Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple Problems with Vista - Suspected Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Multiple Problems with Vista - Suspected Malware

Unread postby askey127 » September 24th, 2010, 8:12 am

radar,
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    c:\windows\Tasks\PBReg.job
    c:\windows\Tasks\PBRegbk.job
    
    Folder::
    c:\programdata\Alwil Software
    c:\program files\Alwil Software
    c:\program files\Spybot - Search & Destroy
    c:\programdata\Spybot - Search & Destroy
    c:\program files\AVG
    c:\programdata\McAfee
    c:\program files\Common Files\Symantec Shared
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "toolbar_eula_launcher"=-
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"=-
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

HDReg

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista/Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Now see whether SP1 will run.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Multiple Problems with Vista - Suspected Malware

Unread postby radar79 » September 24th, 2010, 9:27 am

Hi again,

Went through all steps, they completed without error, but SP1 still freezes at "installing windows vista service pack 1". Here's the log you need:

----
ComboFix 10-09-23.01 - Chiso 24/09/2010 13:28:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1015.415 [GMT 1:00]
Running from: c:\users\Chiso\Desktop\zzz.exe
Command switches used :: c:\users\Chiso\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\PBReg.job"
"c:\windows\Tasks\PBRegbk.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\DecABI\dec46DB.tmp
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\programdata\Alwil Software
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100919-2132.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100919-2202.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100920-1230.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100920-1315.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.100919-2203.txt
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\windows\Tasks\PBReg.job
c:\windows\Tasks\PBRegbk.job

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-20 11:14 . 2010-09-24 05:41 -------- d-----w- C:\ComboFix
2010-09-20 10:38 . 2010-09-20 10:38 -------- d-----w- C:\765d1831cc2017207fa002d71a817b
2010-09-20 10:38 . 2010-09-20 10:38 -------- d-----w- C:\b8f3105040b672621e
2010-09-20 10:37 . 2010-09-20 10:39 -------- d-----w- C:\0e44e0005f2de4692b8e04171fef9c
2010-09-20 10:28 . 2010-09-20 10:29 -------- d-----w- C:\21aab065f5c62690569f
2010-09-20 10:27 . 2010-09-20 10:29 -------- d-----w- C:\3e1978efbd501ee0ec858a3782aa4c
2010-09-19 22:37 . 2010-09-19 22:37 -------- d-----w- C:\d0e52ff577b496e1a2
2010-09-19 22:37 . 2010-09-19 22:37 -------- d-----w- C:\8aa4b133b6e5b3925a4c60
2010-09-19 22:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 22:11 . 2010-09-19 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 22:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 21:20 . 2010-09-20 10:46 3847043 ----a-r- C:\ComboFix.exe
2010-09-19 20:12 . 2010-09-19 20:12 -------- d-----w- c:\program files\Trend Micro
2010-09-19 19:52 . 2010-08-30 13:33 43008 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-19 19:52 . 2010-08-30 13:33 338944 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-19 19:52 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-19 19:52 . 2010-08-30 13:33 346112 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-19 17:29 . 2010-09-19 17:29 -------- d-----w- c:\program files\O2_Installer
2010-09-19 16:56 . 2010-09-19 16:56 -------- d-----w- C:\b6523998e3a3e59fe6326553d91ef8
2010-09-19 16:56 . 2010-09-19 16:56 -------- d-----w- C:\89c2732418d824a6944d
2010-09-04 10:55 . 2010-09-04 10:55 -------- d-----w- C:\91206a0e1fefaf618823
2010-09-04 10:54 . 2010-09-04 10:54 -------- d-----w- C:\7ad210a7f5feda2b2e0fc2
2010-09-04 10:12 . 2010-09-04 10:12 -------- d-----w- C:\b357c3b75c2ba9f8a1d57a86
2010-09-04 10:11 . 2010-09-04 10:11 -------- d-----w- C:\05c16f86301004bedc7273489345
2010-09-04 09:58 . 2010-09-04 09:58 -------- d-----w- C:\e6053a7a3ac326d2e4f8bcb9cbfbec
2010-08-28 07:39 . 2010-08-28 07:39 -------- d-----w- c:\users\Chiso\AppData\Roaming\Malwarebytes
2010-08-28 07:39 . 2010-08-28 07:39 -------- d-----w- c:\programdata\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:06 . 2007-09-25 16:22 5676 ----a-w- c:\users\Chiso\AppData\Local\d3d9caps.dat
2010-09-23 17:59 . 2010-09-23 17:59 77312 ----a-w- C:\mbr.exe
2010-09-20 12:44 . 2010-09-20 12:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-19 21:09 . 2007-05-31 22:15 -------- d-----w- c:\program files\Google
2010-09-19 20:08 . 2010-08-23 00:57 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-09-05 19:02 . 2010-06-27 21:28 -------- d-----w- c:\users\Chiso\AppData\Roaming\Spotify
2010-06-27 21:47 . 2010-06-27 21:47 655360 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-06-27 21:47 . 2010-06-27 21:47 282624 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-06-27 21:46 . 2010-06-27 21:46 208896 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2006-10-11 08:04 . 2007-05-31 22:08 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2007-05-31 22:08 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2007-05-31 22:08 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2007-05-31 22:08 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2007-05-31 22:08 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-06-01 06:47 . 2007-06-01 06:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_05.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-31 22:30 . 2010-09-24 08:55 51196 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-24 08:55 57668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-09-24 05:56 57668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-25 15:07 . 2010-09-24 08:55 10292 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3949710415-2586599352-147448324-1002_UserData.bin
- 2007-09-25 15:17 . 2010-09-24 05:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-25 15:17 . 2010-09-24 05:52 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-25 15:17 . 2010-09-24 05:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-25 16:18 . 2010-09-24 08:18 3048 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-09-25 16:18 . 2010-09-24 05:50 3048 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-09-24 05:51 . 2010-09-24 05:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 08:51 . 2010-09-24 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 08:51 . 2010-09-24 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-24 05:51 . 2010-09-24 05:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\TxR\NTUSER.DAT
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\RegBack\NTUSER.DAT
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\Journal\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-29 171448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-17 1006264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 133912]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 154392]
"HostManager"="c:\program files\Common Files\AOL\1180649401\ee\AOLSoftware.exe" [2006-11-14 50736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 21:08]

