BleepingComputer.com: Tidserv Activity 2

Help

Site will not let me paste logs or upload them. What am i doing wrong

Merged posts. ~ OB

This post has been edited by Orange Blossom: 09 December 2011 - 05:06 PM

Please describe the problems you are having with the computer. I suspect the infection is blocking you from posting the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom

This post has been edited by Orange Blossom: 09 December 2011 - 05:05 PM

Norton is showing Tidserv Activity 2 prompt. Norton prescribed manual fix is not working. I have downloaded tdsskiller and combofix, but the applications are not able to run.

I followed the prep guide I was referred to and have copied the logs below.





GMER- Acces Denied. Would not allow me to check the first 8 check boxes. Services was the first option available to check or uncheck. Scanned anyway. GMER hasn't found any system modifications.

Defogger- Unable oto open/create file.

For whatever reason, whenever I cut and paste the dds log it will not allow me to post it as a reply.

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431560 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Norton is showing Tidserv Activity 2 prompt. Norton prescribed manual fix is not working. I downloaded tdsskiller and combofix before I found this forum, but the applications are not able to run.

I followed the prep guide I was referred to and have copied the logs below.


The site will not allow me to paste the DDS log in the reply. I have it saved to my desktop and in an e-mail if you would like it.

GMER- Acces Denied. Would not allow me to check the first 8 check boxes. Services was the first option available to check or uncheck. Scanned anyway. GMER hasn't found any system modifications.

I am running windows XP Home edition 5.1. I beleive it is a 32 bit system.

This post has been edited by revillini: 15 December 2011 - 06:06 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

Gringo,

When I try to run fixTDSS, I am prompted to Identify which program I would like to use to open the file. What should I select?

fixTDSS eventually ran, but now it will only restart in safe mode. I may be in way over my head.

