DEVASTATION!

[essexboy]

What did it find ? as that is the setup and self check log

[tanzanos]

I don't know as it did not mention them. All it said was "Attention, viruses have been found during the scan RC (......". Also it does not complete in order to reach the point where a scan log is made. The report I posted is all that is generated and there are no other folders in the C/USERS/..../DR Web folder apart from the report I attached.   Dr Web only runs after normal boot; It does not run properly in Safe boot mode.

I run tdsskiller and it found the following:

2011/06/19 09:22:19.0679 4196   Detected object count: 1
2011/06/19 09:22:19.0679 4196   Actual detected object count: 1
2011/06/19 09:22:40.0193 4196   sptd            (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
2011/06/19 09:22:40.0193 4196   Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
2011/06/19 09:22:40.0193 4196   C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/06/19 09:22:40.0208 4196   LockedFile.Multi.Generic(sptd) - User select action: Quarantine

[tanzanos]

I tried Dr web once more in safe mode and this time it completed the scan and found nothing? Before it had found viruses but could not complete the scan? This is very weird. Something is disabling security center. Something is hiding the Avast icon in the toolbar and only when I run Avast again does it show up. Something is redirecting on both web browsers?

I really need to kill this bug(s). A reformat is almost out of the question!

Someone must know how to find and DESTROY this bug?

[essexboy]

Lets review all your start up elements

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:

Do you want to skip supplementary searches?
click NO[/list]

• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and attach it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[tanzanos]

I went to the registry that was pointed out by spybot and changed START from 3(manual start) to 2(automatic start) Then I uninstalled, rebooted and reinstalled Avast. now it seems that I no longer have a problem. Security centre is working. Avast is working, and I do not see any redirects in my browsers. I hope that this is not a temporary situation.

Please find attached the report you requested. EB, I truly wish to thank you for all the time and effort you have put into helping resolve my problem. Something must have worked! 

[essexboy]

Sometimes that happens - the blindingly obvious is missed

That will be a permanent solution, but at least now you can be fairly confident that nothing is lurking

Leave it run for a day or so before I remove my tools just to be sure 

[tanzanos]

Thanks a million mate I shall wait and will let you know if this bug returns! And now for some Government virus cleaning (we are cleaning our parliament off corrupt MPs)This is the worst type of virus! It corrupts all of society!

Once more thank you!

[tanzanos]

Something is not right! EB, this bug must have done something to my system; when I go to this link and scroll down to the bottom I see html code??
http://www.icrass.com/component/content/article/34-demo-category/58-international-center-for-robotics-and-advanced-space-studies.html

[DavidR]

You can see it in firefox also, so it is more to do with botched code on the page not hiding that.

[Asyn]

You can see it in firefox also, so it is more to do with botched code on the page not hiding that.

Confirming this.
No idea, if it's bad coding or for purpose - no time to analyse.
But it is not related to your prior problem.

[tanzanos]

TDSSKILLER has quarantined the following file:
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 34f974f8b3c86de03a30dcbe79091c97

Is this a false positive? If yes then how do I un-quarantine it?

[essexboy]

Do you use daemon tolls ?  If not then ignore it

[Dch48]

You can see it in firefox also, so it is more to do with botched code on the page not hiding that.

It's like that in Chrome too.

[tanzanos]

Do you use daemon tolls ?  If not then ignore it

Yes I use Daemon tools. Some progs don't work now. How can I un quarantine the file?

[essexboy]

I would download a fresh copy from here to be on the safe side
http://www.duplexsecure.com/downloads