[Active] Boot.tideserv on Home PC

JAllman · Nov 8, 2010

Norton found boot.tidserv on the family PC but cannot resolve it. I will follow instructions from here http://www.techspot.com/vb/topic58138.html

I understand the purpose of these steps is to generate log files for your review. Please let me know if there is anything else I should do at this point.

I have access to other PCs thats are not infected. I will download all files from here.

Thanks in advance for your help!

crunchie · Nov 8, 2010

Post the logs when you are ready and I will take a look.

JAllman · Nov 13, 2010

Okay, thanks for your patience. I finally got around to this. It seems, at least for now, that the system is running much better after malwarebytes found and fixed several infected files. Anyway, I am not sure the issue is resolved so here are the logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5110

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/13/2010 4:14:13 PM
mbam-log-2010-11-13 (16-14-13).txt

Scan type: Quick scan
Objects scanned: 191495
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 16
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BACKGROUND_SWITCH (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackGround switch (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Owner\Desktop\flash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkygikmsjwy.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkymjlbbgox.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f3da54b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f3da54b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\irc.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-13 16:36:21
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3200822AS rev.3.02
Running: lzcgnt2n.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldipow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-08.01) - NTFSx86
Run by Compaq_Owner at 16:44:20.68 on Sat 11/13/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407.925 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 4 for tidserv.zip\tidserv\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mianotes5.notes.assurant.com/iNotes6W.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mianotes5.notes.assurant.com/dwa8W.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
Filter: text/html - {658bb697-7be1-4711-9739-4f7f78ea3636} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 63.135.80.49 ilovemrsyoubear.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-30 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-30 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-13 691248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-30 134704]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-30 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101112.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101113.003\NAVENG.SYS [2010-11-13 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101113.003\NAVEX15.SYS [2010-11-13 1371184]

=============== Created Last 30 ================

2010-11-13 21:54:21 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-11-13 21:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 21:54:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-13 21:54:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-13 21:54:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 19:41:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-30 19:41:43 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-30 19:41:43 -------- d-----w- c:\program files\Symantec
2010-10-30 19:41:29 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys
2010-10-30 19:41:29 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys
2010-10-30 19:41:29 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys
2010-10-30 19:41:29 369072 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdi.sys
2010-10-30 19:41:29 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys
2010-10-30 19:41:29 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys
2010-10-30 19:41:29 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys
2010-10-30 19:41:28 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys
2010-10-30 19:40:52 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
2010-10-30 19:40:52 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-30 19:40:49 -------- d-----w- c:\program files\Norton AntiVirus
2010-10-30 19:40:02 -------- d-----w- c:\program files\NortonInstaller
2010-10-30 17:23:16 -------- d-----w- C:\NBRT

==================== Find3M ====================

2009-10-02 02:56:25 13899 ----a-w- c:\program files\common files\xikikoli.bin
2009-10-02 02:56:25 13567 ----a-w- c:\program files\common files\roryruni.exe
2009-10-02 02:56:25 13317 ----a-w- c:\program files\common files\zacaji.reg

============= FINISH: 16:45:22.56 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-08.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2008 10:21:21 AM
System Uptime: 11/13/2010 4:39:19 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 121.104 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.998 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP514: 8/14/2010 10:35:32 AM - System Checkpoint
RP515: 8/15/2010 11:00:02 AM - System Checkpoint
RP516: 8/17/2010 9:50:18 PM - System Checkpoint
RP517: 8/21/2010 10:13:00 AM - System Checkpoint
RP518: 8/29/2010 3:45:18 PM - System Checkpoint
RP519: 8/31/2010 11:58:11 AM - System Checkpoint
RP520: 9/2/2010 6:59:05 PM - System Checkpoint
RP521: 9/5/2010 5:32:25 PM - System Checkpoint
RP522: 9/6/2010 5:52:11 PM - System Checkpoint
RP523: 9/7/2010 6:35:41 PM - System Checkpoint
RP524: 9/8/2010 7:55:42 PM - System Checkpoint
RP525: 9/11/2010 10:31:53 AM - System Checkpoint
RP526: 9/13/2010 7:24:16 PM - System Checkpoint
RP527: 9/16/2010 8:27:05 AM - System Checkpoint
RP528: 9/17/2010 10:03:09 AM - System Checkpoint
RP529: 9/18/2010 10:45:10 AM - System Checkpoint
RP530: 9/20/2010 11:40:08 AM - System Checkpoint
RP531: 9/20/2010 8:17:11 PM - Update to an unsigned driver
RP532: 9/21/2010 8:45:35 PM - System Checkpoint
RP533: 9/24/2010 8:49:04 PM - System Checkpoint
RP534: 9/25/2010 9:12:40 AM - Unsigned driver install
RP535: 10/2/2010 11:04:17 AM - System Checkpoint
RP536: 10/6/2010 8:51:57 AM - System Checkpoint
RP537: 10/9/2010 4:16:01 PM - System Checkpoint
RP538: 10/12/2010 8:02:49 PM - System Checkpoint
RP539: 10/15/2010 9:13:34 AM - Software Distribution Service 3.0
RP540: 10/16/2010 11:14:14 AM - System Checkpoint
RP541: 10/17/2010 3:08:03 PM - System Checkpoint
RP542: 10/18/2010 6:50:59 PM - System Checkpoint
RP543: 10/23/2010 12:09:23 PM - System Checkpoint
RP544: 10/24/2010 1:35:43 PM - System Checkpoint
RP545: 10/30/2010 11:06:39 AM - System Checkpoint
RP546: 10/30/2010 11:47:21 PM - Software Distribution Service 3.0
RP547: 11/1/2010 3:15:10 PM - System Checkpoint
RP548: 11/2/2010 10:12:29 PM - Removed Google Toolbar for Internet Explorer
RP549: 11/2/2010 10:12:53 PM - Removed iLike Sidebar
RP550: 11/6/2010 10:58:14 AM - System Checkpoint
RP551: 11/10/2010 8:17:15 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Compaq Connections
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Compaq (remove only)
D-Link VGA Webcam
Final Drive Nitro from Compaq (remove only)
Help and Support Additions
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet 3840
HP Help and Support 4.0
HP Software Update
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 7
KBD
Lexibox Deluxe from Compaq (remove only)
LightScribe System Software 1.17.90.1
Malwarebytes' Anti-Malware
Meeting Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MLB.TV NexDef Plug-in
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Overball from Compaq (remove only)
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Pinnacle Instant DVD Recorder
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shooting Stars Pool from Compaq (remove only)
SiS VGA Utilities
Slyder from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpySubtract
Super Granny from Compaq (remove only)
Tradewinds from Compaq (remove only)
TVAnts 1.0
TVUPlayer 2.5.2.2
Update for Windows XP (KB898461)
Update for Windows XP (KB927891)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

11/7/2010 5:33:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2010 5:33:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/7/2010 5:32:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2010 5:32:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/6/2010 9:55:28 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
11/6/2010 8:39:10 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
11/13/2010 4:36:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 4:20:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k

==== End Of File ===========================

crunchie · Nov 13, 2010

You are running those tools from a temporary folder. Please move them to the desktop before doing anything else.

==

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.

Extract its contents to your desktop.

Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

============

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

JAllman · Nov 13, 2010

I appreciate your quick response, especially on the weekend. Here are the new logs.