2010-09-24 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-05-31 16:34]

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{0490A102-D081-49FD-87F5-BF9F7C9949D7}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 13:34
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-24 13:37:11
ComboFix-quarantined-files.txt 2010-09-24 12:37
ComboFix2.txt 2010-09-24 05:59

Pre-Run: 10,874,732,544 bytes free
Post-Run: 10,836,213,760 bytes free

- - End Of File - - 78256B2B3EB8ADCD82C5785BDCC40DE1
radar79
Active Member
 
Posts: 11
Joined: September 20th, 2010, 8:52 am

Re: Multiple Problems with Vista - Suspected Malware

Unread postby askey127 » September 24th, 2010, 9:32 am

rardar,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple Problems with Vista - Suspected Malware

Unread postby radar79 » September 24th, 2010, 10:09 am

no malicious objects found....

----

2010/09/24 14:53:49.0989 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/24 14:53:49.0989 ================================================================================
2010/09/24 14:53:49.0989 SystemInfo:
2010/09/24 14:53:49.0989
2010/09/24 14:53:49.0989 OS Version: 6.0.6000 ServicePack: 0.0
2010/09/24 14:53:49.0989 Product type: Workstation
2010/09/24 14:53:49.0989 ComputerName: CHISO-PC
2010/09/24 14:53:49.0989 UserName: Chiso
2010/09/24 14:53:49.0989 Windows directory: C:\Windows
2010/09/24 14:53:49.0989 System windows directory: C:\Windows
2010/09/24 14:53:49.0989 Processor architecture: Intel x86
2010/09/24 14:53:49.0989 Number of processors: 2
2010/09/24 14:53:49.0989 Page size: 0x1000
2010/09/24 14:53:49.0989 Boot type: Normal boot
2010/09/24 14:53:49.0989 ================================================================================
2010/09/24 14:53:50.0691 Initialize success
2010/09/24 14:56:57.0687 ================================================================================
2010/09/24 14:56:57.0687 Scan started
2010/09/24 14:56:57.0702 Mode: Manual;
2010/09/24 14:56:57.0702 ================================================================================
2010/09/24 14:56:58.0467 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2010/09/24 14:56:58.0529 ADIHdAudAddService (8c5bc02856dcae3b46388e007f33bfba) C:\Windows\system32\drivers\ADIHdAud.sys
2010/09/24 14:56:58.0638 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/24 14:56:58.0716 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/24 14:56:58.0763 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/24 14:56:58.0810 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/24 14:56:58.0888 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/09/24 14:56:58.0966 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/09/24 14:56:59.0028 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/24 14:56:59.0091 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/09/24 14:56:59.0169 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/09/24 14:56:59.0215 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/09/24 14:56:59.0309 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/24 14:56:59.0371 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/09/24 14:56:59.0574 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/24 14:56:59.0637 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/24 14:56:59.0746 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/24 14:56:59.0808 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2010/09/24 14:56:59.0886 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
2010/09/24 14:57:00.0058 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/09/24 14:57:00.0229 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/24 14:57:00.0292 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/24 14:57:00.0323 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/24 14:57:00.0401 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/24 14:57:00.0417 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/24 14:57:00.0448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/24 14:57:00.0495 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/24 14:57:00.0619 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/24 14:57:00.0697 Cam5603D (7621340d31fb049a1257a9840c537c47) C:\Windows\system32\Drivers\BisonCam.sys
2010/09/24 14:57:00.0963 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/24 14:57:01.0009 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/24 14:57:01.0056 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/09/24 14:57:01.0119 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2010/09/24 14:57:01.0228 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/24 14:57:01.0290 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/09/24 14:57:01.0321 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/24 14:57:01.0353 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/24 14:57:01.0415 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/24 14:57:01.0477 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/09/24 14:57:01.0618 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/09/24 14:57:01.0680 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/24 14:57:01.0743 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/24 14:57:01.0789 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/24 14:57:01.0852 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/09/24 14:57:01.0914 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/24 14:57:01.0992 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/09/24 14:57:02.0039 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/24 14:57:02.0133 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/09/24 14:57:02.0195 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/09/24 14:57:02.0242 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/24 14:57:02.0304 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/09/24 14:57:02.0382 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/24 14:57:02.0445 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/24 14:57:02.0585 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/24 14:57:02.0710 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/24 14:57:02.0772 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/24 14:57:02.0819 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/24 14:57:02.0897 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/24 14:57:02.0975 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/24 14:57:03.0037 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2010/09/24 14:57:03.0100 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/24 14:57:03.0178 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/24 14:57:03.0240 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/24 14:57:03.0381 igfx (6ce783058a792c312c73d97a47ba704d) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/24 14:57:03.0505 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/24 14:57:03.0583 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/09/24 14:57:03.0630 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/24 14:57:03.0724 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/24 14:57:03.0802 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/24 14:57:03.0833 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/24 14:57:03.0895 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/09/24 14:57:03.0942 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/09/24 14:57:04.0020 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/24 14:57:04.0067 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/24 14:57:04.0145 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/24 14:57:04.0192 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/24 14:57:04.0270 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/09/24 14:57:04.0317 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/24 14:57:04.0441 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/24 14:57:04.0519 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/24 14:57:04.0551 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/24 14:57:04.0597 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/24 14:57:04.0644 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/09/24 14:57:04.0722 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/24 14:57:04.0753 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/09/24 14:57:04.0785 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/24 14:57:04.0831 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/24 14:57:04.0878 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/09/24 14:57:04.0909 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/09/24 14:57:04.0956 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/09/24 14:57:05.0019 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/24 14:57:05.0097 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/09/24 14:57:05.0128 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/24 14:57:05.0190 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/24 14:57:05.0237 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2010/09/24 14:57:05.0284 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/24 14:57:05.0331 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/24 14:57:05.0362 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/24 14:57:05.0440 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/09/24 14:57:05.0487 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/24 14:57:05.0549 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/09/24 14:57:05.0580 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2010/09/24 14:57:05.0658 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/24 14:57:05.0721 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/24 14:57:05.0752 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/09/24 14:57:05.0799 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/09/24 14:57:05.0877 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/24 14:57:05.0939 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/09/24 14:57:06.0001 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/09/24 14:57:06.0033 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/09/24 14:57:06.0126 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/24 14:57:06.0189 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/09/24 14:57:06.0282 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/24 14:57:06.0298 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/24 14:57:06.0345 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/24 14:57:06.0391 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/09/24 14:57:06.0438 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/24 14:57:06.0485 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/24 14:57:06.0625 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/24 14:57:06.0672 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/09/24 14:57:06.0750 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/24 14:57:06.0813 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2010/09/24 14:57:06.0891 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/24 14:57:06.0937 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/09/24 14:57:07.0015 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/24 14:57:07.0047 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/24 14:57:07.0109 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/09/24 14:57:07.0281 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/09/24 14:57:07.0359 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/24 14:57:07.0421 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/09/24 14:57:07.0468 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/24 14:57:07.0515 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2010/09/24 14:57:07.0546 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/09/24 14:57:07.0608 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/24 14:57:07.0749 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/24 14:57:07.0967 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/24 14:57:08.0061 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/24 14:57:08.0185 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/24 14:57:08.0248 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/24 14:57:08.0326 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/24 14:57:08.0419 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/24 14:57:08.0466 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/24 14:57:08.0544 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/24 14:57:08.0622 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/24 14:57:08.0669 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/24 14:57:08.0731 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/24 14:57:08.0794 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/24 14:57:08.0872 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/09/24 14:57:08.0934 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/24 14:57:09.0012 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/09/24 14:57:09.0121 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/24 14:57:09.0184 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/24 14:57:09.0231 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/09/24 14:57:09.0324 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/24 14:57:09.0402 RTL8023xp (fdde6b3598660d3c51cb45eb3a95fe67) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/09/24 14:57:09.0480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/24 14:57:09.0558 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/24 14:57:09.0636 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/24 14:57:09.0714 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/24 14:57:09.0761 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/24 14:57:09.0808 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2010/09/24 14:57:09.0917 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/24 14:57:09.0979 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/24 14:57:10.0042 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/24 14:57:10.0089 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/24 14:57:10.0182 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/09/24 14:57:10.0260 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/24 14:57:10.0307 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/24 14:57:10.0385 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/09/24 14:57:10.0463 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/09/24 14:57:10.0541 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2010/09/24 14:57:10.0619 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/24 14:57:10.0713 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/24 14:57:10.0837 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/24 14:57:10.0900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/24 14:57:10.0962 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/24 14:57:11.0025 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/24 14:57:11.0118 SynTP (24b43e9a3e6cacf9afc69f48e9deb690) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/24 14:57:11.0243 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2010/09/24 14:57:11.0368 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/24 14:57:11.0430 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/24 14:57:11.0477 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/09/24 14:57:11.0555 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/24 14:57:11.0602 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/24 14:57:11.0664 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/24 14:57:11.0789 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/24 14:57:11.0851 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/24 14:57:11.0883 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/24 14:57:11.0961 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/24 14:57:12.0007 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/24 14:57:12.0085 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/24 14:57:12.0132 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/24 14:57:12.0179 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/24 14:57:12.0257 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/24 14:57:12.0304 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/24 14:57:12.0382 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/24 14:57:12.0460 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/24 14:57:12.0553 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/24 14:57:12.0631 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/24 14:57:12.0694 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/24 14:57:12.0741 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/24 14:57:12.0756 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/24 14:57:12.0819 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/24 14:57:12.0881 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/24 14:57:12.0928 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/24 14:57:13.0006 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/24 14:57:13.0053 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/09/24 14:57:13.0099 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/09/24 14:57:13.0131 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/24 14:57:13.0177 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/09/24 14:57:13.0209 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2010/09/24 14:57:13.0255 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/09/24 14:57:13.0287 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2010/09/24 14:57:13.0333 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/24 14:57:13.0396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/24 14:57:13.0458 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/24 14:57:13.0489 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/24 14:57:13.0583 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2010/09/24 14:57:13.0692 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/24 14:57:13.0739 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/24 14:57:13.0864 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
2010/09/24 14:57:13.0942 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/24 14:57:14.0004 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/24 14:57:14.0051 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/24 14:57:14.0129 ================================================================================
2010/09/24 14:57:14.0129 Scan finished
2010/09/24 14:57:14.0129 ================================================================================
2010/09/24 14:59:29.0256 Deinitialize success
radar79
Active Member
 
Posts: 11
Joined: September 20th, 2010, 8:52 am

Re: Multiple Problems with Vista - Suspected Malware

Unread postby askey127 » September 24th, 2010, 10:49 am

radar,
That doesn't show any system file changes from one of the most common recent infections.
I don't see signs of any infections.

I would do a check to be sure the RAM is OK. You will need to burn a boot CD using memtest. It is easy and quick if you have a blank CD.
Download pre-built bootable iso (zip) from here: http://www.memtest.org/#downiso
If you burn the CD, boot the machine from the CD, and let it run for 30-60 mins. or so, it should give no errors,

If the testing for RAM looks OK, then:
==========================================================================
Vista SP1 has been twitchy to install for some.
Vista SP1 installation failures:
http://forums.cnet.com/5208-12546_102-0 ... dID=297333
Google "Vista SP1 install failure" and similar.

Once the system gets some age without the sevrvice pack, things seem to get worse.

It's possible that you have had one of the "polymorphic" infections at one time in the past (Virut, Sality), and it left the Vista system with some corrupt files.
I'm beginning to think that you will need to set the system back to its "as purchased" state using the Recovery partition if it has one, or doing a complete reformat/re-install using the original Vista disk, if there is one.
I don't think you will be able to tolerate the problems you will encounter in the future without having SP1 installed.
Microsoft has terminated support for Vista without SP1.
...and the machine will be vulnerable to infections.

Of course you would need to back up all your data files, and collect any installation disks, and installation key codes for downloaded programs.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple Problems with Vista - Suspected Malware

Unread postby radar79 » September 24th, 2010, 12:04 pm

Okay, thanks Aksey. I'll do some digging and if nothing else works, it might be time to try Win7! :)
radar79
Active Member
 
Posts: 11
Joined: September 20th, 2010, 8:52 am

Re: Multiple Problems with Vista - Suspected Malware

Unread postby askey127 » September 24th, 2010, 2:59 pm

radar79,
If you need help on anything further within the next 3 days, post back here.
We will normally close this thread at that time.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple Problems with Vista - Suspected Malware

Unread postby askey127 » September 27th, 2010, 5:36 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware