Unwanted popups and alteration of taskbar to old gray version.

Question

Nazarar 0 Newbie Poster

13 Years Ago

I am currently running Window's Vista on my Toshiba laptop. I got the laptop for free from a friend and there seems to be quite a few issues with it.

Problems: I get popups in new tabs constantly for registry cleaners and that I am infected with registry errors. I started using AVG PC Tuneup and did the registry repair and it seems that it never quite fixes all the problems. On top of that, 5 minutes after I log on to my computer the taskbar always reverts to a windows 95 gray simplistic taskbar. Earlier this morning it also 'blue screen of death' when I was doing a reboot with avast! antivirus. I read through the 'Do this before you post' log and ran all the information. So, I will post the following below. Thank you for any assistance that you can provide!!

MalwareBytes Anti Malware Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6290

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/6/2011 7:14:56 PM
mbam-log-2011-04-13 (19-14-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 47698
Time elapsed: 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*I accidentally didn't save a GMR one log, but did however do the second one. I apologize in advance if this messes up any assistance I can get.

GMR Two:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-13 10:38:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: 2sw6248i.exe; Driver: C:\Users\User\AppData\Local\Temp\pwtdapob.sys

---- System - GMER 1.0.15 ----

INT 0x52 ? 99C22CD0
INT 0x62 ? 99C227D0
INT 0x72 ? 99C22A50
INT 0x82 ? 853FFBF8
INT 0x92 ? 853FFBF8
INT 0xA2 ? 856F0BF8
INT 0xB2 ? 99C222D0

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9473282E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x94732652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9473278C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 854041F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D6010181-293A-450A-B2F4-3EEF9B20A858} 85F5B500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 854011F8
Device \Driver\usbuhci \Device\USBPDO-0 859E51F8
Device \Driver\usbuhci \Device\USBPDO-1 859E51F8
Device \Driver\usbuhci \Device\USBPDO-2 859E51F8
Device \Driver\usbuhci \Device\USBPDO-3 859E51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6489DC20-486B-4392-A208-A4290E2632E8} 85F5B500
Device \Driver\usbehci \Device\USBPDO-4 85A2B1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\volmgr \Device\HarddiskVolume1 854011F8
Device \Driver\volmgr \Device\HarddiskVolume2 854011F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0F49C419-D088-44FB-B0FA-7B84AC9E7429} 85F5B500
Device \Driver\cdrom \Device\CdRom0 85F10500
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8564B292
Device \Driver\atapi \Device\Ide\IdePort0 854031F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8564B292
Device \Driver\atapi \Device\Ide\IdePort1 854031F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-1 8564B292
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854031F8
Device \Driver\cdrom \Device\CdRom1 85F10500
Device \Driver\netbt \Device\NetBt_Wins_Export 85F5B500
Device \Driver\Smb \Device\NetbiosSmb 85DF6500
Device \Driver\netbt \Device\NetBT_Tcpip_{4450CFF8-5A75-4236-B394-E051DC3F62AB} 85F5B500
Device \Driver\netbt \Device\NetBT_Tcpip_{66E2F56C-D63E-461E-9D5D-6FDBDDE3A000} 85F5B500
Device \Driver\sptd \Device\722169910 spev.sys
Device \Driver\iScsiPrt \Device\RaidPort0 85F55500

