[Reascr]

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - Owner - Tue 08/19/2014 - 18:19:47.51.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1  
***** START SCAN Tue 08/19/2014 18:19:48.00 *****
 
---------- TDSSKiller logs ----------
 
TDSSKiller.3.0.0.40_18.08.2014_15.28.40_log.txt
TDSSKiller.3.0.0.40_18.08.2014_15.30.07_log.txt
TDSSKiller.3.0.0.40_18.08.2014_15.53.00_log.txt
TDSSKiller.3.0.0.40_18.08.2014_15.54.02_log.txt
TDSSKiller.3.0.0.40_18.08.2014_15.54.38_log.txt
 
---------- TDSSStarter logs ----------
 
 
---------- DIR LIST ----------
 
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\object.ini
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000\object.ini
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000\tsk0000.dta
 
---------- INI FILES ----------
 
=== C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\object.ini
 
[InfectedObject]
Verdict: UnsignedFile.Multi.Generic
 
 
=== C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000\object.ini
 
[InfectedObject]
Type: File
 
 
=== C:\TDSSKiller_Quarantine\18.08.2014_15.30.09\susp0000\file0000\tsk0000.ini
 
[InfectedFile]
Type: Raw image
Src: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
md5: 4A0477ADCD07EC9D21257A2E456B16C5
sha256: CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79
 
 
***** END SCAN Tue 08/19/2014 18:19:48.23 *****
 

[Advertisements]

Hi,

 

• Please download the file Fix.cmd and save it to the Desktop
• Right click the file Fix.cmd and select Run as Administrator
• A log will be created on the Desktop called Output.txt please post its contents

[SleepyDude]

Hi,

 

• Please download the file Fix.cmd and save it to the Desktop
• Right click the file Fix.cmd and select Run as Administrator
• A log will be created on the Desktop called Output.txt please post its contents

[Reascr]

        1 file(s) copied.
 

[SleepyDude]

        1 file(s) copied.
 

 

Good, file restored.

 

Let's see if we can fix Malwarebytes.

1. Download and run mbam-clean.exe
2. Restart your computer when prompted
3. Reinstall Malwarebytes

Let me know the result.

[Reascr]

Nope. It still crashes.

[SleepyDude]

I need to see the result of new scan with aswMBR, similar to what you did on Step 4 of post #4

 

But this time before clicking the Scan button change the AV Scan: box to (None)

 

Please post the resulting log.

[Reascr]

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-20 14:03:47
-----------------------------
14:03:47.045    OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:47.045    Number of processors: 4 586 0x3C03
14:03:47.046    ComputerName: OWNER-PC  UserName: Owner
14:03:47.150    Initialize success
14:03:47.164    VM: initialized successfully
14:03:47.169    VM: Intel CPU supported
14:03:49.191    VM: disk I/O iaStorA.sys
14:05:12.221    AVAST engine defs: 14082000
14:08:45.691    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000071
14:08:45.694    Disk 0 Vendor: ST2000DM CC43 Size: 1907729MB BusType: 11
14:08:45.697    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000072
14:08:45.704    Disk 1 Vendor: Samsung_ EXT0 Size: 114473MB BusType: 11
14:08:45.707    Disk 1 MBR read successfully
14:08:45.710    Disk 1 MBR scan
14:08:45.767    Disk 1 Windows 7 default MBR code
14:08:45.777    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       114471 MB offset 2048
14:08:45.785    Disk 1 scanning C:\Windows\system32\drivers
14:08:48.605    Service scanning
14:08:49.981    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
14:08:49.998    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
14:08:50.014    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
14:08:55.855    Modules scanning
14:08:55.856    Disk 1 trace - called modules:
14:08:55.858    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa80071242c0]<<sptd.sys storport.sys hal.dll iaStorA.sys
14:08:55.859    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009b58060]
14:08:55.859    3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> [0xfffffa8009a5b860]
14:08:55.860    5 iaStorF.sys[fffff88001dd4a84] -> nt!IofCallDriver -> \Device\00000072[0xfffffa80076e39c0]
14:08:55.860    \Driver\iaStorA[0xfffffa8007663c10] -> IRP_MJ_CREATE -> 0xfffffa80071242c0
14:08:55.860    Scan finished successfully
14:10:41.532    Disk 1 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:10:41.570    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

[SleepyDude]

Did you uninstall Daemon Tools?

[Reascr]

Did you uninstall Daemon Tools?

I did, yes. Let me double check

[Reascr]

Yep, it's not on my list of programs

[SleepyDude]

Yep, it's not on my list of programs

 

Ok, but there are traces of it on the system.

 

Please download SPTDinst-v186-x64 run the tool

In dialog that appears press "Uninstall" button and then SPTD will remove itself from your Windows installation.

[Reascr]

Done. Will reboot in a minute

[Reascr]

Done and rebooted

[SleepyDude]

Done and rebooted

 

Good, repeat the aswMBR scan again please.

[Reascr]

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-20 15:02:49
-----------------------------
15:02:49.788    OS Version: Windows x64 6.1.7601 Service Pack 1
15:02:49.788    Number of processors: 4 586 0x3C03
15:02:49.789    ComputerName: OWNER-PC  UserName: Owner
15:02:49.893    Initialize success
15:02:49.907    VM: initialized successfully
15:02:49.912    VM: Intel CPU supported
15:02:52.900    VM: disk I/O iaStorA.sys
15:03:07.930    AVAST engine defs: 14082000
15:03:15.672    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000070
15:03:15.677    Disk 0 Vendor: ST2000DM CC43 Size: 1907729MB BusType: 11
15:03:15.682    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000071
15:03:15.687    Disk 1 Vendor: Samsung_ EXT0 Size: 114473MB BusType: 11
15:03:15.701    Disk 1 MBR read successfully
15:03:15.707    Disk 1 MBR scan
15:03:15.766    Disk 1 Windows 7 default MBR code
15:03:15.768    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       114471 MB offset 2048
15:03:15.778    Disk 1 scanning C:\Windows\system32\drivers
15:03:18.264    Service scanning
15:03:19.357    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
15:03:19.375    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
15:03:19.391    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
15:03:24.745    Modules scanning
15:03:24.757    Disk 1 trace - called modules:
15:03:24.771    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
15:03:24.780    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007935060]
15:03:24.787    3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa800783abf0]
15:03:24.794    5 iaStorF.sys[fffff88001bdfa84] -> nt!IofCallDriver -> \Device\00000071[0xfffffa80072929c0]
15:03:24.800    Scan finished successfully
15:03:31.908    Disk 1 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:03:31.949    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"