Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Tidserv detected, cannot remove


  • This topic is locked This topic is locked
2 replies to this topic

#1 erpbridge

erpbridge

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 02 December 2011 - 11:39 AM

Environment:

Motherboard: Asus P8Z68-V Pro
HDD: Seagate 300GB
HDD: WD 250GB
OS: Windows 7-64

Notes:
Was running Windows7-64 on WD-250 until November 30 2011, with the Seagate 300 as data. Had a motherboard upgrade on November 30 2011 where system would no longer boot (due to not installing chipset drivers ahead of time), so swapped drives. Could not upgrade on WD-250 because was using MBR partitioning, Win7 install DVD on this motherboard requires GPT partitioning and would need drive wipe to do this. Switched to OS install on Seagate 300 and partitioned it as GPT. Now running relatively fresh Windows 7 install. C: is Seagate 300GB, D: is WD250GB (still running old MBR).

Earlier in week (Saturday Nov 26), had infection of System.Fix, which was cleaned (by myself) using MBAM. After this, had a Google redirect and window focus change issue, which was ultimately fixed by Windows 7 System Repair disc (Start, All Programs, Maintenance, System Repair disc) and running bootrec /fixmbr, then running TDSSkiller which detected and removed. Old OS install of McAfee did not detect anything.

Complimentary trial of Norton Internet Security on fresh OS detects Boot.Tidserv on drive 0x80, but can't remove. I have confirmed it exists on the Seagate 300GB drive through isolating this drive. I can't confirm that it exists or not on the WD250, my old OS drive.

TDSSkiller does not detect anything.
Norton's FixTDSS does not detect anything.
MBAM does not detect it.
Norton's NPE and NBRT do not detect it.

Have tried booting to System Repair Disk and running bootrec /fixmbr and bootrec /rebuildbcd, then booting to SafeMode and running all of above detection tools. No detection, but Norton Internet Security still detects it after running those.

For some reason, latest version of PuppyLinux on a USB drive is not detecting the hard drives (or network card), so can't get a good Gparted screenshot or any way to get that from PuppyLinux to the Internet. (And that's the extent of what I know about Linux.)

I have combofix and GMER standing by if you want a log. I am also working on transferring contents of the old OS (now data) drive to a backup, so if you want me to blow everything away, I can do so. Totally prepared to start from bare metal, but I know we'll do everything to prevent that.

(Is GMER still 32-bit only? Sticky indicates it is 32-bit Windows only.)

(I realize this goes beyond what you want from most users. I am a Windows IT server admin by trade, so I tried as many things as I could to track this bugger down. I have exhausted all I know and can find, so this is my call for help.)