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\netbt \Device\NetBT_Tcpip_{E1BE1B6B-7722-42D3-9F2A-5BCCCB26F576} 85F5B500
Device \Driver\netbt \Device\NetBT_Tcpip_{5A2C0994-C43E-43FD-96D0-E5CF66D10B06} 85F5B500
Device \Driver\PCI_PNP1852 \Device\0000005f spev.sys
Device \Driver\usbuhci \Device\USBFDO-0 859E51F8
Device \Driver\usbuhci \Device\USBFDO-1 859E51F8
Device \Driver\usbuhci \Device\USBFDO-2 859E51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C39D747E-4237-4FFA-8606-5BE97F0BCF74} 85F5B500
Device \Driver\usbuhci \Device\USBFDO-3 859E51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0DC52F5E-4108-422F-89D5-D71E6B742C34} 85F5B500
Device \Driver\usbehci \Device\USBFDO-4 85A2B1F8
Device \Driver\auso5y7i \Device\Scsi\auso5y7i1Port3Path0Target0Lun0 858D71F8
Device \Driver\auso5y7i \Device\Scsi\auso5y7i1 858D71F8
Device \FileSystem\cdfs \Cdfs 99FB4500
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#5&30feb803&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF0 0xFB 0xFD 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x96 0x6C 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x21 0xAE 0x0C 0x66 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF0 0xFB 0xFD 0x2A ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x96 0x6C 0xCE ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x21 0xAE 0x0C 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@haleedammfhiidlk 0x69 0x61 0x6A 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@iajggdlooipalbnffo 0x63 0x61 0x63 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@iafegimjlhlkbdoacn 0x6A 0x61 0x67 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@dbdnaogkkofdhgdcjdhhcnfcjiafndoklfngpgjk 0x68 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@jbdnaogkkofdhgdcjdhhpnfepfecmplbiigmcijmmaagjojhgngo 0x68 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FEB02075-E9D1-CE39-4602-15D06A396210}@dbdnaogkkofdhgdcjdhhbocdafkiphdjefbbknjd 0x62 0x61 0x6C 0x6F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Here is the following DDS text log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 10:43:31.33 on Wed 04/13/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
Trusted Zone: guildwars.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\abu2f0gt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-04-07 00:17:20 -------- d-----w- c:\users\user\appdata\roaming\AVG
2011-04-07 00:11:16 -------- d-----w- c:\program files\AVG
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HTS541616J9SA00 rev.SB4OC70P -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8564B446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85651504]; MOV EAX, [0x85651580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x82C8F14B] -> \Device\Harddisk0\DR0[0x855A7AC8]
3 CLASSPNP[0x875C68B3] -> nt!IofCallDriver[0x82C8F14B] -> [0x854D2918]
5 acpi[0x833726BC] -> nt!IofCallDriver[0x82C8F14B] -> [0x854D0030]
\Driver\atapi[0x855A73E8] -> IRP_MJ_CREATE -> 0x8564B446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#5&30feb803&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8564B292
\Driver\atapi -> 0x854031f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 10:47:31.30 ===============

I also have a HijackThis file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:09 AM, on 4/13/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

--
End of file - 4240 bytes

If I can give anything else to be of assistance please let me know. Thank you in advance for any help I can get.

windows-virus

3 Contributors
18 Replies
265 Views
4 Days Discussion Span
Latest Post 13 Years Ago Latest Post by jholland1964

jholland1964 650 Posting Expert

13 Years Ago

You have a Rootkit on the system.

Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

You also only posted one of the logs produced by DDS. You need to post the second one labeled Attach.txt. Please copy/paste it.

HJT isn't that useful with Vista.

Also PLEASE stop using Registry Cleaners. They are one of the easiest ways to "toast" a computer and there never is a good reason to use one.

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

And did you reboot the computer? Once you do please update MBA-M and do another Full Scan with it. Have it remove everything found, reboot and post the log here.
Also please Uninstall the following programs:
µTorrent
AVG PC Tuneup 2011
BitTorrent
DH Driver Cleaner Professional Edition
nCleaner second 2.3.4.0

jholland1964 650 Posting Expert

13 Years Ago

Why remove BitTorrent and nCleaner?
Running another MBA-M full scan now. Last one took about an hour or so. Will post it as soon as it is done. And yes, I did reboot after I did all that.

nCleaner is a registry cleaner. BitTorrent is a P2P program. The choice is yours follow this request given on our Read Me sticky or continue on your own:

1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

    P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
    Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
    So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

crunchie 990 Most Valuable Poster

13 Years Ago

Try renaming the MBA-M executable to playnice.exe and see if it manages to run.

jholland1964 650 Posting Expert

13 Years Ago

Do the following:
Download and run this utility. mbam-clean.exe
# It will ask to restart your computer (please allow it to).
# After the computer restarts, Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and run a Full Scan. Once complete have it remove everything found and Reboot the computer again, this is VERY IMPORTANT.
Come back here and post the new log found in the Logs tab. It will be the bottom or only one there.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Nazarar 0 Newbie Poster · Answer 1 · 2011-04-14T04:20:19+00:00

Thanks Jholland1964. I will stop using a registry cleaner. I must admit, I know how to build computers and components but no clue how the software itself works or how to fix it in the slightest.