try and run tdsskiller now


gringo

1:39:47.0359 0176 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:39:48.0953 0176 ============================================================
21:39:48.0953 0176 Current date / time: 2011/12/16 21:39:48.0953
21:39:48.0953 0176 SystemInfo:
21:39:48.0953 0176
21:39:48.0953 0176 OS Version: 5.1.2600 ServicePack: 3.0
21:39:48.0953 0176 Product type: Workstation
21:39:48.0953 0176 ComputerName: DDCTW7C1
21:39:48.0953 0176 UserName: Dani
21:39:48.0953 0176 Windows directory: C:\WINDOWS
21:39:48.0953 0176 System windows directory: C:\WINDOWS
21:39:48.0953 0176 Processor architecture: Intel x86
21:39:48.0953 0176 Number of processors: 2
21:39:48.0953 0176 Page size: 0x1000
21:39:48.0953 0176 Boot type: Normal boot
21:39:48.0953 0176 ============================================================
21:39:51.0156 0176 Initialize success
21:39:56.0703 0940 ============================================================
21:39:56.0703 0940 Scan started
21:39:56.0703 0940 Mode: Manual;
21:39:56.0703 0940 ============================================================
21:39:57.0312 0940 Abiosdsk - ok
21:39:57.0359 0940 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:39:57.0375 0940 abp480n5 - ok
21:39:57.0437 0940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:39:57.0437 0940 ACPI - ok
21:39:57.0468 0940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:39:57.0484 0940 ACPIEC - ok
21:39:57.0515 0940 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:39:57.0515 0940 adpu160m - ok
21:39:57.0562 0940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:39:57.0562 0940 aec - ok
21:39:57.0625 0940 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:39:57.0625 0940 AFD - ok
21:39:57.0671 0940 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:39:57.0687 0940 agp440 - ok
21:39:57.0750 0940 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:39:57.0750 0940 agpCPQ - ok
21:39:57.0843 0940 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:39:57.0859 0940 Aha154x - ok
21:39:57.0859 0940 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:39:57.0875 0940 aic78u2 - ok
21:39:57.0890 0940 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:39:57.0906 0940 aic78xx - ok
21:39:57.0921 0940 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:39:57.0921 0940 AliIde - ok
21:39:57.0953 0940 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:39:57.0953 0940 alim1541 - ok
21:39:57.0968 0940 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:39:57.0984 0940 amdagp - ok
21:39:58.0015 0940 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:39:58.0015 0940 AmdK8 - ok
21:39:58.0046 0940 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:39:58.0062 0940 amsint - ok
21:39:58.0078 0940 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:39:58.0078 0940 asc - ok
21:39:58.0093 0940 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:39:58.0109 0940 asc3350p - ok
21:39:58.0125 0940 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:39:58.0125 0940 asc3550 - ok
21:39:58.0187 0940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:39:58.0203 0940 AsyncMac - ok
21:39:58.0234 0940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:39:58.0234 0940 atapi - ok
21:39:58.0250 0940 Atdisk - ok
21:39:58.0281 0940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:39:58.0281 0940 Atmarpc - ok
21:39:58.0328 0940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:39:58.0328 0940 audstub - ok
21:39:58.0343 0940 BCM42RLY - ok
21:39:58.0359 0940 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:39:58.0359 0940 bcm4sbxp - ok
21:39:58.0375 0940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:39:58.0375 0940 Beep - ok
21:39:58.0656 0940 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
21:39:58.0671 0940 BHDrvx86 - ok
21:39:58.0703 0940 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:39:58.0718 0940 cbidf - ok
21:39:58.0734 0940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:39:58.0734 0940 cbidf2k - ok
21:39:58.0796 0940 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:39:58.0796 0940 CCDECODE - ok
21:39:58.0812 0940 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:39:58.0828 0940 cd20xrnt - ok
21:39:58.0859 0940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:39:58.0859 0940 Cdaudio - ok
21:39:58.0921 0940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:39:58.0921 0940 Cdfs - ok
21:39:58.0937 0940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:39:58.0937 0940 Cdrom - ok
21:39:58.0953 0940 Changer - ok
21:39:58.0984 0940 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:39:59.0000 0940 CmdIde - ok
21:39:59.0062 0940 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:39:59.0078 0940 Cpqarray - ok
21:39:59.0093 0940 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:39:59.0109 0940 dac2w2k - ok
21:39:59.0125 0940 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:39:59.0140 0940 dac960nt - ok
21:39:59.0187 0940 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
21:39:59.0203 0940 DCamUSBSQTECH - ok
21:39:59.0218 0940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:39:59.0218 0940 Disk - ok
21:39:59.0265 0940 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:39:59.0265 0940 DLABOIOM - ok
21:39:59.0281 0940 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:39:59.0281 0940 DLACDBHM - ok
21:39:59.0296 0940 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:39:59.0296 0940 DLADResN - ok
21:39:59.0296 0940 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:39:59.0312 0940 DLAIFS_M - ok
21:39:59.0312 0940 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:39:59.0312 0940 DLAOPIOM - ok
21:39:59.0328 0940 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:39:59.0328 0940 DLAPoolM - ok
21:39:59.0343 0940 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:39:59.0343 0940 DLARTL_N - ok
21:39:59.0359 0940 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:39:59.0359 0940 DLAUDFAM - ok
21:39:59.0359 0940 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:39:59.0375 0940 DLAUDF_M - ok
21:39:59.0421 0940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:39:59.0437 0940 dmboot - ok
21:39:59.0468 0940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:39:59.0484 0940 dmio - ok
21:39:59.0500 0940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:39:59.0500 0940 dmload - ok
21:39:59.0531 0940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:39:59.0531 0940 DMusic - ok
21:39:59.0578 0940 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:39:59.0578 0940 dpti2o - ok
21:39:59.0593 0940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:39:59.0593 0940 drmkaud - ok
21:39:59.0609 0940 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:39:59.0609 0940 DRVMCDB - ok
21:39:59.0609 0940 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:39:59.0625 0940 DRVNDDM - ok
21:39:59.0734 0940 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:39:59.0750 0940 DSproct - ok
21:39:59.0765 0940 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:39:59.0781 0940 E100B - ok
21:39:59.0906 0940 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:39:59.0921 0940 eeCtrl - ok
21:39:59.0953 0940 EntDrv51 (4fc527253a40486e39046e2b7b75a8ca) C:\WINDOWS\system32\drivers\EntDrv51.sys
21:39:59.0968 0940 EntDrv51 - ok
21:39:59.0984 0940 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:39:59.0984 0940 EraserUtilRebootDrv - ok
21:40:00.0031 0940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:40:00.0078 0940 Fastfat - ok
21:40:00.0125 0940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:40:00.0125 0940 Fdc - ok
21:40:00.0171 0940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:40:00.0171 0940 Fips - ok
21:40:00.0218 0940 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
21:40:00.0218 0940 FixTDSS - ok
21:40:00.0250 0940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:40:00.0250 0940 Flpydisk - ok
21:40:00.0312 0940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:40:00.0312 0940 FltMgr - ok
21:40:00.0328 0940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:40:00.0343 0940 Fs_Rec - ok
21:40:00.0343 0940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:40:00.0343 0940 Ftdisk - ok
21:40:00.0390 0940 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:40:00.0390 0940 GEARAspiWDM - ok
21:40:00.0453 0940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:40:00.0453 0940 Gpc - ok
21:40:00.0500 0940 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
21:40:00.0500 0940 GTNDIS5 - ok
21:40:00.0531 0940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:40:00.0531 0940 HDAudBus - ok
21:40:00.0562 0940 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:40:00.0578 0940 HidUsb - ok
21:40:00.0609 0940 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:40:00.0609 0940 hpn - ok
21:40:00.0656 0940 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:40:00.0671 0940 HPZid412 - ok
21:40:00.0718 0940 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:40:00.0734 0940 HPZipr12 - ok
21:40:00.0750 0940 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:40:00.0765 0940 HPZius12 - ok
21:40:00.0812 0940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:40:00.0828 0940 HTTP - ok
21:40:00.0843 0940 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:40:00.0843 0940 i2omgmt - ok
21:40:00.0875 0940 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:40:00.0890 0940 i2omp - ok
21:40:00.0890 0940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:40:00.0906 0940 i8042prt - ok
21:40:01.0171 0940 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSxpx86.sys
21:40:01.0187 0940 IDSxpx86 - ok
21:40:01.0218 0940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:01.0218 0940 Imapi - ok
21:40:01.0250 0940 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:40:01.0265 0940 ini910u - ok
21:40:01.0281 0940 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:40:01.0296 0940 IntelIde - ok
21:40:01.0312 0940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:01.0328 0940 intelppm - ok
21:40:01.0343 0940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:40:01.0343 0940 Ip6Fw - ok
21:40:01.0375 0940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:01.0375 0940 IpFilterDriver - ok
21:40:01.0406 0940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:01.0406 0940 IpInIp - ok
21:40:01.0453 0940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:01.0500 0940 IpNat - ok
21:40:01.0531 0940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:01.0531 0940 IPSec - ok
21:40:01.0562 0940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:01.0578 0940 IRENUM - ok
21:40:01.0625 0940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:01.0625 0940 isapnp - ok
21:40:01.0640 0940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:01.0640 0940 Kbdclass - ok
21:40:01.0671 0940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:01.0671 0940 kbdhid - ok
21:40:01.0687 0940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:40:01.0687 0940 kmixer - ok
21:40:01.0718 0940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:40:01.0734 0940 KSecDD - ok
21:40:01.0734 0940 lbrtfdc - ok
21:40:01.0765 0940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:40:01.0781 0940 mnmdd - ok
21:40:01.0812 0940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:40:01.0812 0940 Modem - ok
21:40:01.0828 0940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:40:01.0828 0940 Mouclass - ok
21:40:01.0890 0940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:40:01.0890 0940 mouhid - ok
21:40:01.0890 0940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:40:01.0890 0940 MountMgr - ok
21:40:01.0921 0940 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:40:01.0937 0940 mraid35x - ok
21:40:01.0968 0940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:40:01.0968 0940 MRxDAV - ok