2010/11/13 22:13:12.0968 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 22:13:12.0968 ================================================================================
2010/11/13 22:13:12.0968 SystemInfo:
2010/11/13 22:13:12.0968
2010/11/13 22:13:12.0968 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/13 22:13:12.0968 Product type: Workstation
2010/11/13 22:13:12.0968 ComputerName: HOME
2010/11/13 22:13:12.0968 UserName: Compaq_Owner
2010/11/13 22:13:12.0968 Windows directory: C:\WINDOWS
2010/11/13 22:13:12.0968 System windows directory: C:\WINDOWS
2010/11/13 22:13:12.0968 Processor architecture: Intel x86
2010/11/13 22:13:12.0968 Number of processors: 1
2010/11/13 22:13:12.0968 Page size: 0x1000
2010/11/13 22:13:12.0968 Boot type: Normal boot
2010/11/13 22:13:12.0968 ================================================================================
2010/11/13 22:13:13.0562 Initialize success
2010/11/13 22:13:33.0687 ================================================================================
2010/11/13 22:13:33.0687 Scan started
2010/11/13 22:13:33.0687 Mode: Manual;
2010/11/13 22:13:33.0687 ================================================================================
2010/11/13 22:13:34.0625 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 22:13:34.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/13 22:13:35.0359 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 22:13:35.0625 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 22:13:36.0203 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/13 22:13:37.0968 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/13 22:13:39.0000 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/11/13 22:13:39.0484 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 22:13:40.0359 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 22:13:40.0593 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 22:13:41.0046 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 22:13:41.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 22:13:41.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 22:13:41.0875 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/13 22:13:42.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 22:13:42.0578 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/13 22:13:43.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 22:13:43.0375 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 22:13:43.0625 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 22:13:45.0000 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2010/11/13 22:13:45.0281 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 22:13:45.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 22:13:46.0343 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 22:13:46.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 22:13:46.0890 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 22:13:47.0343 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 22:13:47.0531 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/13 22:13:47.0843 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
2010/11/13 22:13:47.0984 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/13 22:13:48.0937 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 22:13:49.0984 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2010/11/13 22:13:50.0593 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/13 22:13:50.0828 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2010/11/13 22:13:51.0078 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 22:13:51.0296 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/13 22:13:51.0609 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/13 22:13:51.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 22:13:52.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 22:13:52.0375 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/11/13 22:13:52.0703 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/13 22:13:53.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 22:13:53.0296 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 22:13:54.0078 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 22:13:54.0718 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 22:13:54.0968 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
2010/11/13 22:13:55.0296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 22:13:55.0765 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/13 22:13:56.0203 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/13 22:13:56.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 22:13:56.0671 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 22:13:56.0953 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 22:13:57.0203 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 22:13:57.0421 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 22:13:57.0656 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 22:13:57.0906 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 22:13:58.0171 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 22:13:58.0437 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 22:13:58.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 22:13:59.0156 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 22:13:59.0359 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 22:13:59.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 22:13:59.0937 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 22:14:00.0171 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/11/13 22:14:00.0671 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 22:14:01.0140 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 22:14:01.0578 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 22:14:01.0953 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 22:14:02.0218 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 22:14:02.0437 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 22:14:02.0750 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 22:14:03.0046 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 22:14:03.0375 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 22:14:03.0734 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 22:14:04.0109 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVENG.SYS
2010/11/13 22:14:04.0750 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVEX15.SYS
2010/11/13 22:14:05.0296 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 22:14:05.0625 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 22:14:05.0906 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 22:14:06.0156 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 22:14:06.0656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 22:14:06.0890 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 22:14:07.0109 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 22:14:07.0375 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 22:14:07.0687 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 22:14:07.0921 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 22:14:08.0296 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 22:14:08.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 22:14:08.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 22:14:09.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 22:14:09.0656 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 22:14:10.0046 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
2010/11/13 22:14:10.0296 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 22:14:10.0609 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 22:14:10.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 22:14:11.0078 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
2010/11/13 22:14:11.0312 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 22:14:11.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 22:14:12.0000 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 22:14:13.0546 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 22:14:13.0765 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/13 22:14:14.0031 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2010/11/13 22:14:14.0265 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 22:14:14.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 22:14:14.0734 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 22:14:15.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 22:14:16.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 22:14:16.0421 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 22:14:16.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 22:14:16.0906 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 22:14:17.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 22:14:17.0453 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 22:14:17.0718 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 22:14:17.0968 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/13 22:14:18.0218 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
2010/11/13 22:14:18.0468 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 22:14:18.0718 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/13 22:14:18.0937 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/13 22:14:19.0265 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 22:14:20.0421 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/11/13 22:14:20.0640 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/11/13 22:14:20.0921 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/11/13 22:14:21.0171 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 22:14:21.0640 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 22:14:21.0890 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 22:14:22.0296 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSP.SYS
2010/11/13 22:14:22.0531 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
2010/11/13 22:14:22.0875 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 22:14:23.0171 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 22:14:23.0406 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 22:14:23.0640 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 22:14:24.0359 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
2010/11/13 22:14:25.0015 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
2010/11/13 22:14:25.0546 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/13 22:14:25.0812 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
2010/11/13 22:14:26.0171 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
2010/11/13 22:14:26.0828 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 22:14:27.0187 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 22:14:27.0468 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 22:14:27.0703 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 22:14:27.0921 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 22:14:28.0375 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 22:14:28.0921 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 22:14:29.0218 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/13 22:14:29.0484 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/13 22:14:29.0750 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 22:14:29.0984 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 22:14:30.0234 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 22:14:30.0468 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/13 22:14:30.0703 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/13 22:14:30.0921 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/13 22:14:31.0156 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 22:14:31.0390 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 22:14:31.0640 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 22:14:31.0875 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 22:14:32.0140 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 22:14:32.0375 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 22:14:32.0828 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 22:14:33.0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/13 22:14:33.0562 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 22:14:33.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 22:14:34.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 22:14:34.0171 ================================================================================
2010/11/13 22:14:34.0171 Scan finished
2010/11/13 22:14:34.0171 ================================================================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBA8B8000 ohci1394.sys
0xBA8C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8D8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA731000 atapi.sys
0xBA70E000 fasttx2k.sys
0xBA6F6000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6D7000 fltMgr.sys
0xBA680000 SYMDS.SYS
0xBA66E000 sr.sys
0xBA5C5000 SYMEFA.SYS
0xBAB38000 PxHelp20.sys
0xBA5AE000 KSecDD.sys
0xBA521000 Ntfs.sys
0xBA4F4000 NDIS.sys
0xBA4D9000 Mup.sys
0xBA918000 gagp30kx.sys
0xBA958000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB99AE000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB993D000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xB9929000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB999E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB998E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB997E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9906000 \SystemRoot\system32\DRIVERS\ks.sys
0xBAD88000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xB96D0000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB96AC000 \SystemRoot\system32\drivers\portcls.sys
0xBAA78000 \SystemRoot\system32\drivers\drmk.sys
0xBACA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9689000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBACB0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBAB68000 \SystemRoot\system32\DRIVERS\sisnic.sys
0xB9553000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBAB70000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA978000 \SystemRoot\system32\DRIVERS\serial.sys
0xBAD84000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB953F000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA9F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBAB78000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBAB80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAFC5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAA08000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBAD90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9528000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAA18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAA28000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAB88000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9517000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAA38000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAB90000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAB98000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBAA48000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBABA0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBAE4C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB94BB000 \SystemRoot\system32\DRIVERS\update.sys
0xBA4B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAAF8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAF0CA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBAE10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAF8B000 \SystemRoot\System32\Drivers\Null.SYS
0xBADF4000 \SystemRoot\System32\Drivers\Beep.SYS
0xAF16F000 \SystemRoot\System32\drivers\vga.sys
0xBAE16000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAED83000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAED7B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB93A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD977000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD91F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAD878000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS
0xAD811000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xAD7F0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9310000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB92F0000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAD798000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys
0xAD770000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD74E000 \SystemRoot\System32\drivers\afd.sys
0xBAA68000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD72B000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
0xBAA98000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
0xBA499000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD700000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD691000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBAAB8000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD633000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAD616000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xAD56A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
0xAF2A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBAB18000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBABF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBAC00000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBAC68000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAF2A2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD547000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAF05A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD52F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBAE20000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9390000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC58000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xAEE02000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\SiSGRV.dll
0xAD4B7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD3A2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAD2FB000 \SystemRoot\system32\DRIVERS\srv.sys
0xACF5A000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
0xACE0C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVEX15.SYS
0xACDF8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVENG.SYS
0xACC7B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9300000 \SystemRoot\system32\drivers\sysaudio.sys
0xAC91B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC7F1000 \SystemRoot\system32\drivers\klmd.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
484 C:\WINDOWS\system32\smss.exe
568 csrss.exe
592 C:\WINDOWS\system32\winlogon.exe
636 C:\WINDOWS\system32\services.exe
648 C:\WINDOWS\system32\lsass.exe
800 C:\WINDOWS\system32\svchost.exe
856 svchost.exe
924 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1108 svchost.exe
1252 C:\WINDOWS\system32\spoolsv.exe
1332 svchost.exe
1388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1412 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
1580 C:\WINDOWS\system32\svchost.exe
492 alg.exe
764 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
1280 C:\WINDOWS\explorer.exe
672 C:\WINDOWS\system32\wscntfy.exe
1168 C:\WINDOWS\system32\ctfmon.exe
2264 C:\WINDOWS\system32\taskmgr.exe
2392 C:\Program Files\Mozilla Firefox\firefox.exe
3048 C:\Program Files\Mozilla Firefox\plugin-container.exe
3660 C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
2212 C:\WINDOWS\system32\notepad.exe
2780 C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`7fe80000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.02

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972

Done!

crunchie · Nov 13, 2010

Logs look ok.

Just to be sure, can you do an on-line virus scan and post the results.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.

You will need to temporarily Disable your current Anti-virus program.

Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.

When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner
• Panda Active Scan
• Trend Micro HouseCall
• F-Secure Online Virus Scanner

TechSpot

[Active] Boot.tideserv on Home PC

JAllman Newcomer, in training

crunchie Malware Helper

JAllman Newcomer, in training

crunchie Malware Helper

JAllman Newcomer, in training

crunchie Malware Helper