[Closed] I am attempting to remove Backdoor.Tidserv!inf virus

Status
Not open for further replies.
M

maw8908

Posts: 9   +0
I have never joined a forum, but this one seems like a lot of help so I joined to get help. I read the bit about not following others direction so i started this one. I am trying to fix a computer where i work. I have bought Norton for it and that cleared up a lot of the problems, but it always says i need to get rid of the Backdoor.Tidserv!inf virus. Well i am not the best at this, but i am making an attempt at this.

Multiple thing i still haven't figured out.

1. the computer will not shutdown. i just get the logonui.exe program fails and then it keeps coming up and you basically have to shut it down by holding down the button to make that stop. I don't have this problem in safe mode though.

2. Did steps one and two from the top of the thread, but got to the gmer program and it just wouldnt even start or open. so i went into safe mode and ran it and it seems to have run a really fast scan, then i have three things under type and i don't see anywhere to hit save.

3. Internet explorer redirects.

4. I constantly have to have in the windows xp pro with service pack three cd to keep windows file protection message away.

I am decent at understanding computers, but this is not what i deal with a lot, especially since i personally have a mac. So please help, please and thank you!
 
Welcome to TechSpot! I'll help with the malware and you are off to a good start! Instructions you see on other threads are meant for the user/system only. Although we may run the same programs, when or if we run them and how we handle the results are meant for the original user.

You did just right for GMER. Trying to use it in Safe Mode would have been one of my suggestions. The additional scans should be run in Normal Mode and if you have any problem, let me know. I'll review the logs when you get them out.
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
FYI: Norton sometimes gives an alert like this:
original

or this:
original

(Images courtesy Norton Forum)

In both of these alerts, it shows No Action Required. It shows the attempt was blocked. Also, checking Stop Notifying Me will prevent them.
 
DDS Logs

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jeanette at 9:24:50 on 2011-07-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.152 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Iomega\REV System Software\RevUDF.exe
C:\Program Files\Iomega\REV System Software\ImIconXp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&partner=sbc&.src=ym
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Iomega ImIconXP] c:\program files\iomega\rev system software\imiconxp.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306353615906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3C6206DD-22DE-4722-8448-9983C385980A} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [2007-1-5 30968]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-7-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-7-25 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-7-25 136312]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-7-25 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110728.031\IDSXpx86.sys [2011-7-28 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110728.051\NAVENG.SYS [2011-7-29 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110728.051\NAVEX15.SYS [2011-7-29 1542392]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-27 366640]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi11.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI11.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
.
=============== Created Last 30 ================
.
2011-07-28 01:01:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 01:01:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 15:57:56 -------- d-----w- c:\documents and settings\jeanette\local settings\application data\Symantec
2011-07-26 21:32:52 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-07-26 21:32:52 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-26 19:41:28 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2011-07-26 11:55:47 -------- d-----w- c:\documents and settings\jeanette\local settings\application data\Google
2011-07-26 11:51:50 -------- d-----w- c:\documents and settings\jeanette\local settings\application data\NPE
2011-07-25 22:45:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-25 22:45:57 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-25 22:45:56 -------- d-----w- c:\program files\Symantec
2011-07-25 22:45:34 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-07-25 22:45:34 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-07-25 22:45:33 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-07-25 22:45:32 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-07-25 22:45:32 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-07-25 22:45:32 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-07-25 22:45:31 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-07-25 22:45:30 136312 ----a-r- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-07-25 22:40:29 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-07-25 22:37:59 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-25 22:37:46 -------- d-----w- c:\program files\Norton Internet Security
2011-07-25 21:39:31 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 20:56:48 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-25 20:00:50 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-07-25 19:14:00 -------- d-----w- c:\program files\NortonInstaller
2011-07-25 19:14:00 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-07-11 13:06:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 9:27:27.73 ===============