Anywho, here is the DDS Attach that I forgot from earlier.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.3
Adobe Shockwave Player 11
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG PC Tuneup 2011
BitTorrent
Bluetooth Stack for Windows by Toshiba
Bonjour
CMUD 3.33
Comcast Desktop Software (v1.2.0.9)
CrossLoop 2.41
Desktop Doctor
DH Driver Cleaner Professional Edition
DivX Converter
DivX Player
DivX Web Player
Firebird 2.1.3.18185 (Win32)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 5.0.0 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Microsoft XNA Framework Redistributable 2.0
Microsoft XNA Game Studio 2.0 (shared components)
Microsoft XNA Game Studio 2.0 (xnaliveproxy)
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.16)
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
nCleaner second 2.3.4.0
OGA Notifier 2.0.0048.0
Protector Suite QL 5.6
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
UltraISO Premium V9.33
Undelete Plus 2.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6f
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
WinDVD for TOSHIBA
WinRAR archiver
zMUD 7.21.0.0
.
==== End Of File ===========================

Here is the TDSSKiller file that I found in my C: drive.

2011/04/13 17:03:16.0143 3048 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 17:03:16.0559 3048 ================================================================================
2011/04/13 17:03:16.0559 3048 SystemInfo:
2011/04/13 17:03:16.0559 3048
2011/04/13 17:03:16.0559 3048 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/13 17:03:16.0559 3048 Product type: Workstation
2011/04/13 17:03:16.0559 3048 ComputerName: USER-PC
2011/04/13 17:03:16.0560 3048 UserName: User
2011/04/13 17:03:16.0560 3048 Windows directory: C:\Windows
2011/04/13 17:03:16.0560 3048 System windows directory: C:\Windows
2011/04/13 17:03:16.0560 3048 Processor architecture: Intel x86
2011/04/13 17:03:16.0560 3048 Number of processors: 2
2011/04/13 17:03:16.0560 3048 Page size: 0x1000
2011/04/13 17:03:16.0560 3048 Boot type: Normal boot
2011/04/13 17:03:16.0560 3048 ================================================================================
2011/04/13 17:03:30.0644 3048 Initialize success
2011/04/13 17:03:59.0157 1820 ================================================================================
2011/04/13 17:03:59.0157 1820 Scan started
2011/04/13 17:03:59.0157 1820 Mode: Manual;
2011/04/13 17:03:59.0157 1820 ================================================================================
2011/04/13 17:04:00.0991 1820 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/13 17:04:01.0165 1820 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/13 17:04:01.0270 1820 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/13 17:04:01.0409 1820 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/13 17:04:01.0478 1820 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/13 17:04:01.0661 1820 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/13 17:04:01.0886 1820 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/13 17:04:02.0086 1820 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/13 17:04:02.0157 1820 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/13 17:04:02.0203 1820 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/13 17:04:02.0240 1820 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/13 17:04:02.0276 1820 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/13 17:04:02.0428 1820 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/13 17:04:02.0468 1820 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/13 17:04:02.0633 1820 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/13 17:04:02.0763 1820 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/13 17:04:02.0903 1820 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/13 17:04:03.0013 1820 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/13 17:04:03.0108 1820 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/04/13 17:04:03.0155 1820 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/04/13 17:04:03.0310 1820 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/04/13 17:04:03.0425 1820 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 17:04:03.0526 1820 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/13 17:04:03.0681 1820 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/13 17:04:03.0947 1820 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 17:04:04.0049 1820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/13 17:04:04.0158 1820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/13 17:04:04.0232 1820 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/13 17:04:04.0326 1820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/13 17:04:04.0406 1820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/13 17:04:04.0443 1820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/13 17:04:04.0565 1820 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/13 17:04:04.0829 1820 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 17:04:04.0943 1820 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 17:04:05.0146 1820 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/13 17:04:05.0220 1820 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/13 17:04:05.0423 1820 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/13 17:04:05.0481 1820 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 17:04:05.0523 1820 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/13 17:04:05.0561 1820 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/13 17:04:05.0610 1820 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/13 17:04:05.0785 1820 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/04/13 17:04:05.0866 1820 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 17:04:06.0037 1820 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/13 17:04:06.0129 1820 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 17:04:06.0272 1820 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 17:04:06.0439 1820 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/13 17:04:06.0522 1820 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/13 17:04:06.0706 1820 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/13 17:04:06.0841 1820 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/13 17:04:07.0146 1820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/13 17:04:07.0244 1820 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 17:04:07.0331 1820 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 17:04:07.0509 1820 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 17:04:07.0570 1820 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 17:04:07.0753 1820 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 17:04:07.0827 1820 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 17:04:07.0988 1820 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 17:04:08.0052 1820 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/04/13 17:04:08.0106 1820 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/13 17:04:08.0288 1820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/13 17:04:08.0383 1820 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 17:04:08.0559 1820 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 