Steve

----------



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dickson_s at 11:04:57 on 2011-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.5542 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\dickson_s\AppData\Local\Temp\install_reader10_en_air_gtbd_aih.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DiskCheckup\DiskCheckup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TCP: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{DC36AAF4-D3C2-41D6-ABD3-D43AFD2D7A29} : DhcpNameServer = 192.168.1.2
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-23 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111201.001\IDSviA64.sys [2011-12-1 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 VDiskBus;ASUS Disk Unlocker;C:\Windows\system32\DRIVERS\VDiskBus64.sys --> C:\Windows\system32\DRIVERS\VDiskBus64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 ASDiskUnlocker;ASDiskUnlocker;C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-2 258688]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-12-1 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-12-1 130008]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ASFLTDrv.sys;ASFLTDrv.sys;C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-9-16 16512]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-1 138360]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-1 136176]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-1 136176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-02 14:54:23 -------- d-----w- C:\Users\dickson_s\AppData\Local\Solid State Networks
2011-12-02 14:36:58 98816 ----a-w- C:\Windows\sed.exe
2011-12-02 14:36:58 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-02 14:36:58 256000 ----a-w- C:\Windows\PEV.exe
2011-12-02 14:36:58 208896 ----a-w- C:\Windows\MBR.exe
2011-12-02 13:52:54 -------- d-----w- C:\Program Files (x86)\DiskCheckup
2011-12-02 06:22:05 -------- d-----w- C:\Users\dickson_s\AppData\Roaming\Malwarebytes
2011-12-02 06:22:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-02 06:21:58 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-02 06:21:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-02 05:27:06 -------- d-----w- C:\Windows\Panther
2011-12-02 01:54:43 314568 ----a-r- C:\Windows\System32\PROUnstl.exe
2011-12-02 01:54:02 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2011-12-02 01:54:02 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2011-12-02 01:54:02 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2011-12-02 01:54:01 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2011-12-02 01:50:01 -------- d-sh--w- C:\Windows\Installer
2011-12-02 01:47:10 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-12-02 01:46:55 -------- d-----w- C:\Intel
2011-12-02 01:36:59 -------- d-----w- C:\Recovery
2011-12-01 19:38:24 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-01 19:38:07 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-01 19:38:07 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-01 19:37:56 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0401000.00F
2011-12-01 19:37:56 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2011-12-01 19:37:55 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2011-12-01 17:14:29 -------- d-----w- C:\Users\dickson_s\AppData\Local\NPE
2011-12-01 16:39:07 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-12-01 16:22:53 -------- d-----w- C:\Users\dickson_s\AppData\Local\ATI
2011-12-01 16:22:49 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-01 16:22:44 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-12-01 16:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-12-01 16:20:48 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-12-01 16:20:39 -------- d-----w- C:\Program Files\ATI
2011-12-01 16:20:25 -------- d-----w- C:\Program Files\ATI Technologies
2011-12-01 16:19:47 -------- d-----w- C:\ATI
2011-12-01 16:13:13 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-12-01 15:32:32 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys
2011-12-01 15:32:32 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys
2011-12-01 15:32:32 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys
2011-12-01 15:32:32 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys
2011-12-01 15:32:32 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-12-01 15:32:32 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys
2011-12-01 15:32:14 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D
2011-12-01 15:25:20 5188432 ----a-w- C:\Windows\PE_Rom.dll
2011-12-01 15:17:54 -------- d-----w- C:\Users\dickson_s\AppData\Local\Adobe
2011-12-01 15:17:39 -------- d-----w- C:\Users\dickson_s\AppData\Local\Google
2011-12-01 15:13:09 -------- d-----w- C:\Users\dickson_s\AppData\Local\Logitech® Webcam Software
2011-12-01 15:11:17 -------- d-----w- C:\Users\dickson_s\AppData\Local\BMExplorer
2011-12-01 15:11:16 -------- d-----w- C:\ProgramData\Atheros
2011-12-01 15:09:40 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2011-12-01 15:04:00 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-01 14:55:15 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-01 14:55:15 -------- d-----w- C:\Windows\System32\Wat
2011-12-01 14:50:53 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-12-01 14:42:59 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-01 14:40:18 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-12-01 14:35:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-01 14:35:22 -------- d-----w- C:\Program Files\Symantec
2011-12-01 14:35:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-12-01 14:35:04 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-12-01 14:35:03 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-12-01 14:35:00 -------- d-----w- C:\ProgramData\Norton
2011-12-01 14:33:46 -------- d-----w- C:\ProgramData\NortonInstaller
2011-12-01 14:33:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-12-01 14:27:59 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-12-01 14:24:52 14464 ----a-w- C:\Windows\System32\drivers\AiChargerPlus.sys
2011-12-01 14:24:08 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2011-12-01 14:23:47 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-12-01 14:23:46 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-12-01 14:23:46 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-12-01 14:23:46 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-12-01 14:22:40 -------- d-----w- C:\ProgramData\ASUS
2011-12-01 14:22:22 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-12-01 14:22:22 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-12-01 14:22:22 -------- d-----w- C:\Program Files (x86)\ASUS
2011-12-01 14:22:05 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-12-01 14:20:45 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2011-12-01 14:20:30 -------- d-----w- C:\Program Files (x86)\Bluetooth Suite
2011-12-01 14:18:34 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2011-12-01 14:17:18 -------- d-----w- C:\Program Files (x86)\Marvell
2011-12-01 14:16:51 315904 ----a-w- C:\Windows\SysWow64\Difx4cf7.rra
2011-12-01 14:16:13 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2011-12-01 14:15:58 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2011-12-01 13:56:59 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-12-01 13:55:43 133800 ----a-w- C:\Windows\System32\IPROSetMonitor.exe
.
==================== Find3M ====================
.
2011-12-01 13:57:12 16896 ----a-w- C:\Windows\AsTaskSched.dll
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-26 02:19:56 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-26 02:19:50 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:05:17.25 ===============

BC AdBot (Login to Remove)

 


#2 erpbridge

erpbridge
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 03 December 2011 - 04:28 PM

Cancel. Got Puppylinux Slacko running, found the extra partition and removed it, virus scan and MBAM come up clean now.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 05 December 2011 - 04:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users