.txt LOG


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2010 11:25:03 AM
System Uptime: 7/29/2011 9:18:53 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 19.139 GiB free.
D: is CDROM (CDFS)
X: is FIXED (NTFS) - 298 GiB total, 245.058 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fortinet Packet Filter Miniport
Device ID: ROOT\FT_FORTIDRVMP\0000
Manufacturer: Fortinet
Name: Fortinet Packet Filter Miniport
PNP Device ID: ROOT\FT_FORTIDRVMP\0000
Service: Fortidrv2
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fortinet Packet Filter Miniport
Device ID: ROOT\FT_FORTIDRVMP\0001
Manufacturer: Fortinet
Name: WAN Miniport (IP) - Fortinet Packet Filter Miniport
PNP Device ID: ROOT\FT_FORTIDRVMP\0001
Service: Fortidrv2
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fortinet Packet Filter Miniport
Device ID: ROOT\FT_FORTIDRVMP\0002
Manufacturer: Fortinet
Name: Intel(R) PRO/100 VE Network Connection - Fortinet Packet Filter Miniport
PNP Device ID: ROOT\FT_FORTIDRVMP\0002
Service: Fortidrv2
.
==== System Restore Points ===================
.
RP483: 5/25/2011 2:29:43 PM - Restore Operation
RP484: 5/25/2011 4:58:09 PM - System Checkpoint
RP485: 5/26/2011 3:00:34 AM - Software Distribution Service 3.0
RP486: 5/27/2011 3:00:31 AM - Software Distribution Service 3.0
RP487: 5/28/2011 3:00:29 AM - Software Distribution Service 3.0
RP488: 5/29/2011 3:01:05 AM - Software Distribution Service 3.0
RP489: 5/30/2011 3:00:26 AM - Software Distribution Service 3.0
RP490: 5/31/2011 3:01:10 AM - Software Distribution Service 3.0
RP491: 5/31/2011 7:29:57 AM - Software Distribution Service 3.0
RP492: 6/1/2011 3:01:28 AM - Software Distribution Service 3.0
RP493: 6/1/2011 2:10:09 PM - Software Distribution Service 3.0
RP494: 6/1/2011 3:42:47 PM - Software Distribution Service 3.0
RP495: 6/2/2011 3:00:46 AM - Software Distribution Service 3.0
RP496: 6/3/2011 3:00:38 AM - Software Distribution Service 3.0
RP497: 6/4/2011 3:01:36 AM - Software Distribution Service 3.0
RP498: 6/5/2011 3:00:26 AM - Software Distribution Service 3.0
RP499: 6/6/2011 3:00:26 AM - Software Distribution Service 3.0
RP500: 6/7/2011 3:00:28 AM - Software Distribution Service 3.0
RP501: 6/8/2011 3:00:40 AM - Software Distribution Service 3.0
RP502: 6/9/2011 3:01:15 AM - Software Distribution Service 3.0
RP503: 6/10/2011 3:00:28 AM - Software Distribution Service 3.0
RP504: 6/11/2011 3:00:39 AM - Software Distribution Service 3.0
RP505: 6/12/2011 3:01:36 AM - Software Distribution Service 3.0
RP506: 6/13/2011 3:00:52 AM - Software Distribution Service 3.0
RP507: 6/14/2011 3:00:44 AM - Software Distribution Service 3.0
RP508: 6/15/2011 3:01:00 AM - Software Distribution Service 3.0
RP509: 6/16/2011 4:01:34 AM - System Checkpoint
RP510: 6/17/2011 3:00:40 AM - Software Distribution Service 3.0
RP511: 6/18/2011 3:01:00 AM - Software Distribution Service 3.0
RP512: 6/19/2011 3:00:28 AM - Software Distribution Service 3.0
RP513: 6/20/2011 3:01:01 AM - Software Distribution Service 3.0
RP514: 6/21/2011 3:00:29 AM - Software Distribution Service 3.0
RP515: 6/22/2011 3:01:02 AM - Software Distribution Service 3.0
RP516: 6/23/2011 3:01:15 AM - Software Distribution Service 3.0
RP517: 6/24/2011 3:01:09 AM - Software Distribution Service 3.0
RP518: 6/25/2011 3:00:29 AM - Software Distribution Service 3.0
RP519: 6/26/2011 3:00:59 AM - Software Distribution Service 3.0
RP520: 6/27/2011 6:33:10 AM - Software Distribution Service 3.0
RP521: 6/28/2011 3:00:34 AM - Software Distribution Service 3.0
RP522: 6/29/2011 3:00:37 AM - Software Distribution Service 3.0
RP523: 6/30/2011 3:01:57 AM - Software Distribution Service 3.0
RP524: 7/1/2011 3:01:28 AM - Software Distribution Service 3.0
RP525: 7/5/2011 6:40:09 AM - Software Distribution Service 3.0
RP526: 7/6/2011 3:00:35 AM - Software Distribution Service 3.0
RP527: 7/7/2011 3:00:39 AM - Software Distribution Service 3.0
RP528: 7/8/2011 3:00:38 AM - Software Distribution Service 3.0
RP529: 7/9/2011 3:00:41 AM - Software Distribution Service 3.0
RP530: 7/10/2011 3:00:33 AM - Software Distribution Service 3.0
RP531: 7/11/2011 3:00:27 AM - Software Distribution Service 3.0
RP532: 7/12/2011 3:00:47 AM - Software Distribution Service 3.0
RP533: 7/13/2011 3:02:39 AM - Software Distribution Service 3.0
RP534: 7/14/2011 3:00:28 AM - Software Distribution Service 3.0
RP535: 7/15/2011 3:01:31 AM - Software Distribution Service 3.0
RP536: 7/16/2011 3:01:14 AM - Software Distribution Service 3.0
RP537: 7/17/2011 3:00:27 AM - Software Distribution Service 3.0
RP538: 7/18/2011 3:00:56 AM - Software Distribution Service 3.0
RP539: 7/18/2011 8:13:15 AM - Software Distribution Service 3.0
RP540: 7/19/2011 3:02:25 AM - Software Distribution Service 3.0
RP541: 7/20/2011 3:01:23 AM - Software Distribution Service 3.0
RP542: 7/21/2011 3:02:44 AM - Software Distribution Service 3.0
RP543: 7/22/2011 3:00:28 AM - Software Distribution Service 3.0
RP544: 7/23/2011 3:45:54 AM - System Checkpoint
RP545: 7/24/2011 4:45:52 AM - System Checkpoint
RP546: 7/25/2011 5:45:52 AM - System Checkpoint
RP547: 7/25/2011 4:37:32 PM - Removed FortiClient Endpoint Security
RP548: 7/26/2011 6:06:56 PM - System Checkpoint
RP549: 7/27/2011 7:53:01 PM - Installed Java(TM) 6 Update 26
RP550: 7/28/2011 8:20:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
Active Disk
Adobe Flash Player 10 ActiveX
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Iomega REV System Software
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Maxtor Manager
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
TFP for 2009
TFP for 2010
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
7/29/2011 9:24:19 AM, information: Windows File Protection [64004] - The protected system file volsnap.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ].
7/29/2011 8:59:48 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
7/29/2011 8:59:48 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:07:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/27/2011 4:06:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
7/27/2011 4:06:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:06:35 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:06:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:06:35 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:05:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/27/2011 4:05:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/27/2011 4:05:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/26/2011 4:24:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMR200
7/26/2011 10:43:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/25/2011 9:04:59 PM, error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/22/2011 6:12:03 AM, error: System Error [1003] - Error code 10000050, parameter1 fdda2000, parameter2 00000000, parameter3 804f3ccb, parameter4 00000000.
7/22/2011 3:53:39 PM, error: NetBT [4321] - The name "SPROTTLONG :1d" could not be registered on the Interface with IP address 192.168.1.9. The machine with the IP address 192.168.1.5 did not allow the name to be claimed by this machine.
7/22/2011 12:26:19 PM, error: System Error [1003] - Error code 10000050, parameter1 fc373000, parameter2 00000000, parameter3 804f3ccb, parameter4 00000000.
7/22/2011 12:22:26 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2011 12:22:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
.
==== End Of File ===========================
 
gmer log and malware bytes

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-29 09:06:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340810A rev.3.99
Running: 50vvg5z5.exe; Driver: C:\DOCUME~1\jeanette\LOCALS~1\Temp\uglcrkog.sys