17:04:08.0734 1820 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/13 17:04:09.0263 1820 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/13 17:04:09.0435 1820 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 17:04:09.0530 1820 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/13 17:04:09.0620 1820 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 17:04:09.0769 1820 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/13 17:04:09.0850 1820 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 17:04:10.0000 1820 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/13 17:04:10.0175 1820 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/13 17:04:10.0393 1820 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/13 17:04:10.0534 1820 IntcAzAudAddService (2690be9907b36b7c3ea2859c74926fa1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/13 17:04:10.0707 1820 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/13 17:04:10.0743 1820 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 17:04:10.0807 1820 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 17:04:10.0909 1820 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/13 17:04:11.0056 1820 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/13 17:04:11.0141 1820 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 17:04:11.0196 1820 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 17:04:11.0328 1820 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 17:04:11.0418 1820 ISODrive (0ae61463adda697a6291155ce6b08aaf) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/04/13 17:04:11.0559 1820 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/13 17:04:11.0628 1820 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/13 17:04:11.0691 1820 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 17:04:11.0756 1820 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 17:04:11.0918 1820 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
2011/04/13 17:04:11.0994 1820 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
2011/04/13 17:04:12.0067 1820 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
2011/04/13 17:04:12.0252 1820 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 17:04:12.0466 1820 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 17:04:12.0574 1820 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/13 17:04:12.0631 1820 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/13 17:04:12.0685 1820 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/13 17:04:12.0838 1820 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/13 17:04:12.0909 1820 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/13 17:04:12.0979 1820 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/13 17:04:13.0139 1820 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 17:04:13.0191 1820 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 17:04:13.0226 1820 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 17:04:13.0280 1820 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 17:04:13.0427 1820 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/13 17:04:13.0483 1820 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 17:04:13.0533 1820 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/13 17:04:13.0588 1820 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 17:04:13.0746 1820 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 17:04:13.0811 1820 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 17:04:13.0868 1820 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 17:04:13.0930 1820 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/13 17:04:14.0109 1820 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 17:04:14.0198 1820 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 17:04:14.0522 1820 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 17:04:14.0761 1820 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 17:04:14.0834 1820 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 17:04:14.0887 1820 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 17:04:14.0965 1820 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 17:04:15.0159 1820 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 17:04:15.0307 1820 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 17:04:15.0384 1820 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/13 17:04:15.0470 1820 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 17:04:15.0677 1820 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/13 17:04:15.0827 1820 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 17:04:15.0887 1820 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 17:04:15.0946 1820 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 17:04:16.0082 1820 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 17:04:16.0130 1820 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 17:04:16.0180 1820 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 17:04:16.0399 1820 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/04/13 17:04:16.0652 1820 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/13 17:04:16.0996 1820 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/13 17:04:17.0272 1820 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/13 17:04:17.0360 1820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 17:04:17.0432 1820 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 17:04:17.0543 1820 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 17:04:17.0745 1820 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/13 17:04:17.0827 1820 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/04/13 17:04:17.0900 1820 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/13 17:04:18.0065 1820 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 17:04:18.0135 1820 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 17:04:18.0189 1820 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 17:04:18.0275 1820 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
2011/04/13 17:04:18.0502 1820 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
2011/04/13 17:04:18.0579 1820 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2011/04/13 17:04:18.0730 1820 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser.sys
2011/04/13 17:04:18.0814 1820 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser2.sys
