove this Driver from your machine, it will render the presently installed PowerISO and some specific Sony related software inoperative and may cause further issues as-well. The fault here is mine for not double checking the software you have installed and I apologise for that.

As it stands I feel it is safe to leave in place and is not a threat to your machine. The results of the Hard-Drive check are good, so no further action is required with regard to that. Any other issues remaining? Before we clean up all tools used and I provide some advice about online safety.
  • 0

Advertisements

#26
Seven14
Posted 25 January 2011 - 09:28 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,

Everything seems to be running just fine. Browsers still working, and no more BSODs. So I'm just curious... where was there a problem in the first place, and when did you fix it? A lot of the scans we've done seem to have turned up negative, and from my end it seems like the machine just wasn't working right, and then it was. I'm always eager to learn more about computers and how they work, so any insight into how this was accomplished would be great.

That said, THANK YOU for all your help. Thank you for taking the time and having the patience to tackle this very strange set of problems. It is most appreciated. Really.
  • 0

#27
Dakeyras
Posted 26 January 2011 - 05:57 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Everything seems to be running just fine. Browsers still working, and no more BSODs

Good.

So I'm just curious... where was there a problem in the first place, and when did you fix it? A lot of the scans we've done seem to have turned up negative, and from my end it seems like the machine just wasn't working right, and then it was. I'm always eager to learn more about computers and how they work, so any insight into how this was accomplished would be great.

Your machine was definitely infected and I suspect Sophos Anti-Rootkit may have been partially successful at what ever point in time you ran it from the beginning of the month on-wards and there was various entries I identified via both the ComboFix and OTL logs I reviewed that were further indication of such, which we subsequently removed. Plus the symptoms you had been mentioning were systematic with malware infections though the use of a pseudo registry cleaner Advanced SystemCare 3 very probably did not help matters. Personally I am not a advocate of any applications that claim to clean the Windows Registry, at best they will do little too improve overall performance and at worst they create major problems and any backups they may create are very rarely successfully re-merged....The Windows Registry is actually fairly robust by design and more so with the most up-to date Operating System Windows 7(32 & 64 bit).

The online scan we ran did detect some malware, which we consequently removed and when eventually you ran the System Start-Up Repair feature after creating the disk, though it stated nothing repaired, in all actuality it probably did assist with improving overall stability, now why a Rootkit was detected and then seemingly was no longer present....I have to be quite honest and admit still somewhat baffled by that one and Microsoft Security Essentials and or the Windows Malicious Software Removal Tool may have just been able to clean up the remnants(this runs undetected in the background the first Tuesday of every month via Automatic updates or soon as a stable connection is available etc). Or another possibility when attempting to provide myself with the MBR dump for review you may have inadvertently repaired the MBR instead without realising it, slim I admit but feasible. As mentioned at a wee bit of a loss of what actually occurred and I have been providing Anti-Malware support for over three years now in various forums and only recently started proving support here in Geeks to Go on a regular basiais...So I have a fair amount of experience but still learning all the time. This excellent article written by the Admin of this forum is worth reading and provides a better/further insight into what I have been mentioning....The "Art" of Malware Removal.

That said, THANK YOU for all your help. Thank you for taking the time and having the patience to tackle this very strange set of problems. It is most appreciated. Really.

You are very welcome and a sincere pleasure to be of assistance!

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
The above process will also flush the System Restore Points and create a new clean one.

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc. Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Online Safety.

Any questions? Feel free to ask, if not stay safe!
  • 0

#28
Seven14
Posted 27 January 2011 - 01:32 AM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Done and done! :D

Followed your advice and set up the things you recommended.

Thank you again, kind sir. You were very informative and helpful. All the best to you and yours. ;)
  • 0

#29
Dakeyras
Posted 27 January 2011 - 05:21 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
You're welcome and thank you also for the kind words. :D
  • 0

#30
Dakeyras
Posted 29 January 2011 - 01:29 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP