TechSpot

Boot.tideserv on Home PC

By JAllman
Nov 8, 2010
  1. Norton found boot.tidserv on the family PC but cannot resolve it. I will follow instructions from here http://www.techspot.com/vb/topic58138.html

    I understand the purpose of these steps is to generate log files for your review. Please let me know if there is anything else I should do at this point.

    I have access to other PCs thats are not infected. I will download all files from here.

    Thanks in advance for your help!
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Post the logs when you are ready and I will take a look.
     
  3. JAllman

    JAllman TS Rookie Topic Starter Posts: 17

    Okay, thanks for your patience. I finally got around to this. It seems, at least for now, that the system is running much better after malwarebytes found and fixed several infected files. Anyway, I am not sure the issue is resolved so here are the logs:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5110

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    11/13/2010 4:14:13 PM
    mbam-log-2010-11-13 (16-14-13).txt

    Scan type: Quick scan
    Objects scanned: 191495
    Time elapsed: 17 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 16
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 17

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BACKGROUND_SWITCH (Worm.AutoRun) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackGround switch (Worm.AutoRun) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Compaq_Owner\Desktop\flash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Owner\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
    C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
    C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gasfkygikmsjwy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gasfkymjlbbgox.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM8f3da54b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM8f3da54b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\irc.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-13 16:36:21
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3200822AS rev.3.02
    Running: lzcgnt2n.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldipow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----



    DDS (Ver_10-11-08.01) - NTFSx86
    Run by Compaq_Owner at 16:44:20.68 on Sat 11/13/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.925 [GMT -6:00]

    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 4 for tidserv.zip\tidserv\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mianotes5.notes.assurant.com/iNotes6W.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mianotes5.notes.assurant.com/dwa8W.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
    Filter: text/html - {658bb697-7be1-4711-9739-4f7f78ea3636} -
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 63.135.80.49 ilovemrsyoubear.com

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-30 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-30 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-13 691248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-30 134704]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-30 126904]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-13 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101112.001\IDSXpx86.sys [2010-10-19 341880]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101113.003\NAVENG.SYS [2010-11-13 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101113.003\NAVEX15.SYS [2010-11-13 1371184]

    =============== Created Last 30 ================

    2010-11-13 21:54:21 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
    2010-11-13 21:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:54:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-13 21:54:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-13 21:54:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-30 19:41:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-10-30 19:41:43 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-10-30 19:41:43 -------- d-----w- c:\program files\Symantec
    2010-10-30 19:41:29 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys
    2010-10-30 19:41:29 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys
    2010-10-30 19:41:29 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys
    2010-10-30 19:41:29 369072 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdi.sys
    2010-10-30 19:41:29 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys
    2010-10-30 19:41:29 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys
    2010-10-30 19:41:29 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys
    2010-10-30 19:41:28 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys
    2010-10-30 19:40:52 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
    2010-10-30 19:40:52 -------- d-----w- c:\windows\system32\drivers\NAV
    2010-10-30 19:40:49 -------- d-----w- c:\program files\Norton AntiVirus
    2010-10-30 19:40:02 -------- d-----w- c:\program files\NortonInstaller
    2010-10-30 17:23:16 -------- d-----w- C:\NBRT

    ==================== Find3M ====================

    2009-10-02 02:56:25 13899 ----a-w- c:\program files\common files\xikikoli.bin
    2009-10-02 02:56:25 13567 ----a-w- c:\program files\common files\roryruni.exe
    2009-10-02 02:56:25 13317 ----a-w- c:\program files\common files\zacaji.reg

    ============= FINISH: 16:45:22.56 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-08.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/25/2008 10:21:21 AM
    System Uptime: 11/13/2010 4:39:19 PM (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | Salmon
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 180 GiB total, 121.104 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 0.998 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP514: 8/14/2010 10:35:32 AM - System Checkpoint
    RP515: 8/15/2010 11:00:02 AM - System Checkpoint
    RP516: 8/17/2010 9:50:18 PM - System Checkpoint
    RP517: 8/21/2010 10:13:00 AM - System Checkpoint
    RP518: 8/29/2010 3:45:18 PM - System Checkpoint
    RP519: 8/31/2010 11:58:11 AM - System Checkpoint
    RP520: 9/2/2010 6:59:05 PM - System Checkpoint
    RP521: 9/5/2010 5:32:25 PM - System Checkpoint
    RP522: 9/6/2010 5:52:11 PM - System Checkpoint
    RP523: 9/7/2010 6:35:41 PM - System Checkpoint
    RP524: 9/8/2010 7:55:42 PM - System Checkpoint
    RP525: 9/11/2010 10:31:53 AM - System Checkpoint
    RP526: 9/13/2010 7:24:16 PM - System Checkpoint
    RP527: 9/16/2010 8:27:05 AM - System Checkpoint
    RP528: 9/17/2010 10:03:09 AM - System Checkpoint
    RP529: 9/18/2010 10:45:10 AM - System Checkpoint
    RP530: 9/20/2010 11:40:08 AM - System Checkpoint
    RP531: 9/20/2010 8:17:11 PM - Update to an unsigned driver
    RP532: 9/21/2010 8:45:35 PM - System Checkpoint
    RP533: 9/24/2010 8:49:04 PM - System Checkpoint
    RP534: 9/25/2010 9:12:40 AM - Unsigned driver install
    RP535: 10/2/2010 11:04:17 AM - System Checkpoint
    RP536: 10/6/2010 8:51:57 AM - System Checkpoint
    RP537: 10/9/2010 4:16:01 PM - System Checkpoint
    RP538: 10/12/2010 8:02:49 PM - System Checkpoint
    RP539: 10/15/2010 9:13:34 AM - Software Distribution Service 3.0
    RP540: 10/16/2010 11:14:14 AM - System Checkpoint
    RP541: 10/17/2010 3:08:03 PM - System Checkpoint
    RP542: 10/18/2010 6:50:59 PM - System Checkpoint
    RP543: 10/23/2010 12:09:23 PM - System Checkpoint
    RP544: 10/24/2010 1:35:43 PM - System Checkpoint
    RP545: 10/30/2010 11:06:39 AM - System Checkpoint
    RP546: 10/30/2010 11:47:21 PM - Software Distribution Service 3.0
    RP547: 11/1/2010 3:15:10 PM - System Checkpoint
    RP548: 11/2/2010 10:12:29 PM - Removed Google Toolbar for Internet Explorer
    RP549: 11/2/2010 10:12:53 PM - Removed iLike Sidebar
    RP550: 11/6/2010 10:58:14 AM - System Checkpoint
    RP551: 11/10/2010 8:17:15 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player
    Agere Systems PCI Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Blackhawk Striker 2 from Compaq (remove only)
    Blasterball 2 from Compaq (remove only)
    Blasterball 2 Holidays from Compaq (remove only)
    Blasterball 2 Remix from Compaq (remove only)
    Bounce Symphony from Compaq (remove only)
    Compaq Connections
    Critical Update for Windows Media Player 11 (KB959772)
    Crystal Maze from Compaq (remove only)
    D-Link VGA Webcam
    Final Drive Nitro from Compaq (remove only)
    Help and Support Additions
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Boot Optimizer
    HP Deskjet 3840
    HP Help and Support 4.0
    HP Software Update
    HpSdpAppCoreApp
    InterVideo WinDVD Player
    iTunes
    J2SE Runtime Environment 5.0
    Java(TM) 6 Update 7
    KBD
    Lexibox Deluxe from Compaq (remove only)
    LightScribe System Software 1.17.90.1
    Malwarebytes' Anti-Malware
    Meeting Service
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Dancer LE
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MLB.TV NexDef Plug-in
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton AntiVirus
    Overball from Compaq (remove only)
    PC-Doctor for Windows
    Phoenix Assault from Compaq (remove only)
    Pinnacle Instant DVD Recorder
    Polar Bowler from Compaq (remove only)
    Polar Golfer from Compaq (remove only)
    PS2
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    QuickTime
    RealPlayer
    Remove Adobe Photoshop Album 2.0 Starter Edition installer
    Remove Microsoft Money 2005 installer
    Remove Quicken New User Edition installer
    Remove WeatherBug installer
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shooting Stars Pool from Compaq (remove only)
    SiS VGA Utilities
    Slyder from Compaq (remove only)
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    SpySubtract
    Super Granny from Compaq (remove only)
    Tradewinds from Compaq (remove only)
    TVAnts 1.0
    TVUPlayer 2.5.2.2
    Update for Windows XP (KB898461)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891781

    ==== Event Viewer Messages From Past Week ========

    11/7/2010 5:33:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
    11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/7/2010 5:32:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/7/2010 5:32:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/6/2010 9:55:28 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
    11/6/2010 8:39:10 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
    11/13/2010 4:36:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/13/2010 4:20:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k

    ==== End Of File ===========================
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    You are running those tools from a temporary folder. Please move them to the desktop before doing anything else.

    ==

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    ============

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  5. JAllman

    JAllman TS Rookie Topic Starter Posts: 17

    I appreciate your quick response, especially on the weekend. Here are the new logs.


    2010/11/13 22:13:12.0968 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/13 22:13:12.0968 ================================================================================
    2010/11/13 22:13:12.0968 SystemInfo:
    2010/11/13 22:13:12.0968
    2010/11/13 22:13:12.0968 OS Version: 5.1.2600 ServicePack: 2.0
    2010/11/13 22:13:12.0968 Product type: Workstation
    2010/11/13 22:13:12.0968 ComputerName: HOME
    2010/11/13 22:13:12.0968 UserName: Compaq_Owner
    2010/11/13 22:13:12.0968 Windows directory: C:\WINDOWS
    2010/11/13 22:13:12.0968 System windows directory: C:\WINDOWS
    2010/11/13 22:13:12.0968 Processor architecture: Intel x86
    2010/11/13 22:13:12.0968 Number of processors: 1
    2010/11/13 22:13:12.0968 Page size: 0x1000
    2010/11/13 22:13:12.0968 Boot type: Normal boot
    2010/11/13 22:13:12.0968 ================================================================================
    2010/11/13 22:13:13.0562 Initialize success
    2010/11/13 22:13:33.0687 ================================================================================
    2010/11/13 22:13:33.0687 Scan started
    2010/11/13 22:13:33.0687 Mode: Manual;
    2010/11/13 22:13:33.0687 ================================================================================
    2010/11/13 22:13:34.0625 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/13 22:13:34.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/13 22:13:35.0359 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/13 22:13:35.0625 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/13 22:13:36.0203 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2010/11/13 22:13:37.0968 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2010/11/13 22:13:39.0000 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2010/11/13 22:13:39.0484 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/11/13 22:13:40.0359 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/13 22:13:40.0593 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/13 22:13:41.0046 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/13 22:13:41.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/13 22:13:41.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/13 22:13:41.0875 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    2010/11/13 22:13:42.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/13 22:13:42.0578 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/13 22:13:43.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/13 22:13:43.0375 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/13 22:13:43.0625 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/13 22:13:45.0000 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
    2010/11/13 22:13:45.0281 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/13 22:13:45.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/13 22:13:46.0343 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/13 22:13:46.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/13 22:13:46.0890 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/13 22:13:47.0343 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/13 22:13:47.0531 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/11/13 22:13:47.0843 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
    2010/11/13 22:13:47.0984 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/11/13 22:13:48.0937 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/13 22:13:49.0984 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
    2010/11/13 22:13:50.0593 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/13 22:13:50.0828 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
    2010/11/13 22:13:51.0078 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/13 22:13:51.0296 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/13 22:13:51.0609 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/13 22:13:51.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/13 22:13:52.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/13 22:13:52.0375 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    2010/11/13 22:13:52.0703 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/13 22:13:53.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/13 22:13:53.0296 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/13 22:13:54.0078 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/13 22:13:54.0718 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/13 22:13:54.0968 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
    2010/11/13 22:13:55.0296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/13 22:13:55.0765 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/13 22:13:56.0203 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/13 22:13:56.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/13 22:13:56.0671 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/13 22:13:56.0953 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/13 22:13:57.0203 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/13 22:13:57.0421 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/13 22:13:57.0656 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/13 22:13:57.0906 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/13 22:13:58.0171 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/13 22:13:58.0437 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/13 22:13:58.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/13 22:13:59.0156 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/13 22:13:59.0359 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/13 22:13:59.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/13 22:13:59.0937 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/13 22:14:00.0171 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2010/11/13 22:14:00.0671 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/13 22:14:01.0140 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/13 22:14:01.0578 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/13 22:14:01.0953 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/13 22:14:02.0218 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/13 22:14:02.0437 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/13 22:14:02.0750 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/13 22:14:03.0046 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/13 22:14:03.0375 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/13 22:14:03.0734 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/13 22:14:04.0109 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVENG.SYS
    2010/11/13 22:14:04.0750 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVEX15.SYS
    2010/11/13 22:14:05.0296 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/13 22:14:05.0625 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/13 22:14:05.0906 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/13 22:14:06.0156 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/13 22:14:06.0656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/13 22:14:06.0890 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/13 22:14:07.0109 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/13 22:14:07.0375 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/13 22:14:07.0687 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/11/13 22:14:07.0921 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/13 22:14:08.0296 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/13 22:14:08.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/13 22:14:08.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/13 22:14:09.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/13 22:14:09.0656 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/11/13 22:14:10.0046 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
    2010/11/13 22:14:10.0296 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/13 22:14:10.0609 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/13 22:14:10.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/13 22:14:11.0078 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
    2010/11/13 22:14:11.0312 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/13 22:14:11.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/13 22:14:12.0000 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/13 22:14:13.0546 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/13 22:14:13.0765 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/11/13 22:14:14.0031 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
    2010/11/13 22:14:14.0265 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/13 22:14:14.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/13 22:14:14.0734 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/13 22:14:15.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/13 22:14:16.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/13 22:14:16.0421 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/13 22:14:16.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/13 22:14:16.0906 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/13 22:14:17.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/13 22:14:17.0453 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/13 22:14:17.0718 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/13 22:14:17.0968 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/11/13 22:14:18.0218 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
    2010/11/13 22:14:18.0468 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/13 22:14:18.0718 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/13 22:14:18.0937 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/13 22:14:19.0265 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/13 22:14:20.0421 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    2010/11/13 22:14:20.0640 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    2010/11/13 22:14:20.0921 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
    2010/11/13 22:14:21.0171 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/13 22:14:21.0640 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/13 22:14:21.0890 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/13 22:14:22.0296 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS
    2010/11/13 22:14:22.0531 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    2010/11/13 22:14:22.0875 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/13 22:14:23.0171 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/13 22:14:23.0406 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/13 22:14:23.0640 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/13 22:14:24.0359 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
    2010/11/13 22:14:25.0015 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
    2010/11/13 22:14:25.0546 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2010/11/13 22:14:25.0812 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
    2010/11/13 22:14:26.0171 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
    2010/11/13 22:14:26.0828 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/13 22:14:27.0187 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/13 22:14:27.0468 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/13 22:14:27.0703 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/13 22:14:27.0921 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/13 22:14:28.0375 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/13 22:14:28.0921 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/13 22:14:29.0218 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/11/13 22:14:29.0484 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/13 22:14:29.0750 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/13 22:14:29.0984 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/13 22:14:30.0234 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/13 22:14:30.0468 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/11/13 22:14:30.0703 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/13 22:14:30.0921 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/13 22:14:31.0156 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/13 22:14:31.0390 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/13 22:14:31.0640 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/13 22:14:31.0875 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/11/13 22:14:32.0140 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/13 22:14:32.0375 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/13 22:14:32.0828 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/13 22:14:33.0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/11/13 22:14:33.0562 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/13 22:14:33.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/13 22:14:34.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/13 22:14:34.0171 ================================================================================
    2010/11/13 22:14:34.0171 Scan finished
    2010/11/13 22:14:34.0171 ================================================================================

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x000007bc

    Kernel Drivers (total 130):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806CE000 \WINDOWS\system32\hal.dll
    0xBADA8000 \WINDOWS\system32\KDCOM.DLL
    0xBACB8000 \WINDOWS\system32\BOOTVID.dll
    0xBA779000 ACPI.sys
    0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xBA768000 pci.sys
    0xBA8A8000 isapnp.sys
    0xBA8B8000 ohci1394.sys
    0xBA8C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBAE70000 pciide.sys
    0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA8D8000 MountMgr.sys
    0xBA749000 ftdisk.sys
    0xBAB30000 PartMgr.sys
    0xBA8E8000 VolSnap.sys
    0xBA731000 atapi.sys
    0xBA70E000 fasttx2k.sys
    0xBA6F6000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xBA8F8000 disk.sys
    0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xBA6D7000 fltMgr.sys
    0xBA680000 SYMDS.SYS
    0xBA66E000 sr.sys
    0xBA5C5000 SYMEFA.SYS
    0xBAB38000 PxHelp20.sys
    0xBA5AE000 KSecDD.sys
    0xBA521000 Ntfs.sys
    0xBA4F4000 NDIS.sys
    0xBA4D9000 Mup.sys
    0xBA918000 gagp30kx.sys
    0xBA958000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB99AE000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB993D000 \SystemRoot\system32\DRIVERS\sisgrp.sys
    0xB9929000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB999E000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB998E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB997E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9906000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBAD88000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xB96D0000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xB96AC000 \SystemRoot\system32\drivers\portcls.sys
    0xBAA78000 \SystemRoot\system32\drivers\drmk.sys
    0xBACA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB9689000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBACB0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBAB68000 \SystemRoot\system32\DRIVERS\sisnic.sys
    0xB9553000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xBAB70000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA978000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBAD84000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB953F000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA9F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBAB78000 \SystemRoot\system32\DRIVERS\PS2.sys
    0xBAB80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBAFC5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBAA08000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBAD90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9528000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBAA18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBAA28000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBAB88000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9517000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBAA38000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBAB90000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBAB98000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBAA48000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBABA0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBAE4C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB94BB000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA4B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBAAF8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAF0CA000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBADFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBAE10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBAF8B000 \SystemRoot\System32\Drivers\Null.SYS
    0xBADF4000 \SystemRoot\System32\Drivers\Beep.SYS
    0xAF16F000 \SystemRoot\System32\drivers\vga.sys
    0xBAE16000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBAE18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xAED83000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xAED7B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB93A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAD977000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAD91F000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAD878000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS
    0xAD811000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xAD7F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB9310000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB92F0000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAD798000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
    0xAD770000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAD74E000 \SystemRoot\System32\drivers\afd.sys
    0xBAA68000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAD72B000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
    0xBAA98000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    0xBA499000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xAD700000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAD691000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBAAB8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAD633000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xAD616000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xAD56A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    0xAF2A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBAB18000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBABF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBAC00000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBAC68000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xAF2A2000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xAD547000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xAF05A000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAD52F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBAE20000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9390000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBAC58000 \SystemRoot\System32\watchdog.sys
    0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
    0xAEE02000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D6000 \SystemRoot\System32\SiSGRV.dll
    0xAD4B7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAD3A2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xAD2FB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xACF5A000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
    0xACE0C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVEX15.SYS
    0xACDF8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVENG.SYS
    0xACC7B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB9300000 \SystemRoot\system32\drivers\sysaudio.sys
    0xAC91B000 \SystemRoot\System32\Drivers\HTTP.sys
    0xAC7F1000 \SystemRoot\system32\drivers\klmd.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 28):
    0 System Idle Process
    4 System
    484 C:\WINDOWS\system32\smss.exe
    568 csrss.exe
    592 C:\WINDOWS\system32\winlogon.exe
    636 C:\WINDOWS\system32\services.exe
    648 C:\WINDOWS\system32\lsass.exe
    800 C:\WINDOWS\system32\svchost.exe
    856 svchost.exe
    924 C:\WINDOWS\system32\svchost.exe
    1024 svchost.exe
    1108 svchost.exe
    1252 C:\WINDOWS\system32\spoolsv.exe
    1332 svchost.exe
    1388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1412 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    1580 C:\WINDOWS\system32\svchost.exe
    492 alg.exe
    764 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    1280 C:\WINDOWS\explorer.exe
    672 C:\WINDOWS\system32\wscntfy.exe
    1168 C:\WINDOWS\system32\ctfmon.exe
    2264 C:\WINDOWS\system32\taskmgr.exe
    2392 C:\Program Files\Mozilla Firefox\firefox.exe
    3048 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3660 C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
    2212 C:\WINDOWS\system32\notepad.exe
    2780 C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.02

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Legit MBR code detected
    SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


    Done!
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    Logs look ok.

    Just to be sure, can you do an on-line virus scan and post the results.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...