2011/04/13 17:04:19.0002 1820 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/13 17:04:19.0128 1820 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/13 17:04:19.0268 1820 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 17:04:19.0326 1820 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/13 17:04:19.0400 1820 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/13 17:04:19.0468 1820 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/13 17:04:19.0547 1820 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/13 17:04:19.0783 1820 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/13 17:04:20.0145 1820 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 17:04:20.0220 1820 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/13 17:04:20.0331 1820 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/13 17:04:20.0496 1820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/13 17:04:20.0569 1820 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 17:04:20.0618 1820 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 17:04:20.0679 1820 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 17:04:20.0840 1820 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 17:04:20.0892 1820 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 17:04:20.0961 1820 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 17:04:21.0093 1820 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 17:04:21.0241 1820 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/13 17:04:21.0299 1820 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 17:04:21.0444 1820 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 17:04:21.0568 1820 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 17:04:21.0644 1820 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 17:04:21.0762 1820 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/13 17:04:21.0925 1820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 17:04:22.0007 1820 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/13 17:04:22.0051 1820 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/13 17:04:22.0114 1820 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/13 17:04:22.0297 1820 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/13 17:04:22.0356 1820 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 17:04:22.0415 1820 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/13 17:04:22.0561 1820 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/13 17:04:22.0618 1820 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/13 17:04:22.0665 1820 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/13 17:04:22.0699 1820 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/13 17:04:22.0855 1820 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 17:04:22.0924 1820 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/13 17:04:23.0156 1820 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 17:04:23.0156 1820 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/04/13 17:04:23.0166 1820 sptd - detected Locked file (1)
2011/04/13 17:04:23.0338 1820 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 17:04:23.0405 1820 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 17:04:23.0440 1820 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 17:04:23.0523 1820 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 17:04:23.0674 1820 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/13 17:04:23.0754 1820 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/13 17:04:23.0811 1820 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/13 17:04:23.0979 1820 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/13 17:04:24.0172 1820 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 17:04:24.0383 1820 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 17:04:24.0542 1820 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 17:04:24.0643 1820 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
2011/04/13 17:04:24.0759 1820 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/13 17:04:24.0856 1820 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 17:04:24.0908 1820 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 17:04:24.0975 1820 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 17:04:25.0062 1820 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 17:04:25.0164 1820 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
2011/04/13 17:04:25.0290 1820 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
2011/04/13 17:04:25.0363 1820 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/13 17:04:25.0447 1820 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 17:04:25.0541 1820 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/13 17:04:25.0640 1820 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 17:04:25.0708 1820 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/13 17:04:25.0761 1820 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/13 17:04:25.0869 1820 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 17:04:25.0986 1820 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 17:04:26.0054 1820 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/13 17:04:26.0120 1820 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/13 17:04:26.0228 1820 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/13 17:04:26.0329 1820 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 17:04:26.0427 1820 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/13 17:04:26.0549 1820 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 17:04:26.0649 1820 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 17:04:26.0721 1820 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 17:04:26.0832 1820 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 17:04:26.0927 1820 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/13 17:04:26.0982 1820 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/13 17:04:27.0090 1820 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 17:04:27.0235 1820 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 17:04:27.0336 1820 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/04/13 17:04:27.0487 1820 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 17:04:27.0579 1820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/13 17:04:27.0634 1820 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/13 17:04:27.0671 1820 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/13 17:04:27.0789 1820 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/13 17:04:27.0884 1820 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 17:04:27.0950 1820 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 17:04:28.0099 1820 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 17:04:28.0209 1820 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/13 17:04:28.0330 1820 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/13 17:04:28.0399 1820 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 17:04:28.0432 1820 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 17:04:28.0576 1820 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/13 17:04:28.0687 1820 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 17:04:29.0041 1820 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 17:04:29.0125 1820 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/13 17:04:29.0187 1820 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 17:04:29.0268 1820 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 17:04:29.0401 1820 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/13 17:04:29.0407 1820 ================================================================================
2011/04/13 17:04:29.0407 1820 Scan finished
2011/04/13 17:04:29.0407 1820 ================================================================================
2011/04/13 17:04:29.0423 0732 Detected object count: 2
2011/04/13 17:04:39.0805 0732 Locked file(sptd) - User select action: Skip
2011/04/13 17:04:39.0859 0732 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 17:04:39.0859 0732 \HardDisk0 - ok
2011/04/13 17:04:39.0907 0732 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/13 17:05:20.0690 1192 Deinitialize success

Nazarar 0 Newbie Poster · Answer 2 · 2011-04-14T06:05:06+00:00

Why remove BitTorrent and nCleaner?
Running another MBA-M full scan now. Last one took about an hour or so. Will post it as soon as it is done. And yes, I did reboot after I did all that.

Nazarar 0 Newbie Poster · Answer 3 · 2011-04-14T06:26:04+00:00

Ahh, alright. Didn't realize it was a P2P. I've removed it. I only had it on there because a few of my friends had me download some torrents that they put up. I have removed everything you've listed and am running the malwarebytes.

Nazarar 0 Newbie Poster · Answer 4 · 2011-04-14T06:51:06+00:00

Umm, weird. I tried to run the Malwarebyte's and it shut off for some reason. So I thought I just accidentally closed it. I tried running it again and did nothing and it closed itself again and won't create a log of a successful scan. I am unsure how to proceed from here if the Malwarebyte's won't even run a scan anymore. Thoughts?

Nazarar 0 Newbie Poster · Answer 5 · 2011-04-14T08:56:54+00:00

Tried renaming it and still won't go all the way through. Any ideas?

Nazarar 0 Newbie Poster · Answer 6 · 2011-04-15T09:29:36+00:00

I followed the steps exactly as you put them in. Once again, the Malwarebytes got almost all the way through but then didn't allow me to actually get to clean the problems and didn't create a log. I tried to do it all once again and had the same results. I did it twice just to make sure I didn't mess something up.

This is the first time I have ever had an issue using MBA, I've used it before in the past on this laptop and it worked fine. But now after everything else I have done it isn't working at all.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 7 · 2011-04-15T10:39:28+00:00

Can you explain exactly what happens when you say it won't let you clean. Does it freeze, turn off, what?

Nazarar 0 Newbie Poster · Answer 8 · 2011-04-15T18:44:24+00:00

After about an hour and 45 minutes, it just shuts itself off. No popup, notice, warning, anything. Just...closes itself out.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 9 · 2011-04-15T20:06:07+00:00

There must still be infection on there that stops it.
Try running rkill first and then immediately run it. Don't reboot after running rkill until MBA-M has completed it's run.

Here is rkill and how to run it.
http://www.bleepingcomputer.com/forums/topic308364.html

Nazarar 0 Newbie Poster · Answer 10 · 2011-04-16T09:47:53+00:00

I read through the rkill information and did exactly as the forum topic poster had suggested to use it. I had no issues with it running itself and I got a log that said nothing was wrong. I tried running my MBA-M and once again it went almost all the way through and then just shut off without any log being created or anything telling me it was done. Just...shut itself off/down.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 11 · 2011-04-17T00:31:39+00:00

jholland1964 650 Posting Expert

13 Years Ago

Try running it in safe mode.

Nazarar 0 Newbie Poster · Answer 12 · 2011-04-18T07:40:29+00:00

Done and still same response. However, the gray bar situation seems to be fixed now. I can also run my window's updates as I haven't been able to do now. I'm not sure how it was fixed but everything seems to be working accordingly. I do know that the RKill thread stated that sometimes it doesn't show the results. So, maybe it worked? But my MBA still isn't going all the way through.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 13 · 2011-04-18T08:15:39+00:00

rkill doesn't remove anything. It is only used to stop infection processes that are running at the time it is run. Once the computer reboots then the infection process will come back.
We really need to find out why MBA-M will not run the infection must be stopping it.

Do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!