21:40:02.0031 0940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:40:02.0031 0940 MRxSmb - ok
21:40:02.0078 0940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:40:02.0078 0940 Msfs - ok
21:40:02.0109 0940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:40:02.0125 0940 MSKSSRV - ok
21:40:02.0140 0940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:40:02.0140 0940 MSPCLOCK - ok
21:40:02.0156 0940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:40:02.0171 0940 MSPQM - ok
21:40:02.0203 0940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:40:02.0203 0940 mssmbios - ok
21:40:02.0250 0940 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:40:02.0250 0940 MSTEE - ok
21:40:02.0296 0940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:40:02.0296 0940 Mup - ok
21:40:02.0328 0940 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:40:02.0328 0940 NABTSFEC - ok
21:40:02.0390 0940 NaiAvFilter1 (88623f3fc726368a5996e319b89c693d) C:\WINDOWS\system32\drivers\naiavf5x.sys
21:40:02.0406 0940 NaiAvFilter1 - ok
21:40:02.0437 0940 NaiAvTdi1 (dc2440edac9a177f3057ca4db6c8069c) C:\WINDOWS\system32\drivers\mvstdi5x.sys
21:40:02.0437 0940 NaiAvTdi1 - ok
21:40:02.0843 0940 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111216.017\NAVENG.SYS
21:40:02.0843 0940 NAVENG - ok
21:40:03.0156 0940 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111216.017\NAVEX15.SYS
21:40:03.0234 0940 NAVEX15 - ok
21:40:03.0640 0940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:40:03.0640 0940 NDIS - ok
21:40:03.0687 0940 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:40:03.0687 0940 NdisIP - ok
21:40:03.0734 0940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:40:03.0734 0940 NdisTapi - ok
21:40:03.0765 0940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:40:03.0765 0940 Ndisuio - ok
21:40:03.0765 0940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:40:03.0781 0940 NdisWan - ok
21:40:03.0828 0940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:40:03.0828 0940 NDProxy - ok
21:40:03.0843 0940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:40:03.0843 0940 NetBIOS - ok
21:40:03.0859 0940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:40:03.0875 0940 NetBT - ok
21:40:03.0890 0940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:40:03.0890 0940 Npfs - ok
21:40:03.0921 0940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:40:03.0937 0940 Ntfs - ok
21:40:03.0953 0940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:40:03.0953 0940 Null - ok
21:40:04.0125 0940 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:40:04.0187 0940 nv - ok
21:40:04.0234 0940 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
21:40:04.0234 0940 nvatabus - ok
21:40:04.0250 0940 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
21:40:04.0265 0940 nvraid - ok
21:40:04.0296 0940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:04.0296 0940 NwlnkFlt - ok
21:40:04.0312 0940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:04.0328 0940 NwlnkFwd - ok
21:40:04.0375 0940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:40:04.0390 0940 Parport - ok
21:40:04.0421 0940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:40:04.0421 0940 PartMgr - ok
21:40:04.0453 0940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:40:04.0468 0940 ParVdm - ok
21:40:04.0468 0940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:40:04.0484 0940 PCI - ok
21:40:04.0484 0940 PCIDump - ok
21:40:04.0500 0940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:04.0500 0940 PCIIde - ok
21:40:04.0531 0940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:40:04.0531 0940 Pcmcia - ok
21:40:04.0546 0940 PDCOMP - ok
21:40:04.0546 0940 PDFRAME - ok
21:40:04.0562 0940 PDRELI - ok
21:40:04.0578 0940 PDRFRAME - ok
21:40:04.0593 0940 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:40:04.0609 0940 perc2 - ok
21:40:04.0625 0940 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:40:04.0640 0940 perc2hib - ok
21:40:04.0687 0940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:04.0703 0940 PptpMiniport - ok
21:40:04.0718 0940 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:40:04.0718 0940 Processor - ok
21:40:04.0734 0940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:40:04.0734 0940 PSched - ok
21:40:04.0750 0940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:04.0750 0940 Ptilink - ok
21:40:04.0781 0940 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:40:04.0781 0940 PxHelp20 - ok
21:40:04.0796 0940 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:40:04.0812 0940 ql1080 - ok
21:40:04.0828 0940 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:40:04.0843 0940 Ql10wnt - ok
21:40:04.0859 0940 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:40:04.0875 0940 ql12160 - ok
21:40:04.0875 0940 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:40:04.0890 0940 ql1240 - ok
21:40:04.0906 0940 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:40:04.0921 0940 ql1280 - ok
21:40:04.0953 0940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:04.0953 0940 RasAcd - ok
21:40:04.0968 0940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:04.0968 0940 Rasl2tp - ok
21:40:04.0984 0940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:04.0984 0940 RasPppoe - ok
21:40:05.0000 0940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:05.0000 0940 Raspti - ok
21:40:05.0015 0940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:05.0031 0940 Rdbss - ok
21:40:05.0031 0940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:05.0031 0940 RDPCDD - ok
21:40:05.0078 0940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:40:05.0093 0940 rdpdr - ok
21:40:05.0140 0940 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:40:05.0156 0940 RDPWD - ok
21:40:05.0187 0940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:05.0187 0940 redbook - ok
21:40:05.0265 0940 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
21:40:05.0265 0940 SDDMI2 - ok
21:40:05.0312 0940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:40:05.0312 0940 Secdrv - ok
21:40:05.0343 0940 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:40:05.0359 0940 serenum - ok
21:40:05.0390 0940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:40:05.0406 0940 Serial - ok
21:40:05.0421 0940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:40:05.0437 0940 Sfloppy - ok
21:40:05.0453 0940 Simbad - ok
21:40:05.0500 0940 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:40:05.0500 0940 sisagp - ok
21:40:05.0515 0940 slabbus - ok
21:40:05.0531 0940 slabser - ok
21:40:05.0562 0940 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:40:05.0578 0940 SLIP - ok
21:40:05.0593 0940 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:40:05.0609 0940 Sparrow - ok
21:40:05.0640 0940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:40:05.0640 0940 splitter - ok
21:40:05.0671 0940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:40:05.0671 0940 sr - ok
21:40:05.0750 0940 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
21:40:05.0765 0940 SRTSP - ok
21:40:05.0781 0940 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
21:40:05.0781 0940 SRTSPX - ok
21:40:05.0843 0940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:40:05.0843 0940 Srv - ok
21:40:05.0937 0940 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
21:40:05.0968 0940 STHDA - ok
21:40:06.0015 0940 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:40:06.0015 0940 streamip - ok
21:40:06.0046 0940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:40:06.0062 0940 swenum - ok
21:40:06.0078 0940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:40:06.0078 0940 swmidi - ok
21:40:06.0109 0940 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:40:06.0125 0940 symc810 - ok
21:40:06.0140 0940 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:40:06.0140 0940 symc8xx - ok
21:40:06.0203 0940 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
21:40:06.0218 0940 SymDS - ok
21:40:06.0250 0940 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
21:40:06.0265 0940 SymEFA - ok
21:40:06.0312 0940 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:40:06.0328 0940 SymEvent - ok
21:40:06.0343 0940 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
21:40:06.0343 0940 SymIRON - ok
21:40:06.0375 0940 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
21:40:06.0390 0940 SYMTDI - ok
21:40:06.0406 0940 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:40:06.0421 0940 sym_hi - ok
21:40:06.0437 0940 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:40:06.0437 0940 sym_u3 - ok
21:40:06.0484 0940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:40:06.0484 0940 sysaudio - ok
21:40:06.0562 0940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:40:06.0562 0940 Tcpip - ok
21:40:06.0609 0940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:40:06.0625 0940 TDPIPE - ok
21:40:06.0640 0940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:40:06.0656 0940 TDTCP - ok
21:40:06.0687 0940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:40:06.0687 0940 TermDD - ok
21:40:06.0734 0940 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:40:06.0734 0940 TosIde - ok
21:40:06.0765 0940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:40:06.0781 0940 Udfs - ok
21:40:06.0796 0940 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:40:06.0812 0940 ultra - ok
21:40:06.0875 0940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:40:06.0875 0940 Update - ok
21:40:06.0937 0940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:40:06.0953 0940 usbccgp - ok
21:40:06.0984 0940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:40:06.0984 0940 usbehci - ok
21:40:07.0000 0940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:40:07.0000 0940 usbhub - ok
21:40:07.0015 0940 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:40:07.0015 0940 usbohci - ok
21:40:07.0031 0940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:40:07.0031 0940 usbprint - ok
21:40:07.0062 0940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:40:07.0078 0940 usbscan - ok
21:40:07.0109 0940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:40:07.0109 0940 USBSTOR - ok
21:40:07.0125 0940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:40:07.0140 0940 usbuhci - ok
21:40:07.0156 0940 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
21:40:07.0171 0940 USB_RNDIS - ok
21:40:07.0171 0940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:40:07.0187 0940 VgaSave - ok
21:40:07.0203 0940 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:40:07.0218 0940 viaagp - ok
21:40:07.0234 0940 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:40:07.0234 0940 ViaIde - ok
21:40:07.0265 0940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:40:07.0281 0940 VolSnap - ok
21:40:07.0296 0940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:40:07.0296 0940 Wanarp - ok
21:40:07.0312 0940 wanatw - ok
21:40:07.0328 0940 WDICA - ok
21:40:07.0343 0940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:40:07.0343 0940 wdmaud - ok
21:40:07.0421 0940 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:40:07.0437 0940 WSTCODEC - ok
21:40:07.0468 0940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:40:07.0484 0940 WudfPf - ok
21:40:07.0531 0940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:40:07.0546 0940 WudfRd - ok
21:40:07.0562 0940 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:40:07.0578 0940 \Device\Harddisk0\DR0 - ok
21:40:07.0578 0940 Boot (0x1200) (e36b6442e55a045d4c9c332a8b3d6d23) \Device\Harddisk0\DR0\Partition0
21:40:07.0578 0940 \Device\Harddisk0\DR0\Partition0 - ok
21:40:07.0578 0940 ============================================================
21:40:07.0578 0940 Scan finished
21:40:07.0578 0940 ============================================================
21:40:07.0593 2780 Detected object count: 0
21:40:07.0593 2780 Actual detected object count: 0