---- Devices - GMER 1.0.15 ----

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 82F00E7A
Thread System [4:132] 82F03008

---- EOF - GMER 1.0.15 ----



Malware bytes seems to have been wiped from my computer, do i need to try to reinstall it or just forget it. I did run a scan with it yesterday, and it said nothing found it took about an hour to scan.
 
Found the Malware bytes log Here it is

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/27/2011 8:58:42 PM
mbam-log-2011-07-27 (20-58-42).txt

Scan type: Quick scan
Objects scanned: 171283
Time elapsed: 52 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I believe that is all the logs neede

If there are any more info needed then let me know. I have to leave the office, but i might be able to get here over the weekend. Thank you for your help so far.
 
Okay, I'd like you to run this first: Both scans in Normal Mode
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Please past log into next reply.
  • A reboot is required after disinfection.
=================================================
Then Combofix: Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================
Hopefully Combofix will replace the volsnap.sys file.

I'm not real sure about all the Iomega processes- whether you're storing out to loading in.There aren't many installed programs showing.
 
Not much on the comp

The person who normally uses the comp only uses three programs, one is an accounting program that is from like the 90's and it runs like old software did where it doesn't really install itself on the comp. I want to get rid of the iomega stuff because we don't use it to back up all the word files she has. I just set up maxtor and an external hard drive. The third program she uses daily is internet explorer, but i cant even seem to get it to work where i can update her comp. It always says updates loaded then would halfway run them and install, then say failed and close so her comp is in bad need of updates. The computer is the main computer for the business, there just isnt a lot of tech needed in the office, so it is really important I get it running smooth. Is what i am going to do fix the not shutting down and restarting issue?
 
The computer is the main computer for the business, there just isnt a lot of tech needed in the office, so it is really important I get it running smooth. Is what i am going to do fix the not shutting down and restarting issue?
Click to expand...

With all due respects: you are getting free help on an internet forum staffed by volunteers. We do what we think is the best for the problems at hand. I'm not putting out instructions because I like to type. No guarantees are ever made.You are asking for help for someone's else's computer who uses it for a business- feel free to have a tech fix the system- if it's fixable- and the office can take up a collection to pay for it.

4. I constantly have to have in the windows xp pro with service pack three cd to keep windows file protection message away.
Click to expand...

Has it occurred to you that if this continues to display, "Windows File Protection: Files that are required for windows to run properly have been replaced by unknown versions" that the system has somehow been altered?

Windows File Protection (WFP) prevents programs from replacing critical Windows system files. Programs must not overwrite these files because they are used by the operating system and by other programs. Protecting these files prevents problems with programs and the operating system.

WFP protects critical system files that are installed as part of Windows (for example, files with a .dll, .exe, .ocx, and .sys extension and some True Type fonts). WFP uses the file signatures and catalog files that are generated by code signing to verify if protected system files are the correct Microsoft versions. Replacement of protected system files is supported only through the following mechanisms:

* Windows Service Pack installation using Update.exe
* Hotfixes installed using Hotfix.exe or Update.exe
* Operating system upgrades using Winnt32.exe
* Windows Update

If a program uses a different method to replace protected files, WFP restores the original files. The Windows Installer adheres to WFP when installing critical system files and calls WFP with a request to install or replace the protected file instead of trying to install or replace a protected file itself.
Click to expand...
http://support.microsoft.com/kb/222193
 
Log for tdsskiller

2011/08/01 10:12:01.0828 1720 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 10:12:02.0921 1720 ================================================================================
2011/08/01 10:12:02.0921 1720 SystemInfo:
2011/08/01 10:12:02.0921 1720
2011/08/01 10:12:02.0921 1720 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/01 10:12:02.0921 1720 Product type: Workstation
2011/08/01 10:12:02.0921 1720 ComputerName: JEANETTE-PC
2011/08/01 10:12:02.0921 1720 UserName: jeanette
2011/08/01 10:12:02.0921 1720 Windows directory: C:\WINDOWS
2011/08/01 10:12:02.0921 1720 System windows directory: C:\WINDOWS
2011/08/01 10:12:02.0921 1720 Processor architecture: Intel x86
2011/08/01 10:12:02.0921 1720 Number of processors: 1
2011/08/01 10:12:02.0921 1720 Page size: 0x1000
2011/08/01 10:12:02.0921 1720 Boot type: Normal boot
2011/08/01 10:12:02.0921 1720 ================================================================================
2011/08/01 10:12:19.0343 1720 Initialize success
2011/08/01 10:12:22.0765 2420 ================================================================================
2011/08/01 10:12:22.0765 2420 Scan started
2011/08/01 10:12:22.0765 2420 Mode: Manual;
2011/08/01 10:12:22.0765 2420 ================================================================================
2011/08/01 10:12:28.0328 2420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/01 10:12:29.0593 2420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/01 10:12:32.0875 2420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/01 10:12:34.0687 2420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/01 10:12:39.0250 2420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/01 10:12:39.0843 2420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/01 10:12:40.0828 2420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/01 10:12:41.0312 2420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/01 10:12:42.0187 2420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/01 10:12:42.0687 2420 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/08/01 10:12:43.0171 2420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/01 10:12:44.0359 2420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/01 10:12:45.0109 2420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/01 10:12:45.0578 2420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/01 10:12:47.0578 2420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/01 10:12:48.0234 2420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/01 10:12:48.0968 2420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/01 10:12:49.0406 2420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/01 10:12:49.0875 2420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/01 10:12:50.0421 2420 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/01 10:12:50.0937 2420 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/01 10:12:51.0593 2420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/01 10:12:52.0046 2420 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/01 10:12:52.0390 2420 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/01 10:12:52.0625 2420 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/01 10:12:53.0125 2420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/01 10:12:53.0593 2420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/01 10:12:54.0000 2420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/01 10:12:54.0390 2420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/01 10:12:54.0890 2420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/01 10:12:55.0343 2420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/01 10:12:55.0828 2420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/01 10:12:56.0265 2420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/01 10:12:56.0687 2420 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/01 10:12:57.0515 2420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/01 10:12:58.0656 2420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/01 10:12:59.0484 2420 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/01 10:13:00.0453 2420 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110729.030\IDSxpx86.sys
2011/08/01 10:13:00.0921 2420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/01 10:13:01.0343 2420 imdrvfsf (aec3108ef22cb12b8e35e4f84531be67) C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys
2011/08/01 10:13:02.0468 2420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/01 10:13:03.0000 2420 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
2011/08/01 10:13:03.0765 2420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/01 10:13:04.0453 2420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/01 10:13:04.0968 2420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/01 10:13:05.0546 2420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/01 10:13:06.0109 2420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/01 10:13:06.0625 2420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/01 10:13:07.0140 2420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/01 10:13:07.0593 2420 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/01 10:13:08.0359 2420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/01 10:13:09.0296 2420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/01 10:13:10.0750 2420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/01 10:13:11.0218 2420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/01 10:13:11.0703 2420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/01 10:13:12.0125 2420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/01 10:13:12.0593 2420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/01 10:13:13.0328 2420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/01 10:13:13.0968 2420 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/01 10:13:14.0687 2420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/01 10:13:15.0359 2420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/01 10:13:15.0781 2420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/01 10:13:16.0312 2420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/01 10:13:16.0718 2420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/01 10:13:17.0203 2420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/01 10:13:17.0718 2420 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/08/01 10:13:18.0000 2420 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110731.003\NAVENG.SYS
2011/08/01 10:13:18.0765 2420 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110731.003\NAVEX15.SYS
2011/08/01 10:13:19.0296 2420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/01 10:13:19.0812 2420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/01 10:13:20.0203 2420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/01 10:13:20.0640 2420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/01 10:13:21.0062 2420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/01 10:13:21.0515 2420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/01 10:13:21.0984 2420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/01 10:13:22.0500 2420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/01 10:13:23.0578 2420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/01 10:13:24.0828 2420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/01 10:13:25.0671 2420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/01 10:13:26.0828 2420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/01 10:13:27.0437 2420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/01 10:13:28.0171 2420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/01 10:13:29.0390 2420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/01 10:13:30.0406 2420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/01 10:13:31.0890 2420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/01 10:13:33.0015 2420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/01 10:13:37.0343 2420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/01 10:13:38.0390 2420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/01 10:13:39.0156 2420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/01 10:13:44.0703 2420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/01 10:13:45.0328 2420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/01 10:13:46.0000 2420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/01 10:13:46.0890 2420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/01 10:13:47.0765 2420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/01 10:13:48.0328 2420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/01 10:13:49.0578 2420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/01 10:13:50.0718 2420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/01 10:13:51.0468 2420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/01 10:13:52.0546 2420 revfs (71644c853d27de5ffd032a7478e9157e) C:\WINDOWS\system32\drivers\revfs.sys
2011/08/01 10:13:53.0218 2420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/01 10:13:53.0984 2420 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/01 10:13:54.0671 2420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/01 10:13:55.0078 2420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/01 10:13:55.0500 2420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/01 10:13:56.0296 2420 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/01 10:13:57.0125 2420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/01 10:13:57.0562 2420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/01 10:13:58.0156 2420 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS
2011/08/01 10:13:59.0156 2420 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/08/01 10:13:59.0718 2420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/01 10:14:00.0296 2420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/01 10:14:00.0718 2420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/01 10:14:01.0828 2420 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/08/01 10:14:02.0609 2420 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/08/01 10:14:03.0328 2420 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/01 10:14:03.0859 2420 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/08/01 10:14:04.0468 2420 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS
2011/08/01 10:14:05.0625 2420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/01 10:14:06.0187 2420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/01 10:14:06.0734 2420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/01 10:14:07.0156 2420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/01 10:14:07.0859 2420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/01 10:14:08.0546 2420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/01 10:14:09.0437 2420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/01 10:14:10.0015 2420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/01 10:14:10.0500 2420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/01 10:14:10.0890 2420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/01 10:14:11.0375 2420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/01 10:14:11.0796 2420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/01 10:14:12.0187 2420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/01 10:14:12.0890 2420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/01 10:14:13.0312 2420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/01 10:14:14.0031 2420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/01 10:14:14.0250 2420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/01 10:14:14.0531 2420 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR2
2011/08/01 10:14:14.0578 2420 Boot (0x1200) (59142ff21de2806759588d7d518af29d) \Device\Harddisk0\DR0\Partition0
2011/08/01 10:14:14.0593 2420 Boot (0x1200) (e08f96b3546c1b3a6f980e54c9e46945) \Device\Harddisk1\DR2\Partition0
2011/08/01 10:14:14.0609 2420 ================================================================================
2011/08/01 10:14:14.0609 2420 Scan finished
2011/08/01 10:14:14.0609 2420 ================================================================================
2011/08/01 10:14:14.0625 2404 Detected object count: 0
2011/08/01 10:14:14.0625 2404 Actual detected object count: 0



Don't get me wrong asking that stuff. I know I am getting free help. We had some charge 800 to "fix" the computer 2 weeks ago, but obviously that didnt work. I appreciate all the help and it clearly is helping. Thanks so much.
 
combofix log

ComboFix 11-07-31.04 - jeanette 08/01/2011 10:29:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.165 [GMT -5:00]
Running from: c:\documents and settings\jeanette\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
X:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-07-28 01:01 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 01:01 . 2011-07-28 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 00:59 . 2011-07-28 00:59 -------- d-----w- c:\program files\Common Files\Java
2011-07-27 15:57 . 2011-07-27 15:57 -------- d-----w- c:\documents and settings\jeanette\Local Settings\Application Data\Symantec
2011-07-26 21:32 . 2008-04-14 05:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-07-26 21:32 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-26 19:41 . 2008-04-14 07:00 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2011-07-26 11:55 . 2011-07-26 23:02 -------- d-----w- c:\documents and settings\jeanette\Local Settings\Application Data\Google
2011-07-26 11:51 . 2011-07-28 00:14 -------- d-----w- c:\documents and settings\jeanette\Local Settings\Application Data\NPE
2011-07-25 22:45 . 2011-07-25 22:45 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-25 22:45 . 2011-07-25 22:45 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-25 22:45 . 2011-07-25 22:45 -------- d-----w- c:\program files\Symantec
2011-07-25 22:37 . 2011-07-25 22:46 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-25 22:37 . 2011-07-25 22:37 -------- d-----w- c:\program files\Norton Internet Security
2011-07-25 20:56 . 2011-07-25 22:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-25 20:00 . 2011-07-25 20:00 -------- d-----w- c:\program files\Windows Sidebar
2011-07-25 20:00 . 2011-07-28 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-07-25 19:14 . 2011-07-28 00:48 -------- d-----w- c:\program files\NortonInstaller
2011-07-11 13:06 . 2011-07-11 13:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 15:09 . 2008-04-14 07:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-02 14:02 . 2008-04-14 07:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 09:52 . 2010-08-09 21:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2010-08-09 21:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-05 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Iomega ImIconXP"="c:\program files\Iomega\REV System Software\imiconxp.exe" [2008-01-17 249856]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [1/5/2007 2:39 PM 30968]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [7/25/2011 5:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [7/25/2011 5:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [7/22/2011 7:27 PM 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [7/25/2011 5:45 PM 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [7/25/2011 5:44 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 1:35 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110729.030\IDSXpx86.sys [7/29/2011 7:15 PM 355256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/27/2011 8:01 PM 366640]
S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?]
S3 EraserUtilDrvI11;EraserUtilDrvI11;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21383459
*NewlyCreated* - 46708443
*Deregistered* - 21383459
*Deregistered* - 46708443
*Deregistered* - revfs
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&partner=sbc&.src=ym
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-21383459.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2011-08-01 11:30:43
ComboFix-quarantined-files.txt 2011-08-01 16:30
ComboFix2.txt 2011-05-25 19:53
.
Pre-Run: 20,485,566,464 bytes free
Post-Run: 20,635,779,072 bytes free
.
- - End Of File - - 920220E2FA7B6BE7A69991530F728184
 
A couple of thing are evident:
1. The presence of this deletion in Combofix> X:\Autorun.inf usually means that an infected flash drive was used. That would need to be disinfected:
You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
2. You told me this:
but it always says i need to get rid of the Backdoor.Tidserv!inf virus. Well i am not the best at this, but i am making an attempt at this.
Click to expand...
and I left 2 images asking if either was what was being seen re the TDServ. You did not reply to that. So far, I am not seeing any indication of that malware and the program you ran-TDSKiller shows nothing found.
3. You are trying to fix a rigged system. I am at a loss how someone is trying to work at accounting- for "business" with such a bad, outdated set up. I didn't even know they still made zip drives.

I am not surprised that whoever worked on it 2 weeks ago couldn't fix it. Norton wasn't installed until 7/25. There is nothing more I can do for you.

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
532
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
467
eriksnyman1
E
hdeveci
Sound comes 1 sec delayed in the beginnig
Replies
1
Views
119
Nelson28
N

Latest posts

Back