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Computer is running much better. Dramatic improvement.


ComboFix 11-12-16.03 - Dani 12/16/2011 23:43:59.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.607 [GMT -7:00]
Running from: C:\Documents and Settings\Dani\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\WINDOWS\$NtUninstallKB54362$
C:\WINDOWS\$NtUninstallKB54362$\152707132
C:\WINDOWS\$NtUninstallKB54362$\3584426492\@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\bckfg.tmp
C:\WINDOWS\$NtUninstallKB54362$\3584426492\cfg.ini
C:\WINDOWS\$NtUninstallKB54362$\3584426492\Desktop.ini
C:\WINDOWS\$NtUninstallKB54362$\3584426492\keywords
C:\WINDOWS\$NtUninstallKB54362$\3584426492\kwrd.dll
C:\WINDOWS\$NtUninstallKB54362$\3584426492\L\odetmngk
C:\WINDOWS\$NtUninstallKB54362$\3584426492\lsflt7.ver
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\00000001.@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\00000002.@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\00000004.@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\80000000.@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\80000004.@
C:\WINDOWS\$NtUninstallKB54362$\3584426492\U\80000032.@
C:\WINDOWS\Downloaded Installations\BMP
C:\WINDOWS\Downloaded Installations\BMP\{61C062D5-7A00-44BC-BC16-125BDF22EA65}\1033.MST
C:\WINDOWS\Downloaded Installations\BMP\{61C062D5-7A00-44BC-BC16-125BDF22EA65}\BACS.msi
C:\WINDOWS\system32\A1D7EB923C.dll


((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))


2011-12-16 23:40:12 . 2011-12-16 23:51:55 -------- d-----w- C:\Documents and Settings\Administrator
2011-12-16 22:57:39 . 2011-12-16 22:57:39 -------- d-----w- C:\Documents and Settings\Dani\Application Data\FixTDSS
2011-12-16 22:57:34 . 2011-12-16 23:10:51 26872 ----a-w- C:\WINDOWS\system32\drivers\FixTDSS.sys
2011-12-07 20:49:25 . 2011-12-07 20:49:25 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2011-12-06 08:58:20 . 2011-11-21 10:47:38 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{850E7524-25CD-4D6E-8AD7-A3F2B6FB1CD9}\mpengine.dll
2011-12-04 14:34:07 . 2011-12-04 14:34:07 -------- d-----w- C:\Program Files\iPod
2011-12-04 14:33:41 . 2011-12-04 14:35:19 -------- d-----w- C:\Program Files\iTunes
2011-12-04 14:26:59 . 2011-12-04 14:26:59 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer
2011-12-04 14:25:50 . 2011-12-04 14:25:51 -------- d-----w- C:\Program Files\Bonjour
2011-11-21 15:37:59 . 2011-11-21 15:37:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2011-11-21 15:37:50 . 2011-11-29 17:56:36 -------- d-----w- C:\Program Files\McAfee Security Scan
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-17 04:05:10 . 2004-08-10 18:51:12 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-11-21 10:47:38 . 2006-12-31 20:11:24 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-03 17:48:36 . 2011-05-21 01:17:49 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29:02 . 2011-10-24 21:29:02 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 . 2011-10-24 21:29:02 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts
2011-10-10 14:22:41 . 2004-08-10 19:02:25 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-09-28 07:06:50 . 2004-08-10 18:50:55 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 18:41:20 . 2008-07-30 02:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 18:41:20 . 2004-08-10 18:51:19 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 18:41:14 . 2004-08-10 18:51:19 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-11-09 03:44:25 . 2011-05-08 21:36:30 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2010-09-11 14:29:42 . 2007-08-12 08:23:38 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-29 03:57:12 395776]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 02:13:04 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 17:55:32 206064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 14:39:00 7323648]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 09:12:00 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 09:00:20 282624]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 11:20:00 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50:42 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50:18 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-11 14:29:42 30192]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 10:55:00 131072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 04:55:00 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 04:55:02 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 22:18:56 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 22:41:44 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 04:55:02 491520]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 01:57:14 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 17:55:32 206064]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 04:58:34 47392]
"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 21:28:34 954368]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 15:00:00 94208]
"Seagate Dashboard"="C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-07-06 19:32:04 79112]
"KodakShareButtonApp"="C:\Program Files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 19:21:00 107008]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2011-06-27 05:41:29 273544]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 19:55:28 937920]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 14:22:28 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 07:24:58 421736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 21:28:52 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 02:29:28 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphver05.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FixTDSS;TDSS Fixtool driver;C:\WINDOWS\system32\drivers\FixTDSS.sys [12/16/2011 3:57:34 PM 26872]
R0 SymDS;Symantec Data Store;C:\WINDOWS\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 3:58:39 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 3:58:40 PM 744568]
R1 BHDrvx86;BHDrvx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 3:50:14 PM 819320]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [11/1/2010 5:37:45 PM 58464]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 3:58:38 PM 136312]
R2 NAV;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 3:57:58 PM 130008]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [7/6/2010 12:32:04 PM 14088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/7/2011 4:25:11 PM 106104]
R3 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSXpx86.sys [12/16/2011 9:26:58 PM 356280]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [4/2/2010 10:27:35 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [12/13/2006 11:05:02 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [4/2/2010 10:27:35 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49:20 AM 227232]

Contents of the 'Scheduled Tasks' folder

2011-12-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57:16 . 2011-06-02 00:57:16]

2011-12-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-03 05:27:35 . 2010-04-03 05:27:31]

2011-12-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-03 05:27:35 . 2010-04-03 05:27:31]

2011-12-16 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-08-06 03:58:16 . 2005-07-08 04:55:02]

2011-12-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20:06 . 2006-11-04 01:20:06]

2011-12-17 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3794800269-4273047125-2885643043-1007.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47:46 . 2011-03-29 17:47:46]

2011-12-17 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3794800269-4273047125-2885643043-1008.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47:46 . 2011-03-29 17:47:46]

2011-12-17 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3794800269-4273047125-2885643043-1007.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47:46 . 2011-03-29 17:47:46]

2011-12-13 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3794800269-4273047125-2885643043-1008.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47:46 . 2011-03-29 17:47:46]


------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - C:\Documents and Settings\Dani\Application Data\Mozilla\Firefox\Profiles\l80f9ess.default\

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
SafeBoot-58147492.sys
SafeBoot-WinDefend



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 00:14:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2008)
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
C:\WINDOWS\system32\DLAAPI_W.DLL
C:\WINDOWS\System32\DLA\DLACResW.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

------------------------ Other Running Processes ------------------------

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe

**************************************************************************

Completion time: 2011-12-17 00:27:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-17 07:27:00

Pre-Run: 98,483,314,688 bytes free
Post-Run: 104,210,632,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B0E8DE91CD3CDB66256574AD2EB33D59

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following


• report from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now after running the script?

Gringo

No problems completing the instructions you provided. Computer seems to be running much better.


ComboFix 11-12-16.03 - Dani 12/17/2011 7:16.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -7:00]
Running from: c:\documents and settings\Dani\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dani\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 12:25 . 2011-12-17 12:25 -------- d-----w- c:\windows\LastGood
2011-12-16 23:40 . 2011-12-16 23:51 -------- d-----w- c:\documents and settings\Administrator
2011-12-16 22:57 . 2011-12-16 22:57 -------- d-----w- c:\documents and settings\Dani\Application Data\FixTDSS
2011-12-16 22:57 . 2011-12-16 23:10 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-12-07 20:49 . 2011-12-07 20:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-06 08:58 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{850E7524-25CD-4D6E-8AD7-A3F2B6FB1CD9}\mpengine.dll
2011-12-04 14:34 . 2011-12-04 14:34 -------- d-----w- c:\program files\iPod
2011-12-04 14:33 . 2011-12-04 14:35 -------- d-----w- c:\program files\iTunes
2011-12-04 14:26 . 2011-12-04 14:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-12-04 14:25 . 2011-12-04 14:25 -------- d-----w- c:\program files\Bonjour
2011-11-21 15:37 . 2011-11-21 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-11-21 15:37 . 2011-11-29 17:56 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 04:05 . 2004-08-10 18:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-21 10:47 . 2006-12-31 20:11 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-03 17:48 . 2011-05-21 01:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 18:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 18:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 03:44 . 2011-05-08 21:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-11 14:29 . 2007-08-12 08:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-17_07.14.39 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-11 30192]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-07-06 79112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-27 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphver05.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [12/16/2011 3:57 PM 26872]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 3:58 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 3:58 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 3:50 PM 819320]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [11/1/2010 5:37 PM 58464]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 3:58 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 3:57 PM 130008]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [7/6/2010 12:32 PM 14088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/7/2011 4:25 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSXpx86.sys [12/16/2011 9:26 PM 356280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2010 10:27 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/13/2006 11:05 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2010 10:27 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 05:27]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 05:27]
.
2011-12-17 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-08-06 04:55]
.
2011-12-17 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 21:28]
.
2011-12-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2011-12-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3794800269-4273047125-2885643043-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-12-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3794800269-4273047125-2885643043-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3794800269-4273047125-2885643043-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-12-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3794800269-4273047125-2885643043-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Dani\Application Data\Mozilla\Firefox\Profiles\l80f9ess.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 08:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-17 08:11:59
ComboFix-quarantined-files.txt 2011-12-17 15:11
ComboFix2.txt 2011-12-17 07:27
.
Pre-Run: 104,116,588,544 bytes free
Post-Run: 104,198,606,848 bytes free
.
- - End Of File - - 20679E827A4EB214EBAEFD99